TechSpot

Infected svchost.exe

Solved
By Ryan O'Brien
Jul 20, 2012
  1. Broni

    Broni Malware Annihilator Posts: 47,647   +267

    Will CTRL+ALT+DEL bring Task Manager?
     
  2. Ryan O'Brien

    Ryan O'Brien TS Rookie Topic Starter Posts: 65

    Nope, no response
     
  3. Broni

    Broni Malware Annihilator Posts: 47,647   +267

    Restart in safe mode.
    Combofix created restore point at around 15:12 (3:12PM) today.
    Use it.

    When the process is complete start in normal mode and let me know how things are.
     
  4. Ryan O'Brien

    Ryan O'Brien TS Rookie Topic Starter Posts: 65

    Is it suppose to be in the system restore thingy?
     
  5. Broni

    Broni Malware Annihilator Posts: 47,647   +267

  6. Ryan O'Brien

    Ryan O'Brien TS Rookie Topic Starter Posts: 65

    I only have one from 7/19, which is 2 days ago? Sorry if I'm taking too long, I'm kinda noob with this.
     
  7. Broni

    Broni Malware Annihilator Posts: 47,647   +267

    Go ahead and use it.
    We'll have to re-run some scans though.
     
  8. Ryan O'Brien

    Ryan O'Brien TS Rookie Topic Starter Posts: 65

    Running it right now.
     
  9. Ryan O'Brien

    Ryan O'Brien TS Rookie Topic Starter Posts: 65

    ok the black screen is fixed, now what scans do we need to run again?
     
  10. Broni

    Broni Malware Annihilator Posts: 47,647   +267

    Cool :)

    Update and re-run MBAM first.
     
  11. Ryan O'Brien

    Ryan O'Brien TS Rookie Topic Starter Posts: 65

    Ran this in normal mode btw

    MBAM log:


    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.21.12

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Nub :: RYAN-PC [administrator]

    Protection: Enabled

    7/21/2012 6:47:06 PM
    mbam-log-2012-07-21 (18-57-29).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 235308
    Time elapsed: 10 minute(s), 2 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

    (end)
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,647   +267

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  13. Ryan O'Brien

    Ryan O'Brien TS Rookie Topic Starter Posts: 65

    Part 1

    19:07:14.0254 4092 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
    19:07:14.0814 4092 ============================================================
    19:07:14.0814 4092 Current date / time: 2012/07/21 19:07:14.0814
    19:07:14.0814 4092 SystemInfo:
    19:07:14.0814 4092
    19:07:14.0814 4092 OS Version: 6.1.7601 ServicePack: 1.0
    19:07:14.0814 4092 Product type: Workstation
    19:07:14.0814 4092 ComputerName: RYAN-PC
    19:07:14.0814 4092 UserName: Nub
    19:07:14.0814 4092 Windows directory: C:\Windows
    19:07:14.0814 4092 System windows directory: C:\Windows
    19:07:14.0814 4092 Running under WOW64
    19:07:14.0814 4092 Processor architecture: Intel x64
    19:07:14.0814 4092 Number of processors: 4
    19:07:14.0814 4092 Page size: 0x1000
    19:07:14.0814 4092 Boot type: Normal boot
    19:07:14.0814 4092 ============================================================
    19:07:15.0841 4092 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    19:07:15.0854 4092 ============================================================
    19:07:15.0854 4092 \Device\Harddisk0\DR0:
    19:07:15.0854 4092 MBR partitions:
    19:07:15.0854 4092 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C5E800, BlocksNum 0x2E935000
    19:07:15.0854 4092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30593800, BlocksNum 0x44172800
    19:07:15.0854 4092 ============================================================
    19:07:15.0872 4092 C: <-> \Device\Harddisk0\DR0\Partition0
    19:07:15.0908 4092 D: <-> \Device\Harddisk0\DR0\Partition1
    19:07:15.0908 4092 ============================================================
    19:07:15.0908 4092 Initialize success
    19:07:15.0908 4092 ============================================================
    19:07:22.0459 4980 ============================================================
    19:07:22.0459 4980 Scan started
    19:07:22.0459 4980 Mode: Manual;
    19:07:22.0459 4980 ============================================================
    19:07:24.0688 4980 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    19:07:24.0701 4980 1394ohci - ok
    19:07:24.0742 4980 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    19:07:24.0761 4980 ACPI - ok
    19:07:24.0802 4980 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    19:07:24.0809 4980 AcpiPmi - ok
    19:07:24.0913 4980 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    19:07:24.0929 4980 AdobeFlashPlayerUpdateSvc - ok
    19:07:24.0991 4980 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    19:07:25.0010 4980 adp94xx - ok
    19:07:25.0051 4980 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    19:07:25.0073 4980 adpahci - ok
    19:07:25.0091 4980 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    19:07:25.0105 4980 adpu320 - ok
    19:07:25.0138 4980 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    19:07:25.0146 4980 AeLookupSvc - ok
    19:07:25.0212 4980 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    19:07:25.0233 4980 AFD - ok
    19:07:25.0261 4980 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    19:07:25.0272 4980 agp440 - ok
    19:07:25.0286 4980 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    19:07:25.0299 4980 ALG - ok
    19:07:25.0307 4980 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    19:07:25.0315 4980 aliide - ok
    19:07:25.0353 4980 AMD External Events Utility (9c616ba191b80f5cd1a1b9553e107100) C:\Windows\system32\atiesrxx.exe
    19:07:25.0365 4980 AMD External Events Utility - ok
    19:07:25.0435 4980 AMD FUEL Service - ok
    19:07:25.0472 4980 amdhub30 (30bfeee0dffd5bd79d29157cf080deed) C:\Windows\system32\drivers\amdhub30.sys
    19:07:25.0482 4980 amdhub30 - ok
    19:07:25.0494 4980 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    19:07:25.0503 4980 amdide - ok
    19:07:25.0513 4980 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
    19:07:25.0522 4980 amdiox64 - ok
    19:07:25.0555 4980 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    19:07:25.0565 4980 AmdK8 - ok
    19:07:25.0943 4980 amdkmdag (5165e83751b8ff40e5e4925996fcc506) C:\Windows\system32\DRIVERS\atikmdag.sys
    19:07:26.0218 4980 amdkmdag - ok
    19:07:26.0346 4980 amdkmdap (86ab3cf484260c4318f3a6e8b035f422) C:\Windows\system32\DRIVERS\atikmpag.sys
    19:07:26.0366 4980 amdkmdap - ok
    19:07:26.0406 4980 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    19:07:26.0414 4980 AmdPPM - ok
    19:07:26.0443 4980 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    19:07:26.0453 4980 amdsata - ok
    19:07:26.0489 4980 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    19:07:26.0500 4980 amdsbs - ok
    19:07:26.0509 4980 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    19:07:26.0517 4980 amdxata - ok
    19:07:26.0555 4980 amdxhc (321533578132c811ec834a1b741c994c) C:\Windows\system32\drivers\amdxhc.sys
    19:07:26.0567 4980 amdxhc - ok
    19:07:26.0665 4980 AMD_RAIDXpert (0d0c13dd91f0c49814f314b78e21c6b9) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    19:07:26.0679 4980 AMD_RAIDXpert - ok
    19:07:26.0818 4980 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    19:07:26.0829 4980 Amsp - ok
    19:07:26.0896 4980 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    19:07:26.0904 4980 AODDriver4.1 - ok
    19:07:26.0937 4980 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    19:07:26.0948 4980 AppID - ok
    19:07:26.0970 4980 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    19:07:26.0977 4980 AppIDSvc - ok
    19:07:27.0007 4980 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    19:07:27.0014 4980 Appinfo - ok
    19:07:27.0045 4980 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    19:07:27.0055 4980 arc - ok
    19:07:27.0061 4980 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    19:07:27.0072 4980 arcsas - ok
    19:07:27.0158 4980 asComSvc (6e3f4538b33bc19259e99be1826286a3) C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
    19:07:27.0213 4980 asComSvc - ok
    19:07:27.0304 4980 asHmComSvc (a63173897ea1a73a75d0e65036de5b15) C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
    19:07:27.0326 4980 asHmComSvc - ok
    19:07:27.0401 4980 ASInsHelp (edaa17ce771c696655b6585f7cad2100) C:\Windows\SysWow64\drivers\AsInsHelp64.sys
    19:07:27.0409 4980 ASInsHelp - ok
    19:07:27.0421 4980 AsIO (fef9dd9ea587f8886ade43c1befbdafe) C:\Windows\syswow64\drivers\AsIO.sys
    19:07:27.0429 4980 AsIO - ok
    19:07:27.0541 4980 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    19:07:27.0558 4980 aspnet_state - ok
    19:07:27.0628 4980 AsSysCtrlService (5c31dfb196cb3a488a041881634d86d2) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
    19:07:27.0641 4980 AsSysCtrlService - ok
    19:07:27.0647 4980 AsUpIO (1392b92179b07b672720763d9b1028a5) C:\Windows\syswow64\drivers\AsUpIO.sys
    19:07:27.0656 4980 AsUpIO - ok
    19:07:27.0765 4980 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    19:07:27.0776 4980 AsyncMac - ok
    19:07:27.0785 4980 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    19:07:27.0786 4980 atapi - ok
    19:07:27.0838 4980 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
    19:07:27.0848 4980 AtiHDAudioService - ok
    19:07:27.0909 4980 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    19:07:27.0921 4980 AudioEndpointBuilder - ok
    19:07:27.0927 4980 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    19:07:27.0931 4980 AudioSrv - ok
    19:07:27.0980 4980 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    19:07:27.0990 4980 AxInstSV - ok
    19:07:28.0048 4980 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    19:07:28.0067 4980 b06bdrv - ok
    19:07:28.0088 4980 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    19:07:28.0104 4980 b57nd60a - ok
    19:07:28.0181 4980 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    19:07:28.0201 4980 BBSvc - ok
    19:07:28.0220 4980 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    19:07:28.0229 4980 BDESVC - ok
    19:07:28.0268 4980 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    19:07:28.0276 4980 Beep - ok
    19:07:28.0340 4980 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    19:07:28.0352 4980 BFE - ok
    19:07:28.0403 4980 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    19:07:28.0416 4980 BITS - ok
    19:07:28.0453 4980 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
    19:07:28.0464 4980 blbdrive - ok
    19:07:28.0476 4980 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    19:07:28.0488 4980 bowser - ok
    19:07:28.0502 4980 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    19:07:28.0511 4980 BrFiltLo - ok
    19:07:28.0520 4980 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    19:07:28.0529 4980 BrFiltUp - ok
    19:07:28.0547 4980 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    19:07:28.0556 4980 Browser - ok
    19:07:28.0677 4980 Browser Defender Update Service (ce37210c345f6c8b019625a1fbc8a011) C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
    19:07:28.0707 4980 Browser Defender Update Service - ok
    19:07:28.0733 4980 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    19:07:28.0751 4980 Brserid - ok
    19:07:28.0781 4980 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    19:07:28.0793 4980 BrSerWdm - ok
    19:07:28.0802 4980 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    19:07:28.0810 4980 BrUsbMdm - ok
    19:07:28.0817 4980 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    19:07:28.0826 4980 BrUsbSer - ok
    19:07:28.0839 4980 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    19:07:28.0851 4980 BTHMODEM - ok
    19:07:28.0858 4980 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    19:07:28.0868 4980 bthserv - ok
    19:07:28.0893 4980 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    19:07:28.0905 4980 cdfs - ok
    19:07:28.0948 4980 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    19:07:28.0959 4980 cdrom - ok
    19:07:29.0000 4980 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    19:07:29.0008 4980 CertPropSvc - ok
    19:07:29.0018 4980 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    19:07:29.0027 4980 circlass - ok
    19:07:29.0057 4980 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    19:07:29.0079 4980 CLFS - ok
    19:07:29.0155 4980 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:07:29.0168 4980 clr_optimization_v2.0.50727_32 - ok
    19:07:29.0215 4980 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    19:07:29.0228 4980 clr_optimization_v2.0.50727_64 - ok
    19:07:29.0285 4980 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:07:29.0302 4980 clr_optimization_v4.0.30319_32 - ok
    19:07:29.0322 4980 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    19:07:29.0361 4980 clr_optimization_v4.0.30319_64 - ok
    19:07:29.0399 4980 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
    19:07:29.0407 4980 CmBatt - ok
    19:07:29.0420 4980 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    19:07:29.0428 4980 cmdide - ok
    19:07:29.0475 4980 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
    19:07:29.0494 4980 CNG - ok
    19:07:29.0502 4980 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
    19:07:29.0510 4980 Compbatt - ok
    19:07:29.0554 4980 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    19:07:29.0563 4980 CompositeBus - ok
    19:07:29.0579 4980 COMSysApp - ok
    19:07:29.0584 4980 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    19:07:29.0592 4980 crcdisk - ok
    19:07:29.0715 4980 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    19:07:29.0784 4980 CryptSvc - ok
    19:07:29.0921 4980 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    19:07:29.0943 4980 cvhsvc - ok
    19:07:29.0985 4980 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
    19:07:29.0995 4980 dc3d - ok
    19:07:30.0026 4980 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    19:07:30.0030 4980 DcomLaunch - ok
    19:07:30.0064 4980 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    19:07:30.0078 4980 defragsvc - ok
    19:07:30.0151 4980 Device Handle Service (0a403702cb00432ac818523cd416bf67) C:\Windows\SysWOW64\AsHookDevice.exe
    19:07:30.0170 4980 Device Handle Service - ok
    19:07:30.0201 4980 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    19:07:30.0214 4980 DfsC - ok
    19:07:30.0253 4980 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    19:07:30.0265 4980 Dhcp - ok
    19:07:30.0276 4980 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    19:07:30.0287 4980 discache - ok
    19:07:30.0318 4980 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    19:07:30.0329 4980 Disk - ok
    19:07:30.0343 4980 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    19:07:30.0352 4980 Dnscache - ok
    19:07:30.0372 4980 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    19:07:30.0384 4980 dot3svc - ok
    19:07:30.0401 4980 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    19:07:30.0409 4980 DPS - ok
    19:07:30.0436 4980 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    19:07:30.0444 4980 drmkaud - ok
    19:07:30.0531 4980 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
    19:07:30.0539 4980 DrvAgent64 - ok
    19:07:30.0588 4980 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    19:07:30.0619 4980 DXGKrnl - ok
    19:07:30.0637 4980 EagleX64 - ok
    19:07:30.0656 4980 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    19:07:30.0664 4980 EapHost - ok
    19:07:30.0827 4980 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    19:07:30.0988 4980 ebdrv - ok
    19:07:31.0048 4980 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    19:07:31.0057 4980 EFS - ok
    19:07:31.0136 4980 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    19:07:31.0167 4980 ehRecvr - ok
    19:07:31.0203 4980 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    19:07:31.0216 4980 ehSched - ok
    19:07:31.0287 4980 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    19:07:31.0313 4980 elxstor - ok
    19:07:31.0325 4980 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    19:07:31.0333 4980 ErrDev - ok
    19:07:31.0373 4980 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    19:07:31.0376 4980 EventSystem - ok
    19:07:31.0434 4980 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    19:07:31.0449 4980 exfat - ok
    19:07:31.0465 4980 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    19:07:31.0480 4980 fastfat - ok
    19:07:31.0546 4980 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    19:07:31.0550 4980 Fax - ok
    19:07:31.0569 4980 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    19:07:31.0579 4980 fdc - ok
    19:07:31.0587 4980 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    19:07:31.0594 4980 fdPHost - ok
    19:07:31.0608 4980 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    19:07:31.0616 4980 FDResPub - ok
    19:07:31.0627 4980 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    19:07:31.0638 4980 FileInfo - ok
    19:07:31.0643 4980 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    19:07:31.0653 4980 Filetrace - ok
    19:07:31.0657 4980 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    19:07:31.0667 4980 flpydisk - ok
    19:07:31.0687 4980 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    19:07:31.0702 4980 FltMgr - ok
    19:07:31.0765 4980 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    19:07:31.0780 4980 FontCache - ok
    19:07:31.0900 4980 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    19:07:31.0910 4980 FontCache3.0.0.0 - ok
    19:07:32.0036 4980 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    19:07:32.0050 4980 FsDepends - ok
    19:07:32.0070 4980 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
    19:07:32.0080 4980 fssfltr - ok
    19:07:32.0404 4980 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    19:07:32.0482 4980 fsssvc - ok
    19:07:32.0602 4980 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    19:07:32.0610 4980 Fs_Rec - ok
    19:07:32.0660 4980 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    19:07:32.0678 4980 fvevol - ok
    19:07:32.0687 4980 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    19:07:32.0698 4980 gagp30kx - ok
    19:07:32.0747 4980 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    19:07:32.0807 4980 gpsvc - ok
    19:07:32.0925 4980 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:07:32.0926 4980 gupdate - ok
    19:07:32.0929 4980 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:07:32.0930 4980 gupdatem - ok
    19:07:32.0973 4980 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
    19:07:32.0983 4980 hamachi - ok
    19:07:32.0992 4980 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    19:07:33.0000 4980 hcw85cir - ok
    19:07:33.0049 4980 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    19:07:33.0074 4980 HdAudAddService - ok
    19:07:33.0103 4980 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    19:07:33.0113 4980 HDAudBus - ok
    19:07:33.0123 4980 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    19:07:33.0133 4980 HidBatt - ok
    19:07:33.0147 4980 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    19:07:33.0160 4980 HidBth - ok
    19:07:33.0164 4980 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    19:07:33.0176 4980 HidIr - ok
    19:07:33.0186 4980 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    19:07:33.0194 4980 hidserv - ok
    19:07:33.0227 4980 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    19:07:33.0236 4980 HidUsb - ok
    19:07:33.0252 4980 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    19:07:33.0260 4980 hkmsvc - ok
    19:07:33.0284 4980 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    19:07:33.0296 4980 HomeGroupListener - ok
    19:07:33.0324 4980 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    19:07:33.0326 4980 HomeGroupProvider - ok
    19:07:33.0332 4980 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    19:07:33.0341 4980 HpSAMD - ok
    19:07:33.0397 4980 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    19:07:33.0429 4980 HTTP - ok
    19:07:33.0442 4980 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    19:07:33.0450 4980 hwpolicy - ok
    19:07:33.0469 4980 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    19:07:33.0483 4980 i8042prt - ok
    19:07:33.0520 4980 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    19:07:33.0537 4980 iaStorV - ok
    19:07:33.0664 4980 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    19:07:33.0693 4980 idsvc - ok
    19:07:33.0703 4980 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    19:07:33.0712 4980 iirsp - ok
    19:07:33.0781 4980 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    19:07:33.0793 4980 IKEEXT - ok
    19:07:33.0830 4980 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    19:07:33.0838 4980 intelide - ok
    19:07:33.0866 4980 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
    19:07:33.0875 4980 intelppm - ok
    19:07:33.0893 4980 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    19:07:33.0903 4980 IPBusEnum - ok
    19:07:33.0915 4980 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:07:33.0928 4980 IpFilterDriver - ok
    19:07:33.0965 4980 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    19:07:33.0976 4980 iphlpsvc - ok
    19:07:33.0993 4980 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    19:07:34.0007 4980 IPMIDRV - ok
    19:07:34.0013 4980 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    19:07:34.0026 4980 IPNAT - ok
    19:07:34.0060 4980 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    19:07:34.0069 4980 IRENUM - ok
    19:07:34.0081 4980 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    19:07:34.0091 4980 isapnp - ok
    19:07:34.0114 4980 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    19:07:34.0128 4980 iScsiPrt - ok
    19:07:34.0162 4980 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    19:07:34.0173 4980 kbdclass - ok
    19:07:34.0196 4980 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    19:07:34.0207 4980 kbdhid - ok
    19:07:34.0220 4980 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    19:07:34.0222 4980 KeyIso - ok
    19:07:34.0258 4980 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
    19:07:34.0268 4980 KSecDD - ok
    19:07:34.0281 4980 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
    19:07:34.0293 4980 KSecPkg - ok
    19:07:34.0305 4980 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    19:07:34.0314 4980 ksthunk - ok
    19:07:34.0349 4980 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    19:07:34.0363 4980 KtmRm - ok
    19:07:34.0392 4980 L1C (173666119d217e3739205c169e2bf0e5) C:\Windows\system32\DRIVERS\L1C62x64.sys
    19:07:34.0402 4980 L1C - ok
    19:07:34.0422 4980 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    19:07:34.0431 4980 LanmanServer - ok
    19:07:34.0454 4980 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    19:07:34.0463 4980 LanmanWorkstation - ok
    19:07:34.0496 4980 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    19:07:34.0508 4980 lltdio - ok
    19:07:34.0531 4980 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    19:07:34.0552 4980 lltdsvc - ok
    19:07:34.0562 4980 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    19:07:34.0570 4980 lmhosts - ok
    19:07:34.0608 4980 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    19:07:34.0620 4980 LSI_FC - ok
    19:07:34.0638 4980 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    19:07:34.0648 4980 LSI_SAS - ok
    19:07:34.0663 4980 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    19:07:34.0673 4980 LSI_SAS2 - ok
    19:07:34.0687 4980 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    19:07:34.0697 4980 LSI_SCSI - ok
    19:07:34.0728 4980 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    19:07:34.0741 4980 luafv - ok
    19:07:34.0775 4980 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
    19:07:34.0783 4980 MBAMProtector - ok
    19:07:34.0949 4980 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    19:07:35.0013 4980 MBAMService - ok
    19:07:35.0085 4980 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
    19:07:35.0124 4980 McComponentHostService - ok
    19:07:35.0147 4980 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    19:07:35.0157 4980 Mcx2Svc - ok
    19:07:35.0165 4980 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    19:07:35.0174 4980 megasas - ok
    19:07:35.0198 4980 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    19:07:35.0213 4980 MegaSR - ok
    19:07:35.0248 4980 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    19:07:35.0250 4980 MMCSS - ok
    19:07:35.0259 4980 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    19:07:35.0271 4980 Modem - ok
    19:07:35.0301 4980 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    19:07:35.0309 4980 monitor - ok
    19:07:35.0337 4980 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    19:07:35.0348 4980 mouclass - ok
    19:07:35.0370 4980 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    19:07:35.0381 4980 mouhid - ok
    19:07:35.0391 4980 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    19:07:35.0401 4980 mountmgr - ok
    19:07:35.0481 4980 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    19:07:35.0498 4980 MozillaMaintenance - ok
    19:07:35.0513 4980 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    19:07:35.0529 4980 mpio - ok
    19:07:35.0546 4980 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    19:07:35.0558 4980 mpsdrv - ok
    19:07:35.0613 4980 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    19:07:35.0626 4980 MpsSvc - ok
    19:07:35.0683 4980 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    19:07:35.0697 4980 MRxDAV - ok
    19:07:35.0717 4980 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:07:35.0731 4980 mrxsmb - ok
    19:07:35.0776 4980 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:07:35.0792 4980 mrxsmb10 - ok
    19:07:35.0803 4980 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:07:35.0816 4980 mrxsmb20 - ok
    19:07:35.0828 4980 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    19:07:35.0836 4980 msahci - ok
    19:07:35.0854 4980 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    19:07:35.0864 4980 msdsm - ok
    19:07:35.0882 4980 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    19:07:35.0895 4980 MSDTC - ok
    19:07:35.0930 4980 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    19:07:35.0940 4980 Msfs - ok
    19:07:35.0951 4980 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    19:07:35.0960 4980 mshidkmdf - ok
    19:07:35.0968 4980 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    19:07:35.0975 4980 msisadrv - ok
    19:07:36.0018 4980 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
     
  14. Ryan O'Brien

    Ryan O'Brien TS Rookie Topic Starter Posts: 65

    19:07:36.0028 4980 MSiSCSI - ok
    19:07:36.0031 4980 msiserver - ok
    19:07:36.0063 4980 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    19:07:36.0071 4980 MSKSSRV - ok
    19:07:36.0094 4980 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    19:07:36.0102 4980 MSPCLOCK - ok
    19:07:36.0112 4980 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    19:07:36.0120 4980 MSPQM - ok
    19:07:36.0147 4980 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    19:07:36.0168 4980 MsRPC - ok
    19:07:36.0183 4980 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    19:07:36.0192 4980 mssmbios - ok
    19:07:36.0205 4980 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    19:07:36.0213 4980 MSTEE - ok
    19:07:36.0221 4980 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    19:07:36.0229 4980 MTConfig - ok
    19:07:36.0233 4980 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    19:07:36.0242 4980 Mup - ok
    19:07:36.0284 4980 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    19:07:36.0298 4980 napagent - ok
    19:07:36.0337 4980 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    19:07:36.0363 4980 NativeWifiP - ok
    19:07:36.0690 4980 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    19:07:36.0709 4980 NDIS - ok
    19:07:36.0742 4980 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    19:07:36.0754 4980 NdisCap - ok
    19:07:36.0786 4980 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    19:07:36.0797 4980 NdisTapi - ok
    19:07:36.0829 4980 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    19:07:36.0841 4980 Ndisuio - ok
    19:07:36.0862 4980 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    19:07:36.0876 4980 NdisWan - ok
    19:07:36.0911 4980 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    19:07:36.0921 4980 NDProxy - ok
    19:07:36.0984 4980 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
    19:07:36.0993 4980 Net Driver HPZ12 - ok
    19:07:37.0015 4980 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    19:07:37.0026 4980 NetBIOS - ok
    19:07:37.0047 4980 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    19:07:37.0062 4980 NetBT - ok
    19:07:37.0078 4980 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    19:07:37.0080 4980 Netlogon - ok
    19:07:37.0135 4980 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    19:07:37.0145 4980 Netman - ok
    19:07:37.0233 4980 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:07:37.0246 4980 NetMsmqActivator - ok
    19:07:37.0249 4980 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:07:37.0251 4980 NetPipeActivator - ok
    19:07:37.0279 4980 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    19:07:37.0283 4980 netprofm - ok
    19:07:37.0286 4980 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:07:37.0288 4980 NetTcpActivator - ok
    19:07:37.0291 4980 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:07:37.0292 4980 NetTcpPortSharing - ok
    19:07:37.0315 4980 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    19:07:37.0324 4980 nfrd960 - ok
    19:07:37.0359 4980 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    19:07:37.0369 4980 NlaSvc - ok
    19:07:37.0378 4980 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    19:07:37.0390 4980 Npfs - ok
    19:07:37.0393 4980 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    19:07:37.0400 4980 nsi - ok
    19:07:37.0411 4980 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    19:07:37.0422 4980 nsiproxy - ok
    19:07:37.0500 4980 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    19:07:37.0543 4980 Ntfs - ok
    19:07:37.0605 4980 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    19:07:37.0613 4980 Null - ok
    19:07:37.0634 4980 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    19:07:37.0649 4980 nvraid - ok
    19:07:37.0667 4980 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    19:07:37.0679 4980 nvstor - ok
    19:07:37.0694 4980 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    19:07:37.0707 4980 nv_agp - ok
    19:07:37.0720 4980 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    19:07:37.0733 4980 ohci1394 - ok
    19:07:37.0816 4980 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    19:07:37.0834 4980 ose - ok
    19:07:38.0220 4980 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    19:07:38.0374 4980 osppsvc - ok
    19:07:38.0451 4980 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    19:07:38.0461 4980 p2pimsvc - ok
    19:07:38.0490 4980 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    19:07:38.0508 4980 p2psvc - ok
    19:07:38.0539 4980 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
    19:07:38.0552 4980 Parport - ok
    19:07:38.0578 4980 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    19:07:38.0589 4980 partmgr - ok
    19:07:38.0608 4980 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    19:07:38.0617 4980 PcaSvc - ok
    19:07:38.0637 4980 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    19:07:38.0638 4980 pci - ok
    19:07:38.0648 4980 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    19:07:38.0656 4980 pciide - ok
    19:07:38.0680 4980 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    19:07:38.0695 4980 pcmcia - ok
    19:07:38.0710 4980 PCTBD (bb0d5cc3474367a918f463366742afe9) C:\Windows\system32\Drivers\PCTBD64.sys
    19:07:38.0721 4980 PCTBD - ok
    19:07:38.0783 4980 PCTCore (876fd95b7a3b7fe6179fbd16e7a6486c) C:\Windows\system32\drivers\PCTCore64.sys
    19:07:38.0805 4980 PCTCore - ok
    19:07:38.0855 4980 pctDS (ba1f42a42f405f62ceff6b69a2797f7c) C:\Windows\system32\drivers\pctDS64.sys
    19:07:38.0874 4980 pctDS - ok
    19:07:38.0939 4980 pctEFA (146cc91c93ced13e7fe40e8d8615be39) C:\Windows\system32\drivers\pctEFA64.sys
    19:07:38.0969 4980 pctEFA - ok
    19:07:39.0008 4980 PCTSD (577f20ebf1e42bebb238e2412b99c7ee) C:\Windows\system32\Drivers\PCTSD64.sys
    19:07:39.0024 4980 PCTSD - ok
    19:07:39.0040 4980 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    19:07:39.0051 4980 pcw - ok
    19:07:39.0090 4980 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    19:07:39.0114 4980 PEAUTH - ok
    19:07:39.0173 4980 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    19:07:39.0188 4980 PerfHost - ok
    19:07:39.0310 4980 PinnacleUpdateSvc (0015113a604b94769ab5159e8dcfc6e6) C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe
    19:07:39.0357 4980 PinnacleUpdateSvc - ok
    19:07:39.0476 4980 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    19:07:39.0509 4980 pla - ok
    19:07:39.0570 4980 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    19:07:39.0588 4980 PlugPlay - ok
    19:07:39.0668 4980 PMBDeviceInfoProvider (ae6c778717de2f6b0c0b5335036d3363) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    19:07:39.0720 4980 PMBDeviceInfoProvider - ok
    19:07:39.0771 4980 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
    19:07:39.0780 4980 Pml Driver HPZ12 - ok
    19:07:39.0801 4980 PnkBstrA - ok
    19:07:39.0806 4980 PnkBstrB - ok
    19:07:39.0828 4980 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    19:07:39.0836 4980 PNRPAutoReg - ok
    19:07:39.0851 4980 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    19:07:39.0854 4980 PNRPsvc - ok
    19:07:40.0008 4980 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
    19:07:40.0038 4980 Point64 - ok
    19:07:40.0079 4980 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    19:07:40.0094 4980 PolicyAgent - ok
    19:07:40.0127 4980 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    19:07:40.0136 4980 Power - ok
    19:07:40.0172 4980 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    19:07:40.0185 4980 PptpMiniport - ok
    19:07:40.0208 4980 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    19:07:40.0218 4980 Processor - ok
    19:07:40.0260 4980 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    19:07:40.0269 4980 ProfSvc - ok
    19:07:40.0286 4980 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    19:07:40.0288 4980 ProtectedStorage - ok
    19:07:40.0323 4980 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    19:07:40.0339 4980 Psched - ok
    19:07:40.0451 4980 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    19:07:40.0489 4980 ql2300 - ok
    19:07:40.0584 4980 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    19:07:40.0593 4980 ql40xx - ok
    19:07:40.0624 4980 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    19:07:40.0636 4980 QWAVE - ok
    19:07:40.0647 4980 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    19:07:40.0659 4980 QWAVEdrv - ok
    19:07:40.0673 4980 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    19:07:40.0682 4980 RasAcd - ok
    19:07:40.0717 4980 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    19:07:40.0729 4980 RasAgileVpn - ok
    19:07:40.0735 4980 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    19:07:40.0746 4980 RasAuto - ok
    19:07:40.0762 4980 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:07:40.0775 4980 Rasl2tp - ok
    19:07:40.0803 4980 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    19:07:40.0824 4980 RasMan - ok
    19:07:40.0851 4980 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    19:07:40.0864 4980 RasPppoe - ok
    19:07:40.0893 4980 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    19:07:40.0905 4980 RasSstp - ok
    19:07:40.0925 4980 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    19:07:40.0950 4980 rdbss - ok
    19:07:40.0968 4980 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
    19:07:40.0978 4980 rdpbus - ok
    19:07:40.0991 4980 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:07:40.0999 4980 RDPCDD - ok
    19:07:41.0036 4980 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    19:07:41.0043 4980 RDPENCDD - ok
    19:07:41.0050 4980 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    19:07:41.0058 4980 RDPREFMP - ok
    19:07:41.0095 4980 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
     
  15. Ryan O'Brien

    Ryan O'Brien TS Rookie Topic Starter Posts: 65

    19:07:41.0110 4980 RDPWD - ok
    19:07:41.0133 4980 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    19:07:41.0150 4980 rdyboost - ok
    19:07:41.0166 4980 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    19:07:41.0176 4980 RemoteAccess - ok
    19:07:41.0193 4980 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    19:07:41.0204 4980 RemoteRegistry - ok
    19:07:41.0264 4980 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
    19:07:41.0273 4980 Revoflt - ok
    19:07:41.0303 4980 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    19:07:41.0311 4980 RpcEptMapper - ok
    19:07:41.0330 4980 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    19:07:41.0339 4980 RpcLocator - ok
    19:07:41.0368 4980 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    19:07:41.0372 4980 RpcSs - ok
    19:07:41.0378 4980 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    19:07:41.0391 4980 rspndr - ok
    19:07:41.0419 4980 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    19:07:41.0421 4980 SamSs - ok
    19:07:41.0437 4980 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    19:07:41.0447 4980 sbp2port - ok
    19:07:41.0466 4980 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    19:07:41.0478 4980 SCardSvr - ok
    19:07:41.0510 4980 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    19:07:41.0519 4980 scfilter - ok
    19:07:41.0574 4980 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    19:07:41.0616 4980 Schedule - ok
    19:07:41.0633 4980 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    19:07:41.0635 4980 SCPolicySvc - ok
    19:07:41.0752 4980 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
    19:07:41.0771 4980 sdAuxService - ok
    19:07:41.0832 4980 sdCoreService (44323c0bcbffa66a7a90e93f5d027999) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
    19:07:41.0855 4980 sdCoreService - ok
    19:07:41.0924 4980 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    19:07:41.0936 4980 SDRSVC - ok
    19:07:41.0971 4980 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    19:07:41.0990 4980 SeaPort - ok
    19:07:42.0034 4980 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    19:07:42.0043 4980 secdrv - ok
    19:07:42.0050 4980 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    19:07:42.0058 4980 seclogon - ok
    19:07:42.0072 4980 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    19:07:42.0081 4980 SENS - ok
    19:07:42.0110 4980 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    19:07:42.0118 4980 SensrSvc - ok
    19:07:42.0130 4980 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
    19:07:42.0140 4980 Serenum - ok
    19:07:42.0146 4980 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
    19:07:42.0159 4980 Serial - ok
    19:07:42.0163 4980 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    19:07:42.0174 4980 sermouse - ok
    19:07:42.0194 4980 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    19:07:42.0204 4980 SessionEnv - ok
    19:07:42.0207 4980 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    19:07:42.0215 4980 sffdisk - ok
    19:07:42.0218 4980 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    19:07:42.0226 4980 sffp_mmc - ok
    19:07:42.0229 4980 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    19:07:42.0238 4980 sffp_sd - ok
    19:07:42.0241 4980 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    19:07:42.0249 4980 sfloppy - ok
    19:07:42.0312 4980 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
    19:07:42.0339 4980 Sftfs - ok
    19:07:42.0422 4980 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    19:07:42.0460 4980 sftlist - ok
    19:07:42.0478 4980 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
    19:07:42.0490 4980 Sftplay - ok
    19:07:42.0497 4980 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
    19:07:42.0505 4980 Sftredir - ok
    19:07:42.0519 4980 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
    19:07:42.0527 4980 Sftvol - ok
    19:07:42.0548 4980 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    19:07:42.0577 4980 sftvsa - ok
    19:07:42.0614 4980 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    19:07:42.0633 4980 SharedAccess - ok
    19:07:42.0662 4980 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    19:07:42.0680 4980 ShellHWDetection - ok
    19:07:42.0700 4980 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    19:07:42.0709 4980 SiSRaid2 - ok
    19:07:42.0715 4980 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    19:07:42.0724 4980 SiSRaid4 - ok
    19:07:42.0975 4980 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    19:07:43.0270 4980 Skype C2C Service - ok
    19:07:43.0344 4980 SkypeUpdate (8c5477eb1c03ca76cd8eb66a610a9e90) C:\Program Files (x86)\Skype\Updater\Updater.exe
    19:07:43.0625 4980 SkypeUpdate - ok
    19:07:43.0711 4980 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    19:07:43.0724 4980 Smb - ok
    19:07:43.0759 4980 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    19:07:43.0768 4980 SNMPTRAP - ok
    19:07:43.0775 4980 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    19:07:43.0783 4980 spldr - ok
    19:07:43.0815 4980 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    19:07:43.0831 4980 Spooler - ok
    19:07:43.0980 4980 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    19:07:44.0118 4980 sppsvc - ok
    19:07:44.0152 4980 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    19:07:44.0161 4980 sppuinotify - ok
    19:07:44.0201 4980 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    19:07:44.0223 4980 srv - ok
    19:07:44.0249 4980 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    19:07:44.0274 4980 srv2 - ok
    19:07:44.0290 4980 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    19:07:44.0302 4980 srvnet - ok
    19:07:44.0337 4980 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    19:07:44.0349 4980 SSDPSRV - ok
    19:07:44.0361 4980 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    19:07:44.0371 4980 SstpSvc - ok
    19:07:44.0448 4980 Steam Client Service - ok
    19:07:44.0476 4980 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    19:07:44.0484 4980 stexstor - ok
    19:07:44.0539 4980 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    19:07:44.0571 4980 stisvc - ok
    19:07:44.0576 4980 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    19:07:44.0584 4980 swenum - ok
    19:07:44.0612 4980 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    19:07:44.0628 4980 swprv - ok
    19:07:44.0709 4980 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    19:07:44.0731 4980 SysMain - ok
    19:07:44.0800 4980 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    19:07:44.0810 4980 TabletInputService - ok
    19:07:44.0837 4980 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    19:07:44.0858 4980 TapiSrv - ok
    19:07:44.0872 4980 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    19:07:44.0881 4980 TBS - ok
    19:07:45.0014 4980 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    19:07:45.0131 4980 Tcpip - ok
    19:07:45.0260 4980 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    19:07:45.0270 4980 TCPIP6 - ok
    19:07:45.0327 4980 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    19:07:45.0339 4980 tcpipreg - ok
    19:07:45.0348 4980 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    19:07:45.0357 4980 TDPIPE - ok
    19:07:45.0390 4980 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    19:07:45.0401 4980 TDTCP - ok
    19:07:45.0434 4980 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    19:07:45.0446 4980 tdx - ok
    19:07:45.0457 4980 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    19:07:45.0466 4980 TermDD - ok
    19:07:45.0509 4980 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    19:07:45.0521 4980 TermService - ok
    19:07:45.0535 4980 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    19:07:45.0543 4980 Themes - ok
    19:07:45.0556 4980 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    19:07:45.0557 4980 THREADORDER - ok
    19:07:45.0606 4980 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys
    19:07:45.0616 4980 tmactmon - ok
    19:07:45.0638 4980 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys
    19:07:45.0652 4980 tmcomm - ok
    19:07:45.0671 4980 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys
    19:07:45.0680 4980 tmevtmgr - ok
    19:07:45.0715 4980 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
    19:07:45.0726 4980 tmtdi - ok
    19:07:45.0741 4980 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    19:07:45.0749 4980 TrkWks - ok
    19:07:45.0788 4980 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    19:07:45.0801 4980 TrustedInstaller - ok
    19:07:45.0809 4980 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:07:45.0822 4980 tssecsrv - ok
    19:07:45.0846 4980 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    19:07:45.0856 4980 TsUsbFlt - ok
    19:07:45.0860 4980 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
    19:07:45.0869 4980 TsUsbGD - ok
    19:07:45.0904 4980 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    19:07:45.0919 4980 tunnel - ok
    19:07:45.0924 4980 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    19:07:45.0935 4980 uagp35 - ok
    19:07:45.0958 4980 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    19:07:45.0973 4980 udfs - ok
    19:07:45.0981 4980 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    19:07:45.0992 4980 UI0Detect - ok
    19:07:45.0997 4980 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    19:07:46.0007 4980 uliagpkx - ok
    19:07:46.0023 4980 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    19:07:46.0032 4980 umbus - ok
    19:07:46.0035 4980 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    19:07:46.0043 4980 UmPass - ok
    19:07:46.0076 4980 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    19:07:46.0097 4980 upnphost - ok
    19:07:46.0146 4980 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    19:07:46.0158 4980 usbaudio - ok
    19:07:46.0177 4980 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    19:07:46.0189 4980 usbccgp - ok
    19:07:46.0208 4980 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    19:07:46.0219 4980 usbcir - ok
    19:07:46.0243 4980 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    19:07:46.0254 4980 usbehci - ok
    19:07:46.0290 4980 UsbFltr (68bad03835873d4bbbde95cbb135a395) C:\Windows\system32\Drivers\UsbFltr.sys
    19:07:46.0297 4980 UsbFltr - ok
    19:07:46.0325 4980 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    19:07:46.0344 4980 usbhub - ok
    19:07:46.0358 4980 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    19:07:46.0368 4980 usbohci - ok
    19:07:46.0381 4980 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
    19:07:46.0392 4980 usbprint - ok
    19:07:46.0404 4980 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:07:46.0417 4980 USBSTOR - ok
    19:07:46.0426 4980 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    19:07:46.0436 4980 usbuhci - ok
    19:07:46.0477 4980 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
    19:07:46.0492 4980 usbvideo - ok
    19:07:46.0502 4980 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    19:07:46.0510 4980 UxSms - ok
    19:07:46.0527 4980 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    19:07:46.0529 4980 VaultSvc - ok
    19:07:46.0559 4980 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    19:07:46.0568 4980 vdrvroot - ok
    19:07:46.0601 4980 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    19:07:46.0629 4980 vds - ok
    19:07:46.0633 4980 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    19:07:46.0644 4980 vga - ok
    19:07:46.0658 4980 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    19:07:46.0669 4980 VgaSave - ok
    19:07:46.0680 4980 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    19:07:46.0694 4980 vhdmp - ok
    19:07:46.0816 4980 VIAHdAudAddService (84ffc3cca60a1b52a021bc894d529735) C:\Windows\system32\drivers\viahduaa.sys
    19:07:46.0897 4980 VIAHdAudAddService - ok
    19:07:46.0961 4980 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    19:07:46.0970 4980 viaide - ok
    19:07:46.0977 4980 VIAKaraokeService (f4310278e6ce1c507b5555b662369e26) C:\Windows\system32\viakaraokesrv.exe
    19:07:46.0986 4980 VIAKaraokeService - ok
    19:07:46.0994 4980 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    19:07:47.0004 4980 volmgr - ok
    19:07:47.0029 4980 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    19:07:47.0052 4980 volmgrx - ok
    19:07:47.0079 4980 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
    19:07:47.0098 4980 volsnap - ok
    19:07:47.0115 4980 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    19:07:47.0126 4980 vsmraid - ok
    19:07:47.0201 4980 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    19:07:47.0240 4980 VSS - ok
    19:07:47.0299 4980 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    19:07:47.0308 4980 vwifibus - ok
    19:07:47.0335 4980 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    19:07:47.0345 4980 W32Time - ok
    19:07:47.0351 4980 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
     
  16. Ryan O'Brien

    Ryan O'Brien TS Rookie Topic Starter Posts: 65

    19:07:47.0362 4980 WacomPen - ok
    19:07:47.0402 4980 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    19:07:47.0414 4980 WANARP - ok
    19:07:47.0430 4980 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    19:07:47.0431 4980 Wanarpv6 - ok
    19:07:47.0521 4980 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    19:07:47.0553 4980 WatAdminSvc - ok
    19:07:47.0628 4980 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    19:07:47.0662 4980 wbengine - ok
    19:07:47.0724 4980 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    19:07:47.0736 4980 WbioSrvc - ok
    19:07:47.0760 4980 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    19:07:47.0780 4980 wcncsvc - ok
    19:07:47.0795 4980 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    19:07:47.0804 4980 WcsPlugInService - ok
    19:07:47.0839 4980 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    19:07:47.0847 4980 Wd - ok
    19:07:47.0884 4980 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    19:07:47.0907 4980 Wdf01000 - ok
    19:07:47.0917 4980 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    19:07:47.0927 4980 WdiServiceHost - ok
    19:07:47.0930 4980 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    19:07:47.0932 4980 WdiSystemHost - ok
    19:07:47.0949 4980 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    19:07:47.0961 4980 WebClient - ok
    19:07:47.0976 4980 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    19:07:47.0988 4980 Wecsvc - ok
    19:07:47.0998 4980 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    19:07:48.0001 4980 wercplsupport - ok
    19:07:48.0036 4980 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    19:07:48.0038 4980 WerSvc - ok
    19:07:48.0070 4980 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    19:07:48.0079 4980 WfpLwf - ok
    19:07:48.0083 4980 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    19:07:48.0092 4980 WIMMount - ok
    19:07:48.0131 4980 WinDefend - ok
    19:07:48.0192 4980 WindowBlinds (97c7f30787a30cfa760b0247631a5463) C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
    19:07:48.0205 4980 WindowBlinds - ok
    19:07:48.0212 4980 WinHttpAutoProxySvc - ok
    19:07:48.0263 4980 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    19:07:48.0272 4980 Winmgmt - ok
    19:07:48.0378 4980 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    19:07:48.0428 4980 WinRM - ok
    19:07:48.0579 4980 winusb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\winusb.sys
    19:07:48.0589 4980 winusb - ok
    19:07:48.0639 4980 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    19:07:48.0668 4980 Wlansvc - ok
    19:07:48.0708 4980 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    19:07:48.0719 4980 wlcrasvc - ok
    19:07:48.0889 4980 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    19:07:48.0913 4980 wlidsvc - ok
    19:07:48.0989 4980 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
    19:07:48.0998 4980 WmBEnum - ok
    19:07:49.0036 4980 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
    19:07:49.0046 4980 WmFilter - ok
    19:07:49.0081 4980 WmHidLo (ac4331af118a720f13c9c5cabbfe27bd) C:\Windows\system32\drivers\WmHidLo.sys
    19:07:49.0090 4980 WmHidLo - ok
    19:07:49.0122 4980 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    19:07:49.0130 4980 WmiAcpi - ok
    19:07:49.0177 4980 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    19:07:49.0194 4980 wmiApSrv - ok
    19:07:49.0256 4980 WMPNetworkSvc - ok
    19:07:49.0270 4980 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
    19:07:49.0279 4980 WmVirHid - ok
    19:07:49.0290 4980 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
    19:07:49.0301 4980 WmXlCore - ok
    19:07:49.0361 4980 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe
    19:07:49.0377 4980 WMZuneComm - ok
    19:07:49.0425 4980 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    19:07:49.0434 4980 WPCSvc - ok
    19:07:49.0450 4980 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    19:07:49.0460 4980 WPDBusEnum - ok
    19:07:49.0464 4980 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    19:07:49.0473 4980 ws2ifsl - ok
    19:07:49.0486 4980 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
    19:07:49.0495 4980 wscsvc - ok
    19:07:49.0497 4980 WSearch - ok
    19:07:49.0637 4980 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    19:07:49.0696 4980 wuauserv - ok
    19:07:49.0771 4980 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    19:07:49.0784 4980 WudfPf - ok
    19:07:49.0826 4980 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:07:49.0840 4980 WUDFRd - ok
    19:07:49.0857 4980 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    19:07:49.0866 4980 wudfsvc - ok
    19:07:49.0892 4980 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    19:07:49.0904 4980 WwanSvc - ok
    19:07:50.0059 4980 ytpUpdater (88596ac939a4bcd347c5d360dfd0846e) C:\Program Files (x86)\updater\updater.exe
    19:07:50.0133 4980 ytpUpdater - ok
    19:07:50.0665 4980 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe
    19:07:50.0822 4980 ZuneNetworkSvc - ok
    19:07:50.0883 4980 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
    19:07:50.0904 4980 ZuneWlanCfgSvc - ok
    19:07:50.0915 4980 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    19:07:51.0116 4980 \Device\Harddisk0\DR0 - ok
    19:07:51.0119 4980 Boot (0x1200) (6efb70c07cd1ba1edca2b603cc988eec) \Device\Harddisk0\DR0\Partition0
    19:07:51.0120 4980 \Device\Harddisk0\DR0\Partition0 - ok
    19:07:51.0139 4980 Boot (0x1200) (60ac426d1eba97774f052e637196341a) \Device\Harddisk0\DR0\Partition1
    19:07:51.0141 4980 \Device\Harddisk0\DR0\Partition1 - ok
    19:07:51.0141 4980 ============================================================
    19:07:51.0141 4980 Scan finished
    19:07:51.0141 4980 ============================================================
    19:07:51.0150 1744 Detected object count: 0
    19:07:51.0150 1744 Actual detected object count: 0
     
  17. Broni

    Broni Malware Annihilator Posts: 47,647   +267

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  18. Ryan O'Brien

    Ryan O'Brien TS Rookie Topic Starter Posts: 65

    RogueKiller log info


    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: Nub [Admin rights]
    Mode: Scan -- Date: 07/21/2012 19:18:14

    ¤¤¤ Bad processes: 1 ¤¤¤
    [SUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 13 ¤¤¤
    [BLACKLIST DLL] HKCU\[...]\Run : 2K Games (rundll32.exe "C:\Users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll",CreateInstance) -> FOUND
    [BLACKLIST DLL] HKUS\.DEFAULT[...]\Run : 2K Games (rundll32.exe "C:\Users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll",CreateInstance) -> FOUND
    [BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : 2K Games (rundll32.exe "C:\Users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll",CreateInstance) -> FOUND
    [BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : 2K Games (rundll32.exe "C:\Users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll",CreateInstance) -> FOUND
    [BLACKLIST DLL] HKUS\S-1-5-21-2463314201-2541101053-2832014611-1006[...]\Run : 2K Games (rundll32.exe "C:\Users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll",CreateInstance) -> FOUND
    [BLACKLIST DLL] HKUS\S-1-5-18[...]\Run : 2K Games (rundll32.exe "C:\Users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll",CreateInstance) -> FOUND
    [SUSP PATH] Best Buy pc app.lnk Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
    [SUSP PATH] Best Buy pc app.lnk Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [SCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Windows\LIVING~1.SCR) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD10EALX-229BA0 ATA Device +++++
    --- User ---
    [MBR] 350720ab0f3de94caa18596bfeeda8e6
    [BSP] 2fba84096da516bd12cdc8f0abb8703a : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 2048 | Size: 14524 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29747200 | Size: 381546 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 811153408 | Size: 557797 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
     
  19. Ryan O'Brien

    Ryan O'Brien TS Rookie Topic Starter Posts: 65

    sorry it took forever to scan. rofl

    aswMBR log:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-21 14:20:38
    -----------------------------
    14:20:38.173 OS Version: Windows x64 6.1.7601 Service Pack 1
    14:20:38.173 Number of processors: 4 586 0x100
    14:20:38.173 ComputerName: RYAN-PC UserName: Nub
    14:20:38.973 Initialize success
    14:21:23.355 AVAST engine defs: 12072100
    14:21:27.831 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    14:21:27.835 Disk 0 Vendor: WDC_WD10EALX-229BA0 15.01H15 Size: 953869MB BusType: 3
    14:21:27.848 Disk 0 MBR read successfully
    14:21:27.851 Disk 0 MBR scan
    14:21:27.855 Disk 0 Windows 7 default MBR code
    14:21:27.858 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 14524 MB offset 2048
    14:21:27.867 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 381546 MB offset 29747200
    14:21:27.889 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 557797 MB offset 811153408
    14:21:27.915 Disk 0 scanning C:\Windows\system32\drivers
    14:21:34.329 Service scanning
    14:21:51.184 Modules scanning
    14:21:51.192 Disk 0 trace - called modules:
    14:21:51.206 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    14:21:51.211 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007471060]
    14:21:51.216 3 CLASSPNP.SYS[fffff880019c343f] -> nt!IofCallDriver -> [0xfffffa800705a520]
    14:21:51.222 5 ACPI.sys[fffff88000f2d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007095060]
    14:21:52.220 AVAST engine scan C:\Windows
    14:21:54.297 AVAST engine scan C:\Windows\system32
    14:23:59.773 AVAST engine scan C:\Windows\system32\drivers
    14:24:06.690 AVAST engine scan C:\Users\Nub
    14:31:28.613 AVAST engine scan C:\ProgramData
    14:33:56.917 Scan finished successfully
    14:34:22.683 Disk 0 MBR has been saved successfully to "C:\Users\Nub\Documents\MBR.dat"
    14:34:22.696 The log file has been saved successfully to "C:\Users\Nub\Documents\aswMBR.txt"


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-21 19:20:35
    -----------------------------
    19:20:35.343 OS Version: Windows x64 6.1.7601 Service Pack 1
    19:20:35.343 Number of processors: 4 586 0x100
    19:20:35.344 ComputerName: RYAN-PC UserName: Nub
    19:20:36.578 Initialize success
    19:21:12.951 AVAST engine defs: 12072101
    19:21:26.517 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    19:21:26.518 Disk 0 Vendor: WDC_WD10EALX-229BA0 15.01H15 Size: 953869MB BusType: 3
    19:21:26.529 Disk 0 MBR read successfully
    19:21:26.530 Disk 0 MBR scan
    19:21:26.536 Disk 0 Windows 7 default MBR code
    19:21:26.539 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 14524 MB offset 2048
    19:21:26.555 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 381546 MB offset 29747200
    19:21:26.577 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 557797 MB offset 811153408
    19:21:26.606 Disk 0 scanning C:\Windows\system32\drivers
    19:21:37.228 Service scanning
    19:21:58.052 Modules scanning
    19:21:58.058 Disk 0 trace - called modules:
    19:21:58.076 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    19:21:58.081 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80074c8060]
    19:21:58.085 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8007311860]
    19:21:58.088 5 PCTCore64.sys[fffff880010af720] -> nt!IofCallDriver -> [0xfffffa8007231520]
    19:21:58.092 7 ACPI.sys[fffff88000f4a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80070eb060]
    19:21:59.533 AVAST engine scan C:\Windows
    19:22:03.058 AVAST engine scan C:\Windows\system32
    19:25:54.598 AVAST engine scan C:\Windows\system32\drivers
    19:26:07.564 AVAST engine scan C:\Users\Nub
    19:52:56.753 AVAST engine scan C:\ProgramData
    20:04:13.967 Scan finished successfully
    20:08:26.804 Disk 0 MBR has been saved successfully to "C:\Users\Nub\Documents\MBR.dat"
    20:08:26.810 The log file has been saved successfully to "C:\Users\Nub\Documents\aswMBR.txt"
     
  20. Broni

    Broni Malware Annihilator Posts: 47,647   +267

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  21. Ryan O'Brien

    Ryan O'Brien TS Rookie Topic Starter Posts: 65

    Ran in normal mode
    Combofix log:

    ComboFix 12-07-21.01 - Nub 07/21/2012 21:18:49.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7675.5593 [GMT -4:00]
    Running from: c:\users\Nub\Downloads\ComboFix.exe
    AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    AV: Titanium *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
    SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: Titanium *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Resident AV is active
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\intellidownload\gunzip.exe
    c:\users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-20 19:27 . 2012-07-20 23:47 -------- d-----w- c:\users\Me
    2012-07-19 21:45 . 2012-07-19 21:45 -------- d-----w- c:\program files (x86)\Smart Install Maker
    2012-07-17 02:28 . 2012-07-21 22:40 -------- d-----w- c:\program files (x86)\RegistryNuke 2012
    2012-07-16 19:58 . 2012-07-16 19:58 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-07-16 02:36 . 2012-07-16 02:36 -------- d-----w- c:\users\Nub\AppData\Roaming\Malwarebytes
    2012-07-16 02:36 . 2012-07-16 02:36 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-16 02:36 . 2012-07-16 02:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-16 02:36 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-16 00:37 . 2012-06-14 16:31 85224 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
    2012-07-16 00:37 . 2012-06-14 16:31 767960 ----a-w- c:\windows\BDTSupport.dll
    2012-07-16 00:37 . 2012-06-14 16:31 2267096 ----a-w- c:\windows\PCTBDCore.dll
    2012-07-16 00:37 . 2012-06-14 16:31 1681368 ----a-w- c:\windows\PCTBDRes.dll
    2012-07-16 00:37 . 2012-06-14 16:31 149464 ----a-w- c:\windows\SGDetectionTool.dll
    2012-07-16 00:36 . 2012-05-11 15:09 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
    2012-07-16 00:36 . 2012-05-11 15:08 341168 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
    2012-07-16 00:36 . 2012-05-11 15:13 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
    2012-07-16 00:36 . 2012-05-11 15:14 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
    2012-07-16 00:36 . 2012-07-21 22:40 -------- d-----w- c:\program files (x86)\PC Tools
    2012-07-16 00:33 . 2012-02-28 15:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
    2012-07-16 00:33 . 2012-02-28 15:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
    2012-07-16 00:33 . 2012-04-23 16:36 426616 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
    2012-07-16 00:33 . 2012-07-21 22:40 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
    2012-07-16 00:33 . 2012-05-11 15:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
    2012-07-16 00:33 . 2012-07-21 22:40 -------- d-----w- c:\programdata\PC Tools
    2012-07-16 00:33 . 2012-07-16 00:33 -------- d-----w- c:\users\Nub\AppData\Roaming\TestApp
    2012-07-15 14:53 . 2012-07-15 18:15 -------- d-----w- c:\program files (x86)\German Truck Simulator
    2012-07-15 14:32 . 2012-07-15 14:32 -------- d-----w- c:\users\Nub\AppData\Local\CRE
    2012-07-15 14:31 . 2012-07-15 14:31 -------- d-----w- c:\program files (x86)\uTorrentControl3
    2012-07-15 14:30 . 2012-07-16 03:24 -------- d-----w- c:\users\Nub\AppData\Roaming\uTorrent
    2012-07-13 03:32 . 2012-07-22 01:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\CrashDumps
    2012-07-12 18:53 . 2012-07-19 18:21 -------- d-----w- c:\users\Nub\AppData\Local\CrashDumps
    2012-07-12 15:08 . 2012-07-12 15:08 -------- d-----w- c:\users\Nub\AppData\Roaming\TechSmith
    2012-07-12 15:07 . 2012-07-12 15:07 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
    2012-07-12 15:07 . 2012-07-12 15:07 -------- d-----w- c:\programdata\TechSmith
    2012-07-12 15:07 . 2012-07-12 15:07 -------- d-----w- c:\program files (x86)\TechSmith
    2012-07-12 03:38 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 15:19 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-09 23:35 . 2012-07-10 17:44 -------- d-----w- C:\Adobe Photoshop CS6
    2012-07-09 20:26 . 2012-07-22 01:26 -------- d-----w- c:\program files (x86)\intellidownload
    2012-07-09 02:10 . 2012-07-21 22:40 -------- d-----w- C:\AdobePhotoshopCS6Portable
    2012-07-09 01:35 . 2012-07-09 01:35 -------- d-----w- c:\programdata\ATI
    2012-07-09 01:35 . 2012-07-09 01:35 -------- d-----w- c:\program files (x86)\AMD AVT
    2012-07-09 01:34 . 2012-07-09 01:34 -------- d-----w- c:\program files\AMD
    2012-07-09 01:34 . 2012-07-09 01:34 -------- d-----w- c:\program files (x86)\AMD APP
    2012-07-09 01:34 . 2012-07-09 01:34 -------- d-----w- c:\program files\Common Files\ATI Technologies
    2012-07-09 01:34 . 2012-07-09 01:34 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
    2012-07-09 01:33 . 2012-07-09 01:34 -------- d-----w- c:\program files\ATI Technologies
    2012-07-08 22:09 . 2012-07-08 22:09 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2012-07-05 22:46 . 2012-07-05 22:46 172098 ----a-w- C:\torrent.exe
    2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    2012-07-03 02:41 . 2012-07-03 02:41 -------- d-----w- c:\users\Nub\AppData\Local\id Software
    2012-07-03 02:32 . 2012-07-03 02:32 -------- d-----w- c:\program files (x86)\id Software
    2012-07-03 02:29 . 2012-07-03 02:29 -------- d-sh--w- c:\windows\ftpcache
    2012-07-02 02:38 . 2012-07-02 02:38 -------- d-----w- c:\windows\en
    2012-07-02 02:36 . 2012-07-02 02:36 -------- d-----w- c:\windows\es
    2012-07-02 02:36 . 2012-07-02 02:36 -------- d-----w- c:\windows\de
    2012-07-02 02:36 . 2012-07-02 02:36 -------- d-----w- c:\windows\fr
    2012-07-02 02:36 . 2012-07-02 02:36 -------- d-----w- c:\windows\nl
    2012-07-02 02:33 . 2012-03-08 22:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2012-07-02 02:31 . 2012-07-02 02:31 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cee939541cd57fa02\MeshBetaRemover.exe
    2012-07-02 02:31 . 2012-07-02 02:31 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ce705e0f1cd57fa01\DSETUP.dll
    2012-07-02 02:31 . 2012-07-02 02:31 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ce705e0f1cd57fa01\DXSETUP.exe
    2012-07-02 02:31 . 2012-07-02 02:31 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ce705e0f1cd57fa01\dsetup32.dll
    2012-07-01 18:57 . 2012-07-01 18:57 -------- d-----w- c:\users\Nub\AppData\Roaming\Paltalk
    2012-07-01 18:57 . 2012-07-01 18:57 -------- d-----w- c:\program files (x86)\Paltalk Messenger
    2012-07-01 18:57 . 2012-07-01 18:57 -------- d-----w- c:\windows\Paltalk Messenger
    2012-07-01 18:56 . 2012-07-01 18:56 -------- d-----w- c:\users\Nub\AppData\Roaming\OpenCandy
    2012-07-01 18:55 . 2012-07-01 18:56 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
    2012-07-01 18:55 . 2012-07-01 18:55 -------- d-----w- c:\program files (x86)\DVDVideoSoft
    2012-07-01 18:55 . 2012-07-01 18:56 -------- d-----w- c:\users\Nub\AppData\Roaming\DVDVideoSoft
    2012-06-28 21:50 . 2012-06-28 21:50 -------- d-----w- c:\program files (x86)\18 WoS Extreme Trucker 2
    2012-06-28 04:05 . 2012-06-28 04:05 -------- d-----w- c:\program files (x86)\Bus Driver
    2012-06-26 19:52 . 2012-06-26 19:52 -------- d-----w- c:\program files (x86)\Microsoft Games
    2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
    2012-06-23 00:11 . 2012-07-22 01:17 -------- d-----w- c:\program files\NeO IRC 1.7
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-21 22:43 . 2012-04-10 04:14 119296 ----a-w- c:\windows\SysWow64\zlib.dll
    2012-07-12 03:34 . 2012-01-23 05:12 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-22 21:00 . 2012-02-22 22:06 134672 ----a-w- c:\windows\RegBootClean64.exe
    2012-06-19 20:22 . 2012-06-19 20:23 151552 ----a-w- c:\windows\SysWow64\nvRegDev.dll
    2012-06-19 20:22 . 2012-06-19 20:22 61440 ----a-w- c:\windows\SysWow64\nvPhotoshopUtil.dll
    2012-06-19 20:22 . 2012-06-19 20:22 40960 ----a-w- c:\windows\SysWow64\nvISWOW64.dll
    2012-06-14 15:03 . 2012-07-16 00:37 3488 ----a-w- c:\windows\UDB.zip
    2012-06-14 15:03 . 2012-07-16 00:37 131 ----a-w- c:\windows\IDB.zip
    2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
    2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
    2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2012-06-11 17:50 . 2012-06-11 17:50 187392 ----a-w- c:\windows\system32\clinfo.exe
    2012-06-11 17:50 . 2012-06-11 17:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
    2012-06-11 17:50 . 2012-06-11 17:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2012-06-11 17:50 . 2012-06-11 17:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
    2012-06-11 17:50 . 2012-06-11 17:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2012-06-11 17:50 . 2012-06-11 17:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
    2012-06-11 17:49 . 2012-06-11 17:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
    2012-06-11 17:48 . 2012-06-11 17:48 54784 ----a-w- c:\windows\system32\OpenCL.dll
    2012-06-11 17:48 . 2012-06-11 17:48 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-06-11 17:24 . 2011-08-11 01:05 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2012-06-11 17:23 . 2011-08-11 01:05 1090560 ----a-w- c:\windows\system32\aticfx64.dll
    2012-06-11 17:20 . 2011-08-11 01:05 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
    2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
    2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2012-06-11 17:16 . 2011-08-11 01:05 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2012-06-11 17:01 . 2011-08-11 01:05 6914560 ----a-w- c:\windows\system32\atidxx64.dll
    2012-06-11 16:51 . 2011-08-11 01:05 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
    2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2012-06-11 16:45 . 2011-08-11 01:05 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
    2012-06-11 16:43 . 2011-08-11 01:05 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2012-06-11 16:36 . 2011-08-11 01:05 6605824 ----a-w- c:\windows\system32\atiumd64.dll
    2012-06-11 16:27 . 2011-08-11 01:05 539136 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-06-11 16:25 . 2011-08-11 01:05 54784 ----a-w- c:\windows\system32\atiuxp64.dll
    2012-06-11 16:25 . 2011-08-11 01:05 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2012-06-11 16:25 . 2011-08-11 01:05 45056 ----a-w- c:\windows\system32\atiu9p64.dll
    2012-06-11 16:24 . 2011-08-11 01:05 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2012-06-02 23:33 . 2012-06-02 23:33 18944 ----a-r- c:\users\Nub\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
    2012-06-02 23:33 . 2012-06-02 23:33 11264 ----a-r- c:\users\Nub\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe
    2012-06-02 22:19 . 2012-06-21 15:39 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 15:40 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 15:40 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 15:40 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 15:39 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 15:40 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 15:39 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-21 15:39 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:15 . 2012-06-21 15:39 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-10 20:35 . 2012-05-10 20:35 43520 ----a-w- c:\windows\system32\kdbsdk64.dll
    2012-05-10 20:35 . 2012-05-10 20:35 29184 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
    2012-05-04 11:06 . 2012-06-13 17:47 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-13 17:47 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-13 17:47 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40 . 2012-06-13 17:47 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-04-28 03:55 . 2012-06-13 17:47 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-26 05:41 . 2012-06-13 17:47 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-04-26 05:41 . 2012-06-13 17:47 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-04-26 05:34 . 2012-06-13 17:47 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-04-24 05:37 . 2012-06-13 17:47 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-04-24 05:37 . 2012-06-13 17:47 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-04-24 05:37 . 2012-06-13 17:47 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-04-24 04:36 . 2012-06-13 17:47 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36 . 2012-06-13 17:47 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-04-24 04:36 . 2012-06-13 17:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-04-24 03:45 . 2012-04-24 03:45 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-04-24 03:45 . 2011-08-11 01:19 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{b57a9eb1-0e57-4850-a701-4d169538e6ed}]
    2012-05-18 19:45 85288 ----a-w- c:\program files (x86)\blekkotb_032\blekkotb_019X.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BA900CBA-FA92-4DF6-BED1-B683BFB92433}]
    2012-04-04 21:58 1737216 ----a-w- c:\program files (x86)\YoutubePlus\YoutubePlus.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{b57a9eb1-0e57-4850-a701-4d169538e6ed}"= "c:\program files (x86)\blekkotb_032\blekkotb_019X.dll" [2012-05-18 85288]
    .
    [HKEY_CLASSES_ROOT\clsid\{b57a9eb1-0e57-4850-a701-4d169538e6ed}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "2K Games"="c:\users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll" [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "2K Games"="c:\users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll" [BU]
    .
    c:\users\Nub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Malwarebytes Anti-Malware.lnk - c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2012-7-15 973488]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-8-29 16032]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-12 116648]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 253088]
    R3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2011-03-18 87168]
    R3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2011-03-18 188544]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-02-28 21712]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-12 116648]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-14 85224]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-23 1255736]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
    S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
    S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
    S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-05-11 251528]
    S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2012-03-23 70928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
    S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2010-11-28 128904]
    S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
    S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-06-13 922240]
    S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
    S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-14 575448]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-24 430136]
    S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
    S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-03-29 27760]
    S2 ytpUpdater;ytpUpdater;c:\program files (x86)\updater\updater.exe [2012-03-26 1730048]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-03-23 77936]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 12288]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-03-29 2157680]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 03:45]
    .
    2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-12 22:55]
    .
    2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-12 22:55]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
    "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    mStart Page = hxxp://asus.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    TCP: Interfaces\{9EAD5E01-EBA1-4D42-9349-8BE2F94CCDD5}: NameServer = 8.8.8.8,8.8.4.4
    FF - ProfilePath - c:\users\Nub\AppData\Roaming\Mozilla\Firefox\Profiles\kil77mcf.default\
    FF - prefs.js: browser.search.selectedEngine - YoutubePlus
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2463314201-2541101053-2832014611-1006\Software\SecuROM\License information*]
    "datasecu"=hex:7b,13,97,03,64,d4,8b,0f,64,f5,6f,10,9d,d7,bd,9f,71,18,18,1f,b5,
    e0,ae,fe,ba,72,62,67,a8,e2,85,fe,19,ac,ea,23,96,b7,55,07,35,5a,ce,e2,85,5d,\
    "rkeysecu"=hex:3e,b5,3a,9e,8d,9d,46,73,63,5c,82,8b,f1,70,4b,63
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\windows\SysWOW64\PnkBstrB.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-21 21:38:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-22 01:38
    ComboFix2.txt 2012-07-21 19:24
    ComboFix3.txt 2012-07-20 21:44
    .
    Pre-Run: 54,702,419,968 bytes free
    Post-Run: 54,990,872,576 bytes free
    .
    - - End Of File - - B7107FD3DED271A8765A63EBB4F1D255
     
  22. Ryan O'Brien

    Ryan O'Brien TS Rookie Topic Starter Posts: 65

    Ran in normal mode
    Rkill log:

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 07/21/2012 at 21:41:35.
    Operating System: Windows 7 Home Premium


    Processes terminated by Rkill or while it was running:

    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\SysWOW64\rundll32.exe


    Rkill completed on 07/21/2012 at 21:41:47.
     
  23. Broni

    Broni Malware Annihilator Posts: 47,647   +267

    You're running two AV programs, PC Tools Spyware Doctor with AntiVirus and TrendMicro Titanium.
    You must uninstall one of them.

    =====================================

    Uninstall RegistryNuke 2012.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ==============================

    Combofix log looks good.

    Any current issues?

    ============================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ==================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  24. Ryan O'Brien

    Ryan O'Brien TS Rookie Topic Starter Posts: 65

    Can't seem to uninstall RegistryNuke nor Spyware doctor.

    File "C:\Program Files (x86)\RegistryNuke 2012\unins000.dat" does not exist. Cannot uninstall


    OTL Log (Part 1)

    OTL logfile created on: 7/21/2012 10:06:11 PM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Nub\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.50 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 82.78% Memory free
    14.99 Gb Paging File | 13.72 Gb Available in Paging File | 91.50% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 372.60 Gb Total Space | 51.34 Gb Free Space | 13.78% Space Free | Partition Type: NTFS
    Drive D: | 544.72 Gb Total Space | 8.23 Gb Free Space | 1.51% Space Free | Partition Type: NTFS
    Drive F: | 5.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: RYAN-PC | User Name: Nub | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/21 22:05:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Nub\Downloads\OTL.exe
    PRC - [2012/07/19 11:02:01 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/19 11:02:01 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/04/23 23:45:53 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
    SRV:64bit: - [2012/06/11 13:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2012/06/11 13:12:16 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
    SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV:64bit: - [2011/03/29 06:04:12 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
    SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/07/19 11:02:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/06/14 12:31:06 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
    SRV - [2012/05/19 22:05:40 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
    SRV - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
    SRV - [2012/04/23 23:45:53 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/03/26 09:55:20 | 001,730,048 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\updater\updater.exe -- (ytpUpdater)
    SRV - [2012/03/02 22:38:15 | 000,189,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
    SRV - [2012/03/02 22:37:59 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/02/29 09:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2011/06/13 04:36:54 | 000,922,240 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe -- (asComSvc)
    SRV - [2011/05/09 13:01:06 | 000,430,080 | ---- | M] (PowerUp Software, LLC) [Auto | Stopped] -- C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc)
    SRV - [2011/03/02 01:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 14:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/12/01 22:15:14 | 000,915,584 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc)
    SRV - [2010/11/28 16:34:00 | 000,128,904 | ---- | M] (AMD) [Auto | Stopped] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
    SRV - [2010/10/21 13:52:26 | 000,586,880 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/12/23 17:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/06/04 16:13:28 | 000,337,144 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe -- (WindowBlinds)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/06/14 12:31:44 | 000,085,224 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
    DRV:64bit: - [2012/06/11 14:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/06/11 12:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/05/11 11:14:26 | 000,251,528 | ---- | M] (PC Tools) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
    DRV:64bit: - [2012/04/23 12:36:50 | 000,426,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
    DRV:64bit: - [2012/03/22 22:19:45 | 000,167,696 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
    DRV:64bit: - [2012/03/22 22:19:45 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
    DRV:64bit: - [2012/03/22 22:19:45 | 000,091,920 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
    DRV:64bit: - [2012/03/22 22:19:45 | 000,070,928 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
    DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/28 11:43:18 | 001,096,176 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
    DRV:64bit: - [2012/02/28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
    DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/08/10 21:03:14 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/08/10 21:03:14 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/08/01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
    DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/03/29 06:04:06 | 002,157,680 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV:64bit: - [2011/03/23 06:20:58 | 000,077,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2011/03/17 20:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
    DRV:64bit: - [2011/03/17 20:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/04/27 19:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
    DRV:64bit: - [2010/04/27 19:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
    DRV:64bit: - [2010/04/27 19:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
    DRV:64bit: - [2010/04/27 17:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
    DRV:64bit: - [2010/04/27 17:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
    DRV:64bit: - [2010/02/18 13:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2007/04/09 11:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
    DRV - [2012/02/28 19:11:24 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2008/01/04 17:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE - HKLM\..\SearchScopes,DefaultScope = {0877D540-4E36-4DF4-BA60-455B4E34840B}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{0877D540-4E36-4DF4-BA60-455B4E34840B}: "URL" = http://50.56.166.40/youtubeplus/search/search.php?q={searchTerms}&sid=divx2k

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0877D540-4E36-4DF4-BA60-455B4E34840B}: "URL" = http://50.56.166.40/youtubeplus/search/search.php?q={searchTerms}&sid=divx2k
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "YoutubePlus"


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
    FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/07/21 21:55:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/07/21 21:55:09 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\__Youtube@Plus: C:\Program Files (x86)\YoutubePlus\YoutubePlus.xpi [2012/04/17 22:37:20 | 000,007,323 | ---- | M] ()
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012/07/21 18:40:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 11:02:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/03/30 17:19:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nub\AppData\Roaming\Mozilla\Extensions
    [2012/07/16 22:33:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nub\AppData\Roaming\Mozilla\Firefox\Profiles\kil77mcf.default\extensions
    [2012/06/14 18:31:26 | 000,000,000 | ---D | M] (blekko search bar) -- C:\Users\Nub\AppData\Roaming\Mozilla\Firefox\Profiles\kil77mcf.default\extensions\{b57a9eb1-0e57-4850-a701-4d169538e6ed}
    [2012/06/29 18:40:10 | 000,000,000 | ---D | M] (U2bview Firefox Add-on) -- C:\Users\Nub\AppData\Roaming\Mozilla\Firefox\Profiles\kil77mcf.default\extensions\noreply@u2bviews.com
    [2012/04/17 22:37:23 | 000,001,846 | ---- | M] () -- C:\Users\Nub\AppData\Roaming\Mozilla\Firefox\Profiles\kil77mcf.default\searchplugins\ytp.xml
    [2012/04/07 19:28:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/07/17 10:44:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/07/19 11:02:01 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: YoutubePlus (Enabled)
    CHR - default_search_provider: search_url = http://50.56.166.40/youtubeplus/search/search.php?q={searchTerms}&sid=divx2k
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
    CHR - Extension: Youtube Plus = C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfplnmdbcmooodmaipjfjcepfmfcinpk\1.0_0\
    CHR - Extension: uTorrentControl3 = C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcoadpabahabkmdndndlimfikephnoka\2.3.15.10_0\
    CHR - Extension: Skype Click to Call = C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\

    O1 HOSTS File: ([2012/07/21 21:32:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
    O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
    O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (blekko search bar) - {b57a9eb1-0e57-4850-a701-4d169538e6ed} - C:\Program Files (x86)\blekkotb_032\blekkotb_019X.dll ()
    O2 - BHO: (Youtube Plus) - {BA900CBA-FA92-4DF6-BED1-B683BFB92433} - C:\Program Files (x86)\YoutubePlus\YoutubePlus.dll (Youtube Plus)
    O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (blekko search bar) - {b57a9eb1-0e57-4850-a701-4d169538e6ed} - C:\Program Files (x86)\blekkotb_032\blekkotb_019X.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
    O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [2K Games] rundll32.exe "C:\Users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll",CreateInstance File not found
    O4 - Startup: C:\Users\Nub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Malware.lnk = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.7.0_04)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EAD5E01-EBA1-4D42-9349-8BE2F94CCDD5}: NameServer = 8.8.8.8,8.8.4.4
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
    O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
    O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
    O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\WB: DllName - (C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/09/16 03:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ]
    O32 - AutoRun File - [2011/09/16 00:58:13 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
     
  25. Ryan O'Brien

    Ryan O'Brien TS Rookie Topic Starter Posts: 65

    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/21 21:32:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/21 21:17:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/21 21:17:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/21 21:17:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/21 21:16:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/21 19:07:12 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nub\Desktop\TDSSKiller.exe
    [2012/07/21 15:24:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/21 14:17:39 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\RK_Quarantine
    [2012/07/20 23:23:25 | 000,000,000 | ---D | C] -- C:\Users\Nub\Documents\LOg
    [2012/07/20 17:29:25 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/19 17:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Install Maker 5.04
    [2012/07/19 17:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Install Maker
    [2012/07/16 22:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistryNuke 2012
    [2012/07/16 22:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegistryNuke 2012
    [2012/07/16 15:58:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/07/15 22:36:45 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\Malwarebytes
    [2012/07/15 22:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/15 22:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/15 22:36:30 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/15 22:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/15 20:37:25 | 000,085,224 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
    [2012/07/15 20:37:24 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
    [2012/07/15 20:37:24 | 001,681,368 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
    [2012/07/15 20:37:24 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
    [2012/07/15 20:36:30 | 000,341,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
    [2012/07/15 20:36:30 | 000,145,432 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
    [2012/07/15 20:36:26 | 000,014,776 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
    [2012/07/15 20:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
    [2012/07/15 20:36:21 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
    [2012/07/15 20:36:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
    [2012/07/15 20:33:58 | 001,096,176 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
    [2012/07/15 20:33:57 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
    [2012/07/15 20:33:55 | 000,426,616 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
    [2012/07/15 20:33:53 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
    [2012/07/15 20:33:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
    [2012/07/15 20:33:31 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\TestApp
    [2012/07/15 20:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2012/07/15 10:57:12 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\German Truck Simulator
    [2012/07/15 10:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\German Truck Simulator
    [2012/07/15 10:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\German Truck Simulator
    [2012/07/15 10:32:04 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\CRE
    [2012/07/15 10:31:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentControl3
    [2012/07/15 10:30:54 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\uTorrent
    [2012/07/15 00:13:34 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\mod
    [2012/07/14 20:22:54 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\TR
    [2012/07/14 20:03:49 | 000,000,000 | ---D | C] -- C:\Users\Nub\Documents\German Truck Simulator
    [2012/07/14 16:05:13 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\MMM1
    [2012/07/14 13:48:14 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\Gindinbei System
    [2012/07/14 13:46:25 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\base
    [2012/07/12 17:07:56 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\Adobe Photoshop CS6
    [2012/07/12 14:53:21 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\CrashDumps
    [2012/07/12 11:14:26 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\Crack
    [2012/07/12 11:08:43 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\TechSmith
    [2012/07/12 11:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
    [2012/07/12 11:07:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
    [2012/07/12 11:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
    [2012/07/12 11:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
    [2012/07/11 19:51:57 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\Stuffs
    [2012/07/09 19:35:38 | 000,000,000 | ---D | C] -- C:\Adobe Photoshop CS6
    [2012/07/09 16:26:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\intellidownload
    [2012/07/09 13:01:05 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\AdobePhotoshopCS6Portable
    [2012/07/08 22:11:24 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\Photoshop_CS6_13.0_Extended_Portable
    [2012/07/08 22:10:30 | 000,000,000 | ---D | C] -- C:\AdobePhotoshopCS6Portable
    [2012/07/08 21:35:11 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
    [2012/07/08 21:35:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2012/07/08 21:35:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
    [2012/07/08 21:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
    [2012/07/08 21:34:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
    [2012/07/08 21:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
    [2012/07/08 21:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
    [2012/07/08 21:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
    [2012/07/08 21:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
    [2012/07/08 18:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
    [2012/07/08 18:07:04 | 084,347,111 | ---- | C] (PainteR ) -- C:\Users\Nub\Desktop\Photoshop CS6 (Portable).exe
    [2012/07/07 12:08:20 | 000,016,384 | ---- | C] (Vagex) -- C:\Users\Nub\Desktop\updater.exe
    [2012/07/05 20:51:17 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\poop
    [2012/07/04 19:56:37 | 000,000,000 | ---D | C] -- C:\Users\Nub\Documents\Electronic Arts
    [2012/07/02 22:41:42 | 000,000,000 | ---D | C] -- C:\Users\Nub\Documents\id Software
    [2012/07/02 22:41:20 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\id Software
    [2012/07/02 22:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\id Software
    [2012/07/02 22:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\id Software
    [2012/07/02 22:29:56 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
    [2012/07/01 22:38:05 | 000,000,000 | ---D | C] -- C:\Windows\en
    [2012/07/01 22:36:50 | 000,000,000 | ---D | C] -- C:\Windows\es
    [2012/07/01 22:36:43 | 000,000,000 | ---D | C] -- C:\Windows\de
    [2012/07/01 22:36:37 | 000,000,000 | ---D | C] -- C:\Windows\fr
    [2012/07/01 22:36:30 | 000,000,000 | ---D | C] -- C:\Windows\nl
    [2012/07/01 22:30:51 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{CFDE1CD9-BC53-4CB3-A135-A25853A93AC6}
    [2012/07/01 22:30:39 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{D287ACCD-30C6-4120-AB65-D9BBA9DF52AF}
    [2012/07/01 22:29:54 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{8092152A-9DD6-467D-BD57-80294A1BFDC8}
    [2012/07/01 22:29:37 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{BE30A25A-37BD-41E8-99A1-A37721B1D74A}
    [2012/07/01 15:48:50 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{70F6032C-0E89-4C36-9E33-44E9E22CABE1}
    [2012/07/01 15:48:38 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{F76952F3-B6D1-48FC-A121-D621CA6D8BFB}
    [2012/07/01 15:48:24 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{0B74427D-7262-445B-83E5-25DF43484814}
    [2012/07/01 15:48:12 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{004E4185-3A0D-4351-9C32-E6E341A2697B}
    [2012/07/01 14:57:33 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
    [2012/07/01 14:57:31 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\Paltalk
    [2012/07/01 14:57:29 | 000,000,000 | ---D | C] -- C:\Windows\Paltalk Messenger
    [2012/07/01 14:57:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paltalk Messenger
    [2012/07/01 14:56:10 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\OpenCandy
    [2012/07/01 14:56:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
    [2012/07/01 14:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
    [2012/07/01 14:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
    [2012/07/01 14:55:20 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\DVDVideoSoft
    [2012/06/30 20:19:36 | 000,000,000 | ---D | C] -- C:\Users\Nub\Documents\OFX Presets
    [2012/06/30 17:15:17 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{8ACA30BE-D70B-482B-A44A-8F5E0B28D23D}
    [2012/06/30 17:15:05 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{87806DBA-938A-43DD-9BBE-21EE898978FB}
    [2012/06/29 21:37:52 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{CA82AF2B-9C37-4B22-8324-DBCCAC9645CD}
    [2012/06/29 21:37:41 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{68461492-C674-451C-BD7D-BC04D038B6C4}
    [2012/06/29 18:52:13 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{F170443B-3CED-4627-B4EC-9A33B583B832}
    [2012/06/29 18:52:01 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{62D8FDF5-BFC8-4771-8A6D-4F05281E36F1}
    [2012/06/29 18:50:40 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\trailer
    [2012/06/29 18:45:32 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\Euro Truck Sim Videos
    [2012/06/29 18:27:24 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\brushes
    [2012/06/29 11:28:23 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\img edit
    [2012/06/28 21:36:40 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{285DBC9F-3D5D-4996-B34A-FC5851D9ECDD}
    [2012/06/28 21:36:22 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{97A81B65-09C0-4AA2-BB00-B6EB8F73E023}
    [2012/06/28 21:36:04 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{DE913867-D4FC-4C7D-92F6-3D0E5433FC81}
    [2012/06/28 21:35:52 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{2F2D288D-400F-4A66-ABD8-791A35126EA3}
    [2012/06/28 21:35:31 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{841C0526-F7B7-47B7-8CD6-D39D2BBEAC3F}
    [2012/06/28 21:35:20 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{787C32E8-1A12-4C70-8033-044FEB4897FB}
    [2012/06/28 21:04:05 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\CokeZero Truck
    [2012/06/28 20:54:29 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\;kfhwuoiehfoiqhfuowehfiwdoufhqiofdioshfuohofijqoiufhqouifjoq
    [2012/06/28 20:32:12 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\truck
    [2012/06/28 17:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\18 WoS Extreme Trucker 2
    [2012/06/28 17:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\18 WoS Extreme Trucker 2
    [2012/06/28 17:35:53 | 000,000,000 | ---D | C] -- C:\Users\Nub\Documents\18 WoS Extreme Trucker 2
    [2012/06/28 00:06:20 | 000,000,000 | ---D | C] -- C:\Users\Nub\Documents\Bus Driver
    [2012/06/28 00:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bus Driver
    [2012/06/28 00:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bus Driver
    [2012/06/26 22:35:22 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{AE504E55-626A-4A66-95E8-3E2B17936476}
    [2012/06/26 22:35:10 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{BA411AB5-1C8F-49CB-BA09-BABD0A5EA389}
    [2012/06/26 22:05:59 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\vehicle
    [2012/06/26 15:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
    [2012/06/26 15:52:11 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{2E0ADA97-1AF7-463D-938B-5FC897129762}
    [2012/06/26 15:51:48 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{A2514F1C-7C5B-4887-9F9E-E20191C3F2BD}
    [2012/06/26 09:24:33 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{2DA1A3FB-F9D7-4DE9-9E05-83A2BF551262}
    [2012/06/26 09:24:22 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{377AAE4B-67E1-44EE-B0D9-90B1BCD9A11B}
    [2012/06/25 21:52:25 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{0550D5FD-4413-4348-B51B-9D52D194B24B}
    [2012/06/25 21:52:13 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{AB85C986-847C-4593-A1DC-DC5E1D68888B}
    [2012/06/25 13:29:59 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{5A8B302C-91D6-40D1-B227-1C59383706C6}
    [2012/06/25 13:29:41 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{9F386A97-93D3-4D5C-8B49-A00DFAFDACBA}
    [2012/06/24 23:48:35 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{B09F9454-4A27-45C7-A7B9-EA96335A54E4}
    [2012/06/24 23:48:23 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{A4CDFE8C-7763-4B93-9089-D08B2ACA7CBE}
    [2012/06/24 13:50:35 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{EB89407F-D209-4B81-AABE-F8A9E5C39C86}
    [2012/06/24 13:50:25 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{F62533E9-86DE-4B73-B5C3-394F6D4FF19C}
    [2012/06/24 13:50:12 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{B5E6F3A9-84C4-4740-8C3C-A14436AAEFE2}
    [2012/06/24 13:50:00 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{ADEF3284-3215-47FD-9DE6-C8F12D30014B}
    [2012/06/22 20:25:39 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{6785C491-2B47-46B0-AF9D-032E87654117}
    [2012/06/22 20:25:27 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{92EF7E11-AB94-4415-9F2B-524C6621D450}
    [2012/06/22 20:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\NeO IRC 1.7
    [2012/06/22 10:46:25 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{DB48324A-34DE-445F-BFC4-887CF5D84BC3}
    [2012/06/22 10:46:05 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{2B2218A3-D528-4459-9CA6-307FF2A7409A}

    ========== Files - Modified Within 30 Days ==========

    [2012/07/21 22:03:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/21 22:03:08 | 1741,275,135 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/21 21:57:17 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/21 21:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/21 21:40:41 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/21 21:40:41 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/21 21:32:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/21 21:06:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/21 20:08:26 | 000,000,512 | ---- | M] () -- C:\Users\Nub\Documents\MBR.dat
    [2012/07/21 18:43:40 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
    [2012/07/21 18:43:20 | 001,666,808 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2012/07/19 19:18:28 | 355,892,192 | ---- | M] () -- C:\Users\Nub\Desktop\Open this.zip
    [2012/07/19 19:15:09 | 000,000,022 | ---- | M] () -- C:\Users\Nub\Desktop\New WinRAR ZIP archive (2).zip
    [2012/07/19 18:17:14 | 000,006,776 | ---- | M] () -- C:\Users\Nub\Desktop\austrian edition logo.bmp
    [2012/07/19 18:17:14 | 000,000,132 | ---- | M] () -- C:\Users\Nub\AppData\Roaming\Adobe BMP Format CS6 Prefs
    [2012/07/19 17:57:50 | 000,006,776 | ---- | M] () -- C:\Users\Nub\Desktop\cgqzfx8b.bmp
    [2012/07/19 17:45:56 | 358,310,691 | ---- | M] () -- C:\Users\Nub\Desktop\GTS_1.32_8.0 (2).scs
    [2012/07/19 17:45:40 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Smart Install Maker.lnk
    [2012/07/19 15:55:53 | 000,006,216 | ---- | M] () -- C:\Users\Nub\Desktop\Austrian edition.m2t.sfk
    [2012/07/19 15:55:45 | 000,136,030 | ---- | M] () -- C:\Users\Nub\Desktop\YouTube Logo.jpg
    [2012/07/19 15:45:30 | 717,645,444 | ---- | M] () -- C:\Users\Nub\Desktop\German Truck Simulator Austrian edition.m2t
    [2012/07/19 15:45:30 | 000,000,214 | ---- | M] () -- C:\Users\Nub\Desktop\German Truck Simulator Austrian edition.m2t.sfl
    [2012/07/19 15:31:48 | 009,754,568 | ---- | M] () -- C:\Users\Nub\Desktop\Austrian edition end.m2t
    [2012/07/19 15:31:48 | 000,000,206 | ---- | M] () -- C:\Users\Nub\Desktop\Austrian edition end.m2t.sfl
    [2012/07/19 13:36:54 | 010,564,472 | ---- | M] () -- C:\Users\Nub\Desktop\Austrian edition.m2t
    [2012/07/19 13:36:54 | 000,000,190 | ---- | M] () -- C:\Users\Nub\Desktop\Austrian edition.m2t.sfl
    [2012/07/19 13:33:13 | 000,026,749 | ---- | M] () -- C:\Users\Nub\Desktop\MMM.rar
    [2012/07/18 18:01:24 | 000,111,296 | ---- | M] () -- C:\Users\Nub\Desktop\sampvlog.veg
    [2012/07/18 17:15:33 | 000,154,368 | ---- | M] () -- C:\Users\Nub\Desktop\sampvlog.veg.bak
    [2012/07/17 18:06:09 | 1576,871,159 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/07/16 22:37:55 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/07/16 22:28:44 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\RegistryNuke 2012.lnk
    [2012/07/16 22:11:26 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nub\Desktop\TDSSKiller.exe
    [2012/07/15 22:36:34 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/15 22:36:34 | 000,001,117 | ---- | M] () -- C:\Users\Nub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Malware.lnk
    [2012/07/15 20:36:26 | 000,002,279 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
    [2012/07/15 18:19:03 | 087,155,672 | ---- | M] () -- C:\Users\Nub\Desktop\LIVE - KILLING NEO_RAMEN OBAMA! EXECLUSIVE.m2t
    [2012/07/15 18:19:03 | 000,000,216 | ---- | M] () -- C:\Users\Nub\Desktop\LIVE - KILLING NEO_RAMEN OBAMA! EXECLUSIVE.m2t.sfl
    [2012/07/15 16:55:43 | 000,160,488 | ---- | M] () -- C:\Users\Nub\Desktop\Must Persevere (Full version).mp3.sfk
    [2012/07/15 16:55:35 | 004,677,678 | ---- | M] () -- C:\Users\Nub\Desktop\Must Persevere (Full version).mp3
    [2012/07/15 16:41:32 | 000,296,544 | ---- | M] () -- C:\Users\Nub\Desktop\Untitled.mp3
    [2012/07/15 16:39:09 | 032,084,080 | ---- | M] () -- C:\Users\Nub\Desktop\Untitled.m2t
    [2012/07/15 16:39:09 | 000,000,190 | ---- | M] () -- C:\Users\Nub\Desktop\Untitled.m2t.sfl
    [2012/07/15 10:57:11 | 000,001,383 | ---- | M] () -- C:\Users\Nub\Desktop\German Truck Simulator.lnk
    [2012/07/15 10:54:08 | 000,001,379 | ---- | M] () -- C:\Users\Public\Desktop\German Truck Simulator.lnk
    [2012/07/15 00:12:18 | 169,472,222 | ---- | M] () -- C:\Users\Nub\Desktop\POLSKAOpen.zip
    [2012/07/15 00:10:56 | 171,498,097 | ---- | M] () -- C:\Users\Nub\Desktop\POLSKAOpen.scs
    [2012/07/15 00:08:52 | 000,000,020 | ---- | M] () -- C:\Users\Nub\Desktop\POLSKA.rar
    [2012/07/14 20:22:46 | 001,076,480 | R--- | M] () -- C:\Users\Nub\Desktop\Trial_Reset_3.3.rar
    [2012/07/14 16:16:12 | 678,168,446 | ---- | M] () -- C:\Users\Nub\Desktop\ETS_1.3_Mega-Mix-Map-5 (2).zip
    [2012/07/14 16:14:21 | 000,000,020 | ---- | M] () -- C:\Users\Nub\Desktop\New WinRAR archive.rar
    [2012/07/14 16:13:41 | 680,293,139 | ---- | M] () -- C:\Users\Nub\Desktop\ETS_1.3_Mega-Mix-Map-5 (2).scs
    [2012/07/14 16:04:55 | 000,000,022 | ---- | M] () -- C:\Users\Nub\Desktop\MMM1.zip
    [2012/07/13 13:10:22 | 000,090,838 | ---- | M] () -- C:\Users\Nub\Desktop\before and after to color.jpg
    [2012/07/13 12:06:10 | 1601,221,944 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator London Manchester Cheese.m2t
    [2012/07/13 12:06:09 | 000,000,220 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator London Manchester Cheese.m2t.sfl
    [2012/07/13 10:57:51 | 000,090,838 | ---- | M] () -- C:\Users\Nub\Desktop\before and after color.jpg
    [2012/07/13 10:55:37 | 000,369,216 | ---- | M] () -- C:\Users\Nub\Desktop\colored portrait 2.jpg
    [2012/07/12 18:08:04 | 000,892,433 | ---- | M] () -- C:\Users\Nub\Desktop\color fixed.jpg
    [2012/07/12 17:25:35 | 000,886,121 | ---- | M] () -- C:\Users\Nub\Desktop\colored portrait.jpg
    [2012/07/12 17:25:14 | 000,468,121 | ---- | M] () -- C:\Users\Nub\Desktop\restored guy.jpg
    [2012/07/12 11:54:36 | 000,112,059 | ---- | M] () -- C:\Users\Nub\Desktop\before and after portrait.jpg
    [2012/07/12 11:52:11 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Pro 11.0 (64-bit).lnk
    [2012/07/12 11:43:51 | 000,686,055 | ---- | M] () -- C:\Users\Nub\Desktop\restored portrait 1.jpg
    [2012/07/12 11:07:38 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk
    [2012/07/12 10:47:52 | 000,297,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/07/11 22:37:38 | 000,098,953 | ---- | M] () -- C:\Users\Nub\Desktop\slide0023_image204.jpg
    [2012/07/11 20:40:56 | 000,090,029 | ---- | M] () -- C:\Users\Nub\Desktop\before and after.jpg
    [2012/07/11 20:36:47 | 000,360,094 | ---- | M] () -- C:\Users\Nub\Desktop\restored portrait.jpg
    [2012/07/11 19:45:02 | 003,340,268 | ---- | M] () -- C:\Users\Nub\Desktop\Till Tomorrow Underscore.mp3
    [2012/07/11 15:35:39 | 000,126,573 | ---- | M] () -- C:\Users\Nub\Desktop\beforeman.jpg
    [2012/07/11 14:35:18 | 000,150,351 | ---- | M] () -- C:\Users\Nub\Desktop\Portrait restoration.jpg
    [2012/07/11 14:28:58 | 001,124,275 | ---- | M] () -- C:\Users\Nub\Desktop\before.png
    [2012/07/11 14:28:52 | 000,000,132 | ---- | M] () -- C:\Users\Nub\AppData\Roaming\Adobe PNG Format CS6 Prefs
    [2012/07/11 14:28:33 | 002,057,427 | ---- | M] () -- C:\Users\Nub\Desktop\after.png
    [2012/07/11 14:16:35 | 3955,478,264 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Berne London Yoghurt.m2t
    [2012/07/11 14:16:35 | 000,000,216 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Berne London Yoghurt.m2t.sfl
    [2012/07/11 12:44:11 | 000,060,589 | ---- | M] () -- C:\Users\Nub\Desktop\Portrait color.jpg
    [2012/07/11 12:42:50 | 000,020,500 | ---- | M] () -- C:\Users\Nub\Desktop\Portrait-French.jpg
    [2012/07/11 12:06:27 | 000,272,586 | ---- | M] () -- C:\Users\Nub\Desktop\retouch_project4_4_10+004.jpg
    [2012/07/11 12:06:21 | 000,721,276 | ---- | M] () -- C:\Users\Nub\Desktop\Family - restored.jpg
    [2012/07/10 22:01:24 | 000,078,365 | ---- | M] () -- C:\Users\Nub\Desktop\After.jpg
    [2012/07/10 22:01:06 | 000,070,151 | ---- | M] () -- C:\Users\Nub\Desktop\Before.jpg
    [2012/07/10 21:17:25 | 000,938,104 | ---- | M] () -- C:\Users\Nub\Desktop\Restored.jpg
    [2012/07/10 19:38:17 | 000,229,470 | ---- | M] () -- C:\Users\Nub\Desktop\CincinnatiMen.jpg
    [2012/07/10 17:06:15 | 001,324,916 | ---- | M] () -- C:\Users\Nub\Desktop\rocky beach after.jpg
    [2012/07/10 17:05:17 | 002,237,967 | ---- | M] () -- C:\Users\Nub\Desktop\colored.png
    [2012/07/10 17:05:17 | 000,981,264 | ---- | M] () -- C:\Users\Nub\Desktop\rocky beach before.jpg
    [2012/07/10 15:37:26 | 000,002,030 | ---- | M] () -- C:\Users\Nub\Desktop\mercedes_actros_interior_std.sii
    [2012/07/10 15:10:27 | 002,170,584 | ---- | M] () -- C:\Users\Nub\Desktop\Color.jpg
    [2012/07/10 14:22:42 | 000,350,455 | ---- | M] () -- C:\Users\Nub\Desktop\OldMotorCar.jpg
    [2012/07/10 13:57:42 | 000,417,171 | ---- | M] () -- C:\Users\Nub\Desktop\sar1.png
    [2012/07/10 13:57:31 | 001,954,670 | ---- | M] () -- C:\Users\Nub\Desktop\sar1.psd
    [2012/07/10 13:50:26 | 000,064,657 | ---- | M] () -- C:\Users\Nub\Desktop\sar6.jpg
    [2012/07/10 12:53:27 | 000,790,990 | ---- | M] () -- C:\Users\Nub\Desktop\do this later.psd
    [2012/07/10 12:51:31 | 000,244,919 | ---- | M] () -- C:\Users\Nub\Desktop\gang.png
    [2012/07/09 19:50:34 | 000,000,220 | ---- | M] () -- C:\Users\Nub\Desktop\FlatOut 2.url
    [2012/07/09 17:27:05 | 000,807,246 | ---- | M] () -- C:\Users\Nub\Desktop\BLUE CAT.jpg
    [2012/07/08 22:15:51 | 002,318,860 | ---- | M] () -- C:\Users\Nub\Desktop\Singapura Cat.psd
    [2012/07/08 18:10:44 | 000,160,627 | ---- | M] () -- C:\Users\Nub\Desktop\Singapura Cat.jpg
    [2012/07/08 18:09:12 | 000,000,112 | -H-- | M] () -- C:\39BD22373E07
    [2012/07/08 18:09:12 | 000,000,040 | -H-- | M] () -- C:\BDAB4FE99C75
    [2012/07/08 17:32:56 | 000,878,095 | ---- | M] () -- C:\Users\Nub\Desktop\142853951AP125_The_Raven_Ne.jpg
    [2012/07/08 17:29:07 | 001,019,697 | ---- | M] () -- C:\Users\Nub\Desktop\President_Official_Portrait_HiRes.jpg
    [2012/07/08 15:15:37 | 2165,417,276 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Barcelona Lyon Apples.m2t
    [2012/07/08 15:15:37 | 000,000,218 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Barcelona Lyon Apples.m2t.sfl
    [2012/07/06 20:35:07 | 001,572,918 | ---- | M] () -- C:\Users\Nub\Desktop\euroacres.bmp
    [2012/07/06 18:19:27 | 2719,026,516 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Bordeaux Barcelona Tommatoes.m2t
    [2012/07/06 18:19:27 | 000,000,224 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Bordeaux Barcelona Tommatoes.m2t.sfl
    [2012/07/06 18:02:23 | 000,000,198 | ---- | M] () -- C:\Users\Nub\Desktop\First person driving mod.m2t.sfl
    [2012/07/06 10:55:32 | 000,013,230 | ---- | M] () -- C:\Users\Nub\Desktop\Shady.PNG
    [2012/07/06 10:55:15 | 000,012,726 | ---- | M] () -- C:\Users\Nub\Desktop\Scar.PNG
    [2012/07/05 20:54:06 | 000,000,022 | ---- | M] () -- C:\Users\Nub\Desktop\New WinRAR ZIP archive.zip
    [2012/07/05 18:46:34 | 000,172,098 | ---- | M] () -- C:\torrent.exe
    [2012/07/05 17:54:48 | 001,043,253 | ---- | M] () -- C:\Users\Nub\Desktop\Done.png
    [2012/07/05 17:54:43 | 000,000,132 | ---- | M] () -- C:\Users\Nub\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2012/07/05 17:54:39 | 004,191,177 | ---- | M] () -- C:\Users\Nub\Desktop\Done.psd
    [2012/07/05 17:11:27 | 003,970,129 | ---- | M] () -- C:\Users\Nub\Desktop\ALmost done.psd
    [2012/07/05 14:47:13 | 000,453,502 | ---- | M] () -- C:\Users\Nub\Desktop\EFOQKC.psd
    [2012/07/04 22:04:21 | 000,039,654 | ---- | M] () -- C:\Users\Nub\Desktop\truck up2.png
    [2012/07/04 22:02:42 | 000,037,145 | ---- | M] () -- C:\Users\Nub\Desktop\truck up1.png
    [2012/07/04 21:33:09 | 001,572,918 | ---- | M] () -- C:\Users\Nub\Desktop\eurogoodies.bmp
    [2012/07/04 19:14:30 | 000,699,216 | ---- | M] () -- C:\Users\Nub\Desktop\euroacres.dds
    [2012/07/04 19:14:13 | 000,257,769 | ---- | M] () -- C:\Users\Nub\Desktop\euroacres.png
    [2012/07/04 15:14:20 | 000,137,822 | ---- | M] () -- C:\Users\Nub\Desktop\agbacon acres trailer mod.scs
    [2012/07/04 15:08:09 | 000,013,539 | ---- | M] () -- C:\Users\Nub\Desktop\road-splits-sign-hi.png
    [2012/07/04 14:58:46 | 000,012,218 | ---- | M] () -- C:\Users\Nub\Desktop\greentractor.jpg
    [2012/07/04 14:39:20 | 000,027,596 | ---- | M] () -- C:\Users\Nub\Desktop\star.jpg
    [2012/07/03 15:43:32 | 491,792,447 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Lyon Vienna Acid.m2t
    [2012/07/03 15:43:31 | 000,000,212 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Lyon Vienna Acid.m2t.sfl
    [2012/07/03 15:14:08 | 000,006,168 | ---- | M] () -- C:\Users\Nub\Desktop\Trucking with AgentBacon Intro .m2t.sfk
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/03 13:35:40 | 000,008,933 | ---- | M] () -- C:\Users\Nub\Desktop\ping.PNG
    [2012/07/02 22:40:49 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Enemy Territory - QUAKE Wars(TM).lnk
    [2012/07/02 22:40:43 | 000,000,328 | ---- | M] () -- C:\Windows\game.ini
    [2012/07/02 20:20:07 | 010,448,664 | ---- | M] () -- C:\Users\Nub\Desktop\Trucking with AgentBacon Intro .m2t
    [2012/07/02 20:20:07 | 000,000,204 | ---- | M] () -- C:\Users\Nub\Desktop\Trucking with AgentBacon Intro .m2t.sfl
    [2012/07/02 20:10:23 | 000,033,005 | ---- | M] () -- C:\Users\Nub\Desktop\twab.png
    [2012/07/02 19:53:40 | 000,071,959 | ---- | M] () -- C:\Users\Nub\Desktop\truckjpd.jpg
    [2012/07/02 19:36:14 | 000,036,264 | ---- | M] () -- C:\Users\Nub\Desktop\truck up.png
    [2012/07/02 19:30:52 | 000,035,752 | ---- | M] () -- C:\Users\Nub\Desktop\1254446789518345489tow-truck.svg.hi.png
    [2012/07/02 19:27:56 | 000,046,005 | ---- | M] () -- C:\Users\Nub\Desktop\clipart_transport_552.jpg
    [2012/07/02 12:38:30 | 000,000,740 | ---- | M] () -- C:\Users\Public\Desktop\iLivid.lnk
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.