TechSpot

Replicating virus help

By melissadotcom
Oct 7, 2012
  1. I had randomly checked my OS on the 5th and saw that I had a folder named exactly this "3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ". I opened it up to see a bunch of Zzzz Folders and some zipped ones as well. I deleted them and watched as it produced more. I had used CC cleaner around the time. Just to be safe I want to make sure there is nothing on my computer. I have used ESET online scanner and it picked up 11 threats that I removed. I haven't seen anymore ZZZ folders but I do keep getting randomly empty and locked folders in my OS as well as 4 removable disk drives that I didn't put there and I do not have a program that I know of that would produce those. I did the preliminary removal instructions and I will post those next.
     
  2. melissadotcom

    melissadotcom TS Rookie Topic Starter Posts: 18

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.07.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Melissa :: TASTEYCAKES-HP [administrator]

    10/7/2012 12:33:08 PM
    mbam-log-2012-10-07 (12-33-08).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 243952
    Time elapsed: 3 minute(s), 45 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  3. melissadotcom

    melissadotcom TS Rookie Topic Starter Posts: 18

    GMER did not produce a log.


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Run by Melissa at 13:03:21 on 2012-10-07
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.1931 [GMT -4:00]
    .
    AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
    C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
    C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Secunia\PSI\sua.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\notepad.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mDefault_Page_URL = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
    mURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    TB: {CD90BF73-20F6-44EF-993D-BB920303BD2E} - No File
    TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{523CBA15-2B94-425B-9B4D-57993E00C0E0} : DhcpNameServer = 7.254.254.254
    TCP: Interfaces\{8D03BF52-2AC9-47E3-A112-495293878872} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{8D03BF52-2AC9-47E3-A112-495293878872}\D456F677 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{B3278EA2-419B-460B-A287-5524BD0EBC95} : DhcpNameServer = 75.75.75.75 75.75.76.76
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB-X64: {CD90BF73-20F6-44EF-993D-BB920303BD2E} - No File
    TB-X64: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
    mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\gid5nsgr.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
    FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
    FF - plugin: C:\Users\Melissa\AppData\Roaming\Mozilla\plugins\npatgpc.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-10-4 8704]
    R?2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
    R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
    R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
    R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
    R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
    R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
    R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-7 55056]
    R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-7 61712]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]
    R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
    R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-6 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-3 676936]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-15 1258856]
    R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-1-3 1119768]
    R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
    R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-9-24 1328736]
    R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-9-24 656480]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250288]
    S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-9-20 131912]
    S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2011-12-19 21712]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-21 114144]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-8-18 738152]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]
    S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    .
    =============== Created Last 30 ================
    .
    2012-10-07 07:00:29 -------- d-----w- C:\1153cc263f688a0653c5
    2012-10-07 06:21:47 -------- d-----w- C:\e7799947958651ca0a0f4baa56fc2c5d
    2012-10-07 06:19:57 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{44650D84-5D01-4E3A-939A-5D04455FDBD1}\offreg.dll
    2012-10-07 06:09:22 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{44650D84-5D01-4E3A-939A-5D04455FDBD1}\mpengine.dll
    2012-10-07 03:45:27 -------- d-----w- C:\temp
    2012-10-07 03:02:02 -------- d-----w- C:\Users\Melissa\AppData\Roaming\ESET
    2012-10-07 03:02:02 -------- d-----w- C:\Users\Melissa\AppData\Local\ESET
    2012-10-07 02:59:58 -------- d-----w- C:\Program Files\ESET
    2012-10-06 16:38:44 -------- d-----w- C:\Program Files (x86)\ESET
    2012-10-06 12:39:24 -------- d-----w- C:\Users\Melissa\AppData\Local\Secunia PSI
    2012-10-06 12:36:59 -------- d-----w- C:\Program Files (x86)\Secunia
    2012-10-05 18:01:54 98816 ----a-w- C:\Windows\sed.exe
    2012-10-05 18:01:54 518144 ----a-w- C:\Windows\SWREG.exe
    2012-10-05 18:01:54 256000 ----a-w- C:\Windows\PEV.exe
    2012-10-05 18:01:54 208896 ----a-w- C:\Windows\MBR.exe
    2012-10-05 11:06:32 -------- d-----w- C:\Users\Melissa\AppData\Local\{8D2FCF44-AAEE-4203-AE40-FB1FA91A555C}
    2012-10-05 01:00:36 -------- d-----w- C:\Users\Melissa\AppData\Local\red 5 studios
    2012-10-05 00:19:58 -------- d-----w- C:\Program Files (x86)\Xiph.Org
    2012-10-05 00:19:09 -------- d-----w- C:\Program Files (x86)\Red 5 Studios
    2012-10-04 23:05:14 -------- d-----w- C:\Users\Melissa\AppData\Local\Windows Live
    2012-10-04 23:04:39 -------- d-----w- C:\Users\Melissa\AppData\Local\{9CCBFB02-A252-4606-BFCB-388D7D9B3FB6}
    2012-10-04 23:04:39 -------- d-----w- C:\Users\Melissa\AppData\Local\{9C135C57-E88F-45E3-A239-82AA7B2BD7DA}
    2012-10-04 16:31:07 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls
    2012-10-04 16:24:31 -------- d-----w- C:\Users\Melissa\AppData\Local\Demo2
    2012-10-04 16:24:17 -------- d-----w- C:\Users\Melissa\AppData\Local\GameMaker_Player
    2012-10-04 15:21:03 -------- d-----w- C:\Users\Melissa\AppData\Local\gamemaker_studio
    2012-10-04 15:21:02 -------- d-----w- C:\ProgramData\gamemaker_studio
    2012-10-04 06:41:08 -------- d-----w- C:\ProgramData\Hi-Rez Studios
    2012-10-04 06:40:50 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios
    2012-09-25 23:45:01 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
    2012-09-24 14:40:54 -------- d-----w- C:\ProgramData\boost_interprocess
    2012-09-21 16:49:38 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
    2012-09-21 15:05:53 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
    2012-09-21 14:56:19 -------- d-----w- C:\ProgramData\EA Logs
    2012-09-21 04:22:12 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
    2012-09-21 01:21:22 -------- d-----w- C:\Users\Melissa\AppData\Roaming\Origin
    2012-09-21 01:21:22 -------- d-----w- C:\Program Files (x86)\Origin Games
    2012-09-21 01:21:16 -------- d-----w- C:\Users\Melissa\AppData\Local\Origin
    2012-09-21 01:19:27 -------- d-----w- C:\ProgramData\Origin
    2012-09-21 01:19:14 -------- d-----w- C:\Program Files (x86)\Origin
    2012-09-20 21:42:32 -------- d-----w- C:\Users\Melissa\AppData\Local\Desura
    2012-09-20 21:41:28 -------- d-----w- C:\Program Files (x86)\Common Files\Desura
    2012-09-20 21:36:40 -------- d-----w- C:\ProgramData\Desura
    2012-09-20 21:36:36 -------- d-----w- C:\Program Files (x86)\Desura
    2012-09-20 01:51:14 -------- d-----w- C:\hidden
    2012-09-15 18:04:17 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-09-15 18:03:31 -------- d-----w- C:\Program Files\iPod
    2012-09-15 18:03:30 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-15 18:03:30 -------- d-----w- C:\Program Files\iTunes
    2012-09-15 17:58:30 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-09-15 17:58:30 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-09-15 17:58:30 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-09-15 17:58:30 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-09-15 17:58:30 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-09-15 17:58:30 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-09-15 17:58:30 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-09-12 12:45:46 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-09-12 12:45:46 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
    2012-09-12 12:45:44 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-09-12 12:45:44 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2012-09-12 12:45:42 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-09-12 12:45:41 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-09-12 12:45:41 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-09-09 03:43:54 -------- d-----w- C:\Users\Melissa\AppData\Roaming\.minecraft
    2012-09-09 03:41:08 -------- d-----w- C:\Program Files (x86)\Minecraft
    2012-09-09 03:22:28 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-09 03:14:22 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2012-09-09 01:07:50 -------- d-----w- C:\Program Files\Nightly
    .
    ==================== Find3M ====================
    .
    2012-09-25 23:52:47 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-09-25 23:52:47 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-09-25 23:52:16 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-09-22 02:50:56 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-09-21 08:06:52 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-21 08:06:52 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-09 03:22:14 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-09-09 03:22:14 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-09-09 03:14:13 916456 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-09-09 03:14:13 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-08-30 19:14:00 9066344 ----a-w- C:\Windows\System32\nvcuda.dll
    2012-08-30 16:18:05 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-08-30 16:18:05 63336 ----a-w- C:\Windows\System32\nvshext.dll
    2012-08-30 16:18:05 118120 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-08-30 16:18:01 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-08-30 16:17:59 6198120 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-08-30 14:40:14 429416 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 13:04:06.55 ===============
     
  4. melissadotcom

    melissadotcom TS Rookie Topic Starter Posts: 18

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/27/2011 2:32:04 AM
    System Uptime: 10/6/2012 11:19:27 PM (14 hours ago)
    .
    Motherboard: FOXCONN | | 2AB1
    Processor: AMD Athlon(tm) II X4 640 Processor | CPU 1 | 3000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 919 GiB total, 442.746 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 1.586 GiB free.
    E: is CDROM (UDF)
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Hamachi Network Interface
    Device ID: ROOT\NET\0001
    Manufacturer: LogMeIn, Inc.
    Name: Hamachi Network Interface
    PNP Device ID: ROOT\NET\0001
    Service: hamachi
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek PCIe FE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_2AB1103C&REV_05\4&C011167&0&0050
    Manufacturer: Realtek
    Name: Realtek PCIe FE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_2AB1103C&REV_05\4&C011167&0&0050
    Service: RTL8167
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: 802.11n Wireless LAN Card
    Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_663211AD&REV_00\4&125A0B80&0&0028
    Manufacturer: Ralink Technology, Corp.
    Name: 802.11n Wireless LAN Card
    PNP Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_663211AD&REV_00\4&125A0B80&0&0028
    Service: netr28x
    .
    ==== System Restore Points ===================
    .
    RP470: 10/6/2012 8:45:43 AM - Installed MSXML 4.0 SP3 Parser
    RP471: 10/6/2012 8:46:43 AM - Windows Update
    RP472: 10/6/2012 8:50:29 AM - Windows Update
    RP473: 10/6/2012 8:52:09 AM - Windows Update
    RP474: 10/6/2012 9:27:14 AM - Windows Update
    RP475: 10/6/2012 12:24:07 PM - Windows Update
    RP476: 10/6/2012 4:04:31 PM - Windows Update
    RP477: 10/7/2012 2:21:22 AM - Windows Update
    RP478: 10/7/2012 3:00:10 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    µTorrent
    AC3Filter 1.63b
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Shockwave Player 11.6
    Agatha Christie - Peril at End House
    Age of Chivalry
    Ahriman's Prophecy
    Amazon Kindle
    APB Reloaded
    Apple Application Support
    Apple Software Update
    ARMA 2
    ARMA 2: Operation Arrowhead
    Ask Toolbar
    Atlantica
    Auralux
    Battlefield 3™
    Battlefield Heroes
    Battlelog Web Plugins
    BattlEye for OA Uninstall
    Bejeweled 2 Deluxe
    Best Buy pc app
    Blackhawk Striker 2
    Blasterball 3
    Blio
    Bloody Good Time
    Borderlands
    Botanicula
    Bounce Symphony
    Build-a-lot 2
    Caesar™ III
    Cake Mania
    Castle Crashers
    Catalyst Control Center InstallProxy
    Chuzzle Deluxe
    ConvertHelper 2.2
    Cool Timer 3.7
    Counter-Strike
    Counter-Strike: Global Offensive
    Counter-Strike: Global Offensive - SDK
    CyberLink DVD Suite Deluxe
    D3DX10
    Dead Island
    Desura
    Diner Dash 2 Restaurant Rescue
    Dora's World Adventure
    DVD Menu Pack for HP MediaSmart Video
    Escape Rosecliff Island
    ESET Online Scanner v3
    ESN Sonar
    F.E.A.R. 3
    Fallout: New Vegas
    Farm Frenzy
    FATE
    Final Drive Nitro
    FlipShare
    Fraps (remove only)
    GamersFirst LIVE!
    GameSpy Comrade
    Garry's Mod
    Garry's Mod 13 Beta
    GECK - New Vegas Edition
    GOM Player
    Gotham City Impostors: Free To Play
    GoToMyPC
    Guild Wars 2
    Half-Life 2
    Half-Life 2: Lost Coast
    Heroes of Hellas 2 - Olympia
    Hewlett-Packard ACLM.NET v1.1.2.0
    Hi-Rez Studios Authenticate and Update Service
    HiJackThis
    HP Customer Experience Enhancements
    HP Games
    HP MediaSmart DVD
    HP MediaSmart Music
    HP MediaSmart Photo
    HP MediaSmart Video
    HP MediaSmart/TouchSmart Netflix
    HP MovieStore
    HP Odometer
    HP Product Detection
    HP Setup
    HP Setup Manager
    HP Support Assistant
    HP Support Information
    HP Update
    Hulu Desktop
    Impulse®
    Insanely Twisted Shadow Planet
    Java 7 Update 7
    Java Auto Updater
    Jewel Quest Solitaire 2
    Junk Mail filter update
    Katawa Shoujo
    Killing Floor
    Kobo
    LabelPrint
    Left 4 Dead 2
    Lightfish
    LightScribe System Software
    LogMeIn Hamachi
    Lucidity
    Malwarebytes Anti-Malware version 1.65.0.1400
    Metro 2033
    Microsoft .NET Framework 1.1
    Microsoft Chart Controls for Microsoft .NET Framework 3.5
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0
    Movie Theme Pack for HP MediaSmart Video
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MPEG2 Codec(libmpeg2/mad)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    Mystery P.I. - The London Caper
    NVIDIA PhysX
    NVIDIA PhysX Particle Fluid Demo
    NVIDIA Stereoscopic 3D Driver
    OpenAL
    OpenOffice.org 3.4.1
    Origin
    Pando Media Booster
    PAYDAY: The Heist
    PDF Complete Special Edition
    Penguins!
    PhotoNow!
    Pirates, Vikings, & Knights II
    Plants vs. Zombies
    Plants vs. Zombies: Game of the Year
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Portal
    Power2Go
    PowerDirector
    PressReader
    Project64 1.6
    PunkBuster Services
    QuickTime
    Ralink RT2860 Wireless LAN Card
    Rapport
    Realtek High Definition Audio Driver
    Recovery Manager
    Samsung PC Studio 3 USB Driver Installer
    Secunia PSI (3.0.0.4001)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    SimCity™ Societies
    Singularity
    Solar 2
    Source SDK Base 2006
    SPORE™
    Star Wars: The Old Republic
    Steam
    Stranded II 1.0.0.1
    swMSM
    System Requirements Lab CYRI
    Team Fortress 2
    TeamSpeak 3 Client
    Terraria
    The Ship
    The Ship Single Player
    The Sims Medieval
    The Sims™ 3
    The Sims™ 3 Generations
    The Sims™ 3 Late Night
    The Sims™ 3 Pets
    The Sims™ 3 World Adventures
    Torchlight
    Torchlight II
    Tribes: Ascend
    Tunngle beta
    Ubisoft Game Launcher
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update Installer for WildTangent Games App
    uTorrentBar Toolbar
    uTorrentControl2 Toolbar
    Veoh Giraffic Video Accelerator
    Veoh Web Player Toolbar
    Virtual Families
    Virtual Villagers - New Believers Just For Fun Games
    Virtual Villagers 4 - The Tree of Life
    VoiceOver Kit
    Wheel of Fortune 2
    WildTangent Games App (HP Games)
    Winamp
    Winamp Detector Plug-in
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Xfire (remove only)
    Xiph.Org Open Codecs 0.85.17777
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    Zinio Reader 4
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/7/2012 3:02:11 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Chart Controls for Microsoft .NET Framework 3.5 Service Pack 1 (KB2500170).
    10/6/2012 9:44:08 AM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
    10/6/2012 11:24:27 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/6/2012 11:24:27 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
    10/6/2012 11:22:24 PM, Error: Service Control Manager [7022] - The Client Virtualization Handler service hung on starting.
    10/6/2012 11:00:38 PM, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    10/5/2012 9:22:19 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
    10/5/2012 3:02:48 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    10/5/2012 3:01:51 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    10/4/2012 11:14:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    10/4/2012 11:14:36 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  5. melissadotcom

    melissadotcom TS Rookie Topic Starter Posts: 18

    I just saw that my windows defender was up. I can redo the scan if needed.
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  7. melissadotcom

    melissadotcom TS Rookie Topic Starter Posts: 18

    ComboFix 12-10-04.02 - Melissa 10/07/2012 14:36:29.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.1794 [GMT -4:00]
    Running from: c:\users\Melissa\Downloads\ComboFix.exe
    AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\SysWow64\SET7086.tmp
    c:\windows\SysWow64\SET9F8B.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-07 to 2012-10-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-07 18:47 . 2012-10-07 18:47 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2012-10-07 18:47 . 2012-10-07 18:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-10-07 18:47 . 2012-10-07 18:47 -------- d-----w- c:\users\Mcx1-TASTEYCAKES-HP\AppData\Local\temp
    2012-10-07 18:47 . 2012-10-07 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-07 07:00 . 2012-10-07 07:01 -------- d-----w- C:\1153cc263f688a0653c5
    2012-10-07 06:21 . 2012-10-07 06:23 -------- d-----w- C:\e7799947958651ca0a0f4baa56fc2c5d
    2012-10-07 06:19 . 2012-10-07 06:19 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{44650D84-5D01-4E3A-939A-5D04455FDBD1}\offreg.dll
    2012-10-07 06:09 . 2012-09-19 04:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{44650D84-5D01-4E3A-939A-5D04455FDBD1}\mpengine.dll
    2012-10-07 03:45 . 2012-10-07 03:45 -------- d-----w- C:\temp
    2012-10-07 03:44 . 2012-10-07 03:45 -------- d-----w- c:\windows\LastGood
    2012-10-07 03:02 . 2012-10-07 03:02 -------- d-----w- c:\users\Melissa\AppData\Local\ESET
    2012-10-07 02:59 . 2012-10-07 02:59 -------- d-----w- c:\program files\ESET
    2012-10-06 16:38 . 2012-10-06 16:38 -------- d-----w- c:\program files (x86)\ESET
    2012-10-06 12:39 . 2012-10-06 12:39 -------- d-----w- c:\users\Melissa\AppData\Local\Secunia PSI
    2012-10-06 12:36 . 2012-10-06 12:36 -------- d-----w- c:\program files (x86)\Secunia
    2012-10-05 01:00 . 2012-10-05 01:00 -------- d-----w- c:\users\Melissa\AppData\Local\red 5 studios
    2012-10-05 00:19 . 2012-10-05 00:19 -------- d-----w- c:\program files (x86)\Xiph.Org
    2012-10-05 00:19 . 2012-10-05 00:19 -------- d-----w- c:\program files (x86)\Red 5 Studios
    2012-10-04 23:05 . 2012-10-05 17:20 -------- d-----w- c:\users\Melissa\AppData\Local\Windows Live
    2012-10-04 16:31 . 2012-10-04 16:31 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls
    2012-10-04 16:24 . 2012-10-04 16:24 -------- d-----w- c:\users\Melissa\AppData\Local\Demo2
    2012-10-04 16:24 . 2012-10-04 16:24 -------- d-----w- c:\users\Melissa\AppData\Local\GameMaker_Player
    2012-10-04 15:21 . 2012-10-04 15:21 -------- d-----w- c:\users\Melissa\AppData\Local\gamemaker_studio
    2012-10-04 15:21 . 2012-10-04 15:21 -------- d-----w- c:\programdata\gamemaker_studio
    2012-10-04 06:41 . 2012-10-04 16:53 -------- d-----w- c:\programdata\Hi-Rez Studios
    2012-10-04 06:40 . 2012-10-04 06:41 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
    2012-09-25 23:45 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-09-24 14:40 . 2012-09-24 14:40 -------- d-----w- c:\programdata\boost_interprocess
    2012-09-21 16:49 . 2012-09-21 16:49 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-09-21 15:05 . 2012-09-21 15:05 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
    2012-09-21 14:56 . 2012-09-21 16:52 -------- d-----w- c:\programdata\EA Logs
    2012-09-21 04:22 . 2012-09-21 04:22 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
    2012-09-21 01:21 . 2012-09-21 01:27 -------- d-----w- c:\program files (x86)\Origin Games
    2012-09-21 01:21 . 2012-09-21 01:22 -------- d-----w- c:\users\Melissa\AppData\Roaming\Origin
    2012-09-21 01:21 . 2012-09-21 14:56 -------- d-----w- c:\users\Melissa\AppData\Local\Origin
    2012-09-21 01:19 . 2012-09-21 01:25 -------- d-----w- c:\programdata\Origin
    2012-09-21 01:19 . 2012-09-21 01:21 -------- d-----w- c:\program files (x86)\Origin
    2012-09-20 21:42 . 2012-09-20 21:42 -------- d-----w- c:\users\Melissa\AppData\Local\Desura
    2012-09-20 21:41 . 2012-09-20 21:41 -------- d-----w- c:\program files (x86)\Common Files\Desura
    2012-09-20 21:36 . 2012-09-20 21:36 -------- d-----w- c:\programdata\Desura
    2012-09-20 21:36 . 2012-09-20 21:42 -------- d-----w- c:\program files (x86)\Desura
    2012-09-20 01:51 . 2007-09-07 22:20 -------- d-----w- C:\hidden
    2012-09-15 18:04 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-15 18:03 . 2012-09-15 18:03 -------- d-----w- c:\program files\iPod
    2012-09-15 18:03 . 2012-09-15 18:04 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-15 18:03 . 2012-09-15 18:04 -------- d-----w- c:\program files\iTunes
    2012-09-15 17:58 . 2012-09-15 17:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-09-15 17:58 . 2012-09-15 17:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-09-15 17:58 . 2012-09-15 17:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-09-15 17:58 . 2012-09-15 17:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-09-15 17:58 . 2012-09-15 17:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-09-15 17:58 . 2012-09-15 17:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-09-15 17:58 . 2012-09-15 17:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-09-12 12:45 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-09-12 12:45 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
    2012-09-12 12:45 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-09-12 12:45 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2012-09-12 12:45 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-09-12 12:45 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-09-12 12:45 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-09-09 03:43 . 2012-09-30 04:09 -------- d-----w- c:\users\Melissa\AppData\Roaming\.minecraft
    2012-09-09 03:41 . 2012-09-09 03:47 -------- d-----w- c:\program files (x86)\Minecraft
    2012-09-09 03:22 . 2012-09-09 03:22 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-09-09 03:22 . 2012-09-09 03:22 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-09 03:14 . 2012-09-09 03:14 289768 ----a-w- c:\windows\system32\javaws.exe
    2012-09-09 03:14 . 2012-09-09 03:14 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2012-09-09 03:14 . 2012-09-09 03:14 189416 ----a-w- c:\windows\system32\javaw.exe
    2012-09-09 03:14 . 2012-09-09 03:14 188904 ----a-w- c:\windows\system32\java.exe
    2012-09-09 03:14 . 2012-09-09 03:14 -------- d-----w- c:\program files\Java
    2012-09-09 01:07 . 2012-09-22 02:04 -------- d-----w- c:\program files\Nightly
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-25 23:52 . 2011-06-14 05:53 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-09-25 23:52 . 2011-05-15 03:39 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-09-25 23:52 . 2011-05-15 03:39 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-09-22 02:50 . 2011-05-15 03:39 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-09-21 08:06 . 2012-04-12 12:46 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-21 08:06 . 2011-06-03 04:59 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-13 06:17 . 2011-02-28 10:40 64462936 ----a-w- c:\windows\system32\MRT.exe
    2012-09-09 03:22 . 2012-06-15 17:52 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-09-09 03:22 . 2011-02-28 10:02 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-09-09 03:14 . 2012-08-24 16:46 916456 ----a-w- c:\windows\system32\deployJava1.dll
    2012-09-09 03:14 . 2012-08-24 16:46 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-09-07 21:04 . 2012-08-04 02:45 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-06 01:57 . 2012-09-06 01:57 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-09-06 01:57 . 2012-09-06 01:57 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-09-06 01:57 . 2012-09-06 01:57 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-09-06 01:57 . 2012-09-06 01:57 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-09-06 01:57 . 2012-09-06 01:57 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-09-06 01:57 . 2012-09-06 01:57 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-09-06 01:57 . 2012-09-06 01:57 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-09-06 01:57 . 2012-09-06 01:57 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-09-06 01:57 . 2012-09-06 01:57 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-09-06 01:57 . 2012-09-06 01:57 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-09-06 01:57 . 2012-09-06 01:57 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-09-06 01:57 . 2012-09-06 01:57 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-09-06 01:57 . 2012-09-06 01:57 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-09-06 01:57 . 2012-09-06 01:57 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-09-06 01:57 . 2012-09-06 01:57 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-09-06 01:57 . 2012-09-06 01:57 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-09-06 01:57 . 2012-09-06 01:57 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-09-06 01:57 . 2012-09-06 01:57 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-09-06 01:57 . 2012-09-06 01:57 65024 ----a-w- c:\windows\system32\pngfilt.dll
    2012-09-06 01:57 . 2012-09-06 01:57 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
    2012-09-06 01:57 . 2012-09-06 01:57 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-09-06 01:57 . 2012-09-06 01:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-09-06 01:57 . 2012-09-06 01:57 267776 ----a-w- c:\windows\system32\ieaksie.dll
    2012-09-06 01:57 . 2012-09-06 01:57 197120 ----a-w- c:\windows\system32\msrating.dll
    2012-09-06 01:57 . 2012-09-06 01:57 163840 ----a-w- c:\windows\system32\ieakui.dll
    2012-09-06 01:57 . 2012-09-06 01:57 160256 ----a-w- c:\windows\system32\ieakeng.dll
    2012-09-06 01:57 . 2012-09-06 01:57 149504 ----a-w- c:\windows\system32\occache.dll
    2012-09-06 01:57 . 2012-09-06 01:57 145920 ----a-w- c:\windows\system32\iepeers.dll
    2012-09-06 01:57 . 2012-09-06 01:57 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-09-06 01:57 . 2012-09-06 01:57 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-09-06 01:57 . 2012-09-06 01:57 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-09-06 01:57 . 2012-09-06 01:57 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2012-09-06 01:57 . 2012-09-06 01:57 10752 ----a-w- c:\windows\system32\msfeedssync.exe
    2012-09-06 01:57 . 2012-09-06 01:57 89088 ----a-w- c:\windows\system32\ie4uinit.exe
    2012-09-06 01:57 . 2012-09-06 01:57 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-09-06 01:57 . 2012-09-06 01:57 82432 ----a-w- c:\windows\system32\icardie.dll
    2012-09-06 01:57 . 2012-09-06 01:57 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-09-06 01:57 . 2012-09-06 01:57 534528 ----a-w- c:\windows\system32\ieapfltr.dll
    2012-09-06 01:57 . 2012-09-06 01:57 452608 ----a-w- c:\windows\system32\dxtmsft.dll
    2012-09-06 01:57 . 2012-09-06 01:57 448512 ----a-w- c:\windows\system32\html.iec
    2012-09-06 01:57 . 2012-09-06 01:57 403248 ----a-w- c:\windows\system32\iedkcs32.dll
    2012-09-06 01:57 . 2012-09-06 01:57 39936 ----a-w- c:\windows\system32\iernonce.dll
    2012-09-06 01:57 . 2012-09-06 01:57 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
    2012-09-06 01:57 . 2012-09-06 01:57 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-09-06 01:57 . 2012-09-06 01:57 282112 ----a-w- c:\windows\system32\dxtrans.dll
    2012-09-06 01:57 . 2012-09-06 01:57 249344 ----a-w- c:\windows\system32\webcheck.dll
    2012-09-06 01:57 . 2012-09-06 01:57 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-09-06 01:57 . 2012-09-06 01:57 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-09-06 01:57 . 2012-09-06 01:57 103936 ----a-w- c:\windows\system32\inseng.dll
    2012-08-30 19:14 . 2011-10-29 02:55 2422120 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-08-30 19:14 . 2011-10-29 02:55 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-08-30 19:14 . 2010-07-10 13:38 2725224 ----a-w- c:\windows\system32\nvapi64.dll
    2012-08-30 19:14 . 2010-07-10 13:38 12465512 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2012-08-30 19:14 . 2009-07-13 21:59 14879080 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-08-30 16:18 . 2010-07-10 00:27 891240 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-08-30 16:18 . 2010-07-10 00:27 63336 ----a-w- c:\windows\system32\nvshext.dll
    2012-08-30 16:18 . 2010-07-10 00:27 118120 ----a-w- c:\windows\system32\nvmctray.dll
    2012-08-30 16:18 . 2010-07-10 00:27 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-08-30 16:17 . 2010-07-10 00:27 6198120 ----a-w- c:\windows\system32\nvcpl.dll
    2012-08-30 14:40 . 2012-08-30 14:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2012-08-21 17:01 . 2011-02-28 10:16 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
    2012-08-21 17:01 . 2011-02-28 10:16 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2012-07-18 18:15 . 2012-08-14 20:06 3148800 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-01-21 213816]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-29 3077528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2011-8-15 2589808]
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-9-24 573536]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2012-1-24 16032]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    2;2 cvhsvc;Client Virtualization Handler [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
    R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-11 6790656]
    R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-11 221184]
    R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-09-20 131912]
    R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2011-12-19 21712]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-07-22 1002848]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-07-19 738152]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-28 1255736]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 306416]
    R3 X6va005;X6va005;c:\users\Melissa\AppData\Local\Temp\005742C.tmp [x]
    R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
    S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2011-11-08 63760]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
    S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
    S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-08 55056]
    S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-08 61712]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
    S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
    S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
    S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
    S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-08 931640]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-09-24 1328736]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-09-24 656480]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 08:06]
    .
    2012-09-09 c:\windows\Tasks\HPCeeScheduleForMelissa.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    2012-09-25 c:\windows\Tasks\HPCeeScheduleForTASTEYCAKES-HP$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mDefault_Page_URL = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\gid5nsgr.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
    WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
    "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Melissa\AppData\Local\Temp\005742C.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-631818756-1652327538-4216934692-1000\Software\SecuROM\License information*]
    "datasecu"=hex:0f,23,db,04,f9,fc,2c,96,3f,ae,f6,63,a5,43,15,71,60,02,fc,3b,b8,
    aa,c4,99,50,f2,ba,60,15,7f,1f,f3,1f,53,46,ca,5b,10,14,66,cb,f1,56,2c,b8,69,\
    "rkeysecu"=hex:df,80,1b,41,9e,10,4b,52,c7,c1,f5,5e,c2,ad,db,f1
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-10-07 14:50:16
    ComboFix-quarantined-files.txt 2012-10-07 18:50
    ComboFix2.txt 2012-10-05 19:05
    .
    Pre-Run: 475,080,794,112 bytes free
    Post-Run: 474,942,537,728 bytes free
    .
    - - End Of File - - 95AE8EA6845EF8C60E7A36D34DF0D6D2
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello again!
    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
     
  9. melissadotcom

    melissadotcom TS Rookie Topic Starter Posts: 18

    1st step done. It restarted my computer but here are the logs for the AdwCleaner.


    # AdwCleaner v2.004 - Logfile created 10/07/2012 at 15:05:38
    # Updated 06/10/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Melissa - TASTEYCAKES-HP
    # Boot Mode : Normal
    # Running from : C:\Users\Melissa\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    Folder Deleted : C:\Program Files (x86)\uTorrentBar
    Folder Deleted : C:\Program Files (x86)\uTorrentControl2
    Folder Deleted : C:\Program Files (x86)\Veoh_Web_Player
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\ProgramData\WeCareReminder
    Folder Deleted : C:\Users\Melissa\AppData\Local\Conduit
    Folder Deleted : C:\Users\Melissa\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Melissa\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Melissa\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Melissa\AppData\LocalLow\uTorrentBar
    Folder Deleted : C:\Users\Melissa\AppData\LocalLow\uTorrentControl2
    Folder Deleted : C:\Users\Melissa\AppData\LocalLow\Veoh_Web_Player
    Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN
    Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
    Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
    Key Deleted : HKCU\Software\AppDataLow\Software\Veoh_Web_Player
    Key Deleted : HKCU\Software\Ask.com
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\Software\APN
    Key Deleted : HKLM\Software\AskToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\Software\uTorrentBar
    Key Deleted : HKLM\Software\uTorrentControl2
    Key Deleted : HKLM\Software\Veoh_Web_Player
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E29D8C5-A98A-412D-BC57-7D4D4D3BF944}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CFA584A-641C-4D02-844D-C198F481F724}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7949C4F7-8725-459A-9024-3F3DB3D902E8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F037A52B-0D98-4C74-AE19-70AC8064E313}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2173768-78BF-4981-81CB-91592F39A09E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Veoh_Web_Player Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Mozilla Firefox v15.0.1 (en-US)

    Profile name : default
    File : C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\gid5nsgr.default\prefs.js

    [OK] File is clean.

    -\\ Chromium v [Unable to get version]

    File : C:\Users\Melissa\AppData\Local\Chromium\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [9213 octets] - [07/10/2012 15:05:38]

    ########## EOF - C:\AdwCleaner[S1].txt - [9273 octets] ##########
     
  10. melissadotcom

    melissadotcom TS Rookie Topic Starter Posts: 18

    15:20:47.0135 5836 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    15:20:47.0485 5836 ============================================================
    15:20:47.0485 5836 Current date / time: 2012/10/07 15:20:47.0485
    15:20:47.0485 5836 SystemInfo:
    15:20:47.0485 5836
    15:20:47.0485 5836 OS Version: 6.1.7601 ServicePack: 1.0
    15:20:47.0485 5836 Product type: Workstation
    15:20:47.0485 5836 ComputerName: TASTEYCAKES-HP
    15:20:47.0485 5836 UserName: Melissa
    15:20:47.0485 5836 Windows directory: C:\Windows
    15:20:47.0485 5836 System windows directory: C:\Windows
    15:20:47.0485 5836 Running under WOW64
    15:20:47.0485 5836 Processor architecture: Intel x64
    15:20:47.0485 5836 Number of processors: 4
    15:20:47.0485 5836 Page size: 0x1000
    15:20:47.0485 5836 Boot type: Normal boot
    15:20:47.0485 5836 ============================================================
    15:20:49.0325 5836 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    15:20:49.0388 5836 ============================================================
    15:20:49.0388 5836 \Device\Harddisk0\DR0:
    15:20:49.0388 5836 MBR partitions:
    15:20:49.0388 5836 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    15:20:49.0388 5836 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72D01800
    15:20:49.0388 5836 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72D34000, BlocksNum 0x19D2000
    15:20:49.0388 5836 ============================================================
    15:20:49.0450 5836 C: <-> \Device\Harddisk0\DR0\Partition2
    15:20:49.0497 5836 D: <-> \Device\Harddisk0\DR0\Partition3
    15:20:49.0497 5836 ============================================================
    15:20:49.0497 5836 Initialize success
    15:20:49.0497 5836 ============================================================
    15:21:06.0829 2528 ============================================================
    15:21:06.0829 2528 Scan started
    15:21:06.0829 2528 Mode: Manual; SigCheck; TDLFS;
    15:21:06.0829 2528 ============================================================
    15:21:09.0262 2528 ================ Scan system memory ========================
    15:21:09.0262 2528 System memory - ok
    15:21:09.0262 2528 ================ Scan services =============================
    15:21:09.0574 2528 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    15:21:09.0684 2528 1394ohci - ok
    15:21:09.0715 2528 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    15:21:09.0730 2528 ACPI - ok
    15:21:09.0762 2528 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    15:21:09.0824 2528 AcpiPmi - ok
    15:21:09.0964 2528 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    15:21:09.0996 2528 AdobeFlashPlayerUpdateSvc - ok
    15:21:10.0042 2528 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    15:21:10.0105 2528 adp94xx - ok
    15:21:10.0120 2528 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    15:21:10.0167 2528 adpahci - ok
    15:21:10.0183 2528 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    15:21:10.0230 2528 adpu320 - ok
    15:21:10.0276 2528 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    15:21:10.0401 2528 AeLookupSvc - ok
    15:21:10.0479 2528 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    15:21:10.0557 2528 AFD - ok
    15:21:10.0588 2528 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    15:21:10.0620 2528 agp440 - ok
    15:21:10.0635 2528 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    15:21:10.0682 2528 ALG - ok
    15:21:10.0760 2528 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    15:21:10.0807 2528 aliide - ok
    15:21:10.0869 2528 [ CA0D6C1390F4B3BAF2A0A69D1A7F8332 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    15:21:10.0916 2528 AMD External Events Utility - ok
    15:21:10.0963 2528 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    15:21:10.0994 2528 amdide - ok
    15:21:11.0025 2528 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    15:21:11.0088 2528 AmdK8 - ok
    15:21:11.0322 2528 [ 75E4BACA583AE02C11E9AC8747E2ABE0 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    15:21:11.0509 2528 amdkmdag - ok
    15:21:11.0540 2528 [ B765CF4B32F347BE747B21AE22641025 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    15:21:11.0587 2528 amdkmdap - ok
    15:21:11.0618 2528 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    15:21:11.0680 2528 AmdPPM - ok
    15:21:11.0727 2528 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    15:21:11.0805 2528 amdsata - ok
    15:21:11.0868 2528 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    15:21:11.0946 2528 amdsbs - ok
    15:21:11.0977 2528 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    15:21:11.0977 2528 amdxata - ok
    15:21:12.0008 2528 [ 8A2B4818215D8A6FF54DC3F0D63CBB2D ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
    15:21:12.0024 2528 amd_sata - ok
    15:21:12.0039 2528 [ A2D8977623E13591B15F6370C6CC37B0 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
    15:21:12.0055 2528 amd_xata - ok
    15:21:12.0086 2528 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    15:21:12.0164 2528 AppID - ok
    15:21:12.0195 2528 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    15:21:12.0367 2528 AppIDSvc - ok
    15:21:12.0429 2528 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    15:21:12.0507 2528 Appinfo - ok
    15:21:12.0710 2528 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    15:21:12.0741 2528 Apple Mobile Device - ok
    15:21:12.0804 2528 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    15:21:12.0882 2528 arc - ok
    15:21:12.0928 2528 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    15:21:12.0991 2528 arcsas - ok
    15:21:13.0428 2528 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    15:21:13.0459 2528 aspnet_state - ok
    15:21:13.0490 2528 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    15:21:13.0584 2528 AsyncMac - ok
    15:21:13.0646 2528 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    15:21:13.0677 2528 atapi - ok
    15:21:13.0740 2528 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
    15:21:13.0755 2528 AtiPcie - ok
    15:21:13.0833 2528 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    15:21:13.0927 2528 AudioEndpointBuilder - ok
    15:21:13.0942 2528 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    15:21:13.0989 2528 AudioSrv - ok
    15:21:14.0036 2528 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    15:21:14.0083 2528 AxInstSV - ok
    15:21:14.0192 2528 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    15:21:14.0332 2528 b06bdrv - ok
    15:21:14.0395 2528 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    15:21:14.0535 2528 b57nd60a - ok
    15:21:14.0582 2528 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    15:21:14.0660 2528 BDESVC - ok
    15:21:14.0722 2528 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    15:21:14.0832 2528 Beep - ok
    15:21:14.0894 2528 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    15:21:14.0988 2528 BFE - ok
    15:21:15.0066 2528 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
    15:21:15.0175 2528 BITS - ok
    15:21:15.0206 2528 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    15:21:15.0253 2528 blbdrive - ok
    15:21:15.0378 2528 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    15:21:15.0409 2528 Bonjour Service - ok
    15:21:15.0456 2528 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    15:21:15.0502 2528 bowser - ok
    15:21:15.0534 2528 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    15:21:15.0674 2528 BrFiltLo - ok
    15:21:15.0690 2528 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    15:21:15.0752 2528 BrFiltUp - ok
    15:21:15.0799 2528 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    15:21:15.0892 2528 BridgeMP - ok
    15:21:15.0939 2528 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    15:21:15.0970 2528 Browser - ok
    15:21:16.0002 2528 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    15:21:16.0126 2528 Brserid - ok
    15:21:16.0173 2528 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    15:21:16.0251 2528 BrSerWdm - ok
    15:21:16.0267 2528 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    15:21:16.0376 2528 BrUsbMdm - ok
    15:21:16.0423 2528 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    15:21:16.0485 2528 BrUsbSer - ok
    15:21:16.0501 2528 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    15:21:16.0563 2528 BTHMODEM - ok
    15:21:16.0626 2528 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    15:21:16.0672 2528 bthserv - ok
    15:21:16.0672 2528 catchme - ok
    15:21:16.0719 2528 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    15:21:16.0797 2528 cdfs - ok
    15:21:16.0828 2528 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    15:21:16.0891 2528 cdrom - ok
    15:21:16.0969 2528 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    15:21:17.0078 2528 CertPropSvc - ok
    15:21:17.0094 2528 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    15:21:17.0140 2528 circlass - ok
    15:21:17.0172 2528 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    15:21:17.0187 2528 CLFS - ok
    15:21:17.0296 2528 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    15:21:17.0359 2528 clr_optimization_v2.0.50727_32 - ok
    15:21:17.0390 2528 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    15:21:17.0421 2528 clr_optimization_v2.0.50727_64 - ok
    15:21:17.0530 2528 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    15:21:17.0593 2528 clr_optimization_v4.0.30319_32 - ok
    15:21:17.0686 2528 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    15:21:17.0718 2528 clr_optimization_v4.0.30319_64 - ok
    15:21:17.0811 2528 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    15:21:17.0967 2528 CmBatt - ok
    15:21:18.0014 2528 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    15:21:18.0092 2528 cmdide - ok
    15:21:18.0186 2528 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    15:21:18.0310 2528 CNG - ok
    15:21:18.0373 2528 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    15:21:18.0466 2528 Compbatt - ok
    15:21:18.0544 2528 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    15:21:18.0654 2528 CompositeBus - ok
    15:21:18.0685 2528 COMSysApp - ok
    15:21:18.0716 2528 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    15:21:18.0763 2528 crcdisk - ok
    15:21:18.0919 2528 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    15:21:19.0012 2528 CryptSvc - ok
    15:21:19.0324 2528 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    15:21:19.0418 2528 cvhsvc - ok
    15:21:19.0512 2528 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    15:21:19.0652 2528 DcomLaunch - ok
    15:21:19.0777 2528 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    15:21:19.0886 2528 defragsvc - ok
    15:21:20.0026 2528 [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
    15:21:20.0104 2528 Desura Install Service - ok
    15:21:20.0151 2528 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    15:21:20.0214 2528 DfsC - ok
    15:21:20.0292 2528 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    15:21:20.0416 2528 Dhcp - ok
    15:21:20.0463 2528 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    15:21:20.0572 2528 discache - ok
    15:21:20.0635 2528 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    15:21:20.0666 2528 Disk - ok
    15:21:20.0697 2528 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    15:21:20.0791 2528 Dnscache - ok
    15:21:20.0853 2528 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    15:21:20.0978 2528 dot3svc - ok
    15:21:21.0009 2528 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    15:21:21.0072 2528 DPS - ok
    15:21:21.0165 2528 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    15:21:21.0259 2528 drmkaud - ok
    15:21:21.0524 2528 [ 1ED08A6264C5C92099D6D1DAE5E8F530 ] DrvAgent64 C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
    15:21:21.0602 2528 DrvAgent64 - ok
    15:21:21.0805 2528 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    15:21:21.0867 2528 DXGKrnl - ok
    15:21:21.0898 2528 EagleX64 - ok
    15:21:22.0039 2528 [ D00EAE9C735A7DEE8049E50D73D25434 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
    15:21:22.0070 2528 eamonm - ok
    15:21:22.0132 2528 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    15:21:22.0257 2528 EapHost - ok
    15:21:22.0476 2528 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    15:21:22.0647 2528 ebdrv - ok
    15:21:22.0663 2528 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    15:21:22.0741 2528 EFS - ok
    15:21:22.0819 2528 [ E5EDDE3C8158DD0CBC5812F201DCDED0 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
    15:21:22.0881 2528 ehdrv - ok
    15:21:23.0006 2528 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    15:21:23.0131 2528 ehRecvr - ok
    15:21:23.0162 2528 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    15:21:23.0193 2528 ehSched - ok
    15:21:23.0443 2528 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    15:21:23.0505 2528 ekrn - ok
    15:21:23.0568 2528 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    15:21:23.0646 2528 elxstor - ok
    15:21:23.0692 2528 [ 587F0F4145A1536A6E37EFD769B7665F ] epfw C:\Windows\system32\DRIVERS\epfw.sys
    15:21:23.0724 2528 epfw - ok
    15:21:23.0802 2528 [ D2F812358EE8EE23CBB5C4DAFFB5B819 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
    15:21:23.0880 2528 EpfwLWF - ok
    15:21:23.0926 2528 [ 34BF55D69AB74D14C7E7A17259CB7DF8 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
    15:21:23.0942 2528 epfwwfp - ok
    15:21:23.0973 2528 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    15:21:24.0067 2528 ErrDev - ok
    15:21:24.0129 2528 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    15:21:24.0223 2528 EventSystem - ok
    15:21:24.0254 2528 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    15:21:24.0301 2528 exfat - ok
    15:21:24.0332 2528 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    15:21:24.0394 2528 fastfat - ok
    15:21:24.0441 2528 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    15:21:24.0535 2528 Fax - ok
    15:21:24.0566 2528 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    15:21:24.0675 2528 fdc - ok
    15:21:24.0769 2528 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    15:21:24.0878 2528 fdPHost - ok
    15:21:24.0894 2528 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    15:21:25.0112 2528 FDResPub - ok
    15:21:25.0128 2528 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    15:21:25.0143 2528 FileInfo - ok
    15:21:25.0143 2528 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    15:21:25.0221 2528 Filetrace - ok
    15:21:25.0377 2528 [ 869BDE240B7FE9C7B25BD80DF85641C8 ] FlipShare Service C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
    15:21:25.0393 2528 FlipShare Service - ok
    15:21:25.0486 2528 [ 9C330B7DDEE9492373041E75DA01F80C ] FlipShareServer C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
    15:21:25.0564 2528 FlipShareServer ( UnsignedFile.Multi.Generic ) - warning
    15:21:25.0564 2528 FlipShareServer - detected UnsignedFile.Multi.Generic (1)
    15:21:25.0611 2528 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    15:21:25.0642 2528 flpydisk - ok
    15:21:25.0689 2528 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    15:21:25.0736 2528 FltMgr - ok
    15:21:25.0861 2528 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    15:21:25.0954 2528 FontCache - ok
    15:21:26.0032 2528 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    15:21:26.0110 2528 FontCache3.0.0.0 - ok
    15:21:26.0157 2528 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    15:21:26.0188 2528 FsDepends - ok
    15:21:26.0282 2528 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    15:21:26.0313 2528 Fs_Rec - ok
    15:21:26.0376 2528 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    15:21:26.0438 2528 fvevol - ok
    15:21:26.0454 2528 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    15:21:26.0500 2528 gagp30kx - ok
    15:21:26.0578 2528 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    15:21:26.0625 2528 GamesAppService - ok
    15:21:26.0688 2528 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    15:21:26.0781 2528 GEARAspiWDM - ok
    15:21:26.0844 2528 Giraffic - ok
    15:21:26.0906 2528 [ 46B7A77463CB9DEC2688CC42C7309C39 ] GoToMyPC C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
    15:21:26.0968 2528 GoToMyPC - ok
    15:21:27.0078 2528 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    15:21:27.0202 2528 gpsvc - ok
    15:21:27.0343 2528 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
    15:21:27.0390 2528 hamachi - ok
    15:21:27.0639 2528 [ F10C3F2E002100BF8B797DCF283FEA7D ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    15:21:27.0686 2528 Hamachi2Svc - ok
    15:21:27.0764 2528 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    15:21:27.0873 2528 hcw85cir - ok
    15:21:27.0982 2528 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    15:21:28.0045 2528 HdAudAddService - ok
    15:21:28.0107 2528 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    15:21:28.0154 2528 HDAudBus - ok
    15:21:28.0216 2528 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    15:21:28.0326 2528 HidBatt - ok
    15:21:28.0357 2528 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    15:21:28.0482 2528 HidBth - ok
    15:21:28.0497 2528 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    15:21:28.0560 2528 HidIr - ok
    15:21:28.0591 2528 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    15:21:28.0669 2528 hidserv - ok
    15:21:28.0825 2528 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    15:21:28.0887 2528 HidUsb - ok
    15:21:29.0059 2528 [ 00C71C3FB915BA353740999ADF447927 ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    15:21:29.0106 2528 HiPatchService ( UnsignedFile.Multi.Generic ) - warning
    15:21:29.0106 2528 HiPatchService - detected UnsignedFile.Multi.Generic (1)
    15:21:29.0199 2528 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    15:21:29.0355 2528 hkmsvc - ok
    15:21:29.0433 2528 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    15:21:29.0480 2528 HomeGroupListener - ok
    15:21:29.0527 2528 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    15:21:29.0589 2528 HomeGroupProvider - ok
    15:21:29.0745 2528 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    15:21:29.0761 2528 HP Support Assistant Service - ok
    15:21:29.0870 2528 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    15:21:29.0901 2528 HPClientSvc - ok
    15:21:29.0979 2528 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    15:21:30.0010 2528 HPDrvMntSvc.exe - ok
    15:21:30.0260 2528 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    15:21:30.0322 2528 hpqwmiex - ok
    15:21:30.0369 2528 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    15:21:30.0385 2528 HpSAMD - ok
    15:21:30.0494 2528 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    15:21:30.0619 2528 HTTP - ok
    15:21:30.0666 2528 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    15:21:30.0697 2528 hwpolicy - ok
    15:21:30.0775 2528 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    15:21:30.0822 2528 i8042prt - ok
    15:21:30.0900 2528 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    15:21:30.0946 2528 iaStorV - ok
    15:21:31.0087 2528 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    15:21:31.0134 2528 idsvc - ok
    15:21:31.0196 2528 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    15:21:31.0227 2528 iirsp - ok
    15:21:31.0305 2528 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    15:21:31.0414 2528 IKEEXT - ok
    15:21:31.0648 2528 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    15:21:31.0726 2528 IntcAzAudAddService - ok
    15:21:31.0789 2528 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    15:21:31.0867 2528 intelide - ok
    15:21:31.0898 2528 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    15:21:31.0960 2528 intelppm - ok
    15:21:32.0054 2528 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    15:21:32.0163 2528 IPBusEnum - ok
    15:21:32.0241 2528 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    15:21:32.0428 2528 IpFilterDriver - ok
    15:21:32.0491 2528 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    15:21:32.0584 2528 iphlpsvc - ok
    15:21:32.0647 2528 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    15:21:32.0740 2528 IPMIDRV - ok
    15:21:32.0803 2528 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    15:21:32.0865 2528 IPNAT - ok
    15:21:33.0015 2528 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    15:21:33.0065 2528 iPod Service - ok
    15:21:33.0115 2528 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    15:21:33.0165 2528 IRENUM - ok
    15:21:33.0205 2528 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    15:21:33.0225 2528 isapnp - ok
    15:21:33.0255 2528 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    15:21:33.0285 2528 iScsiPrt - ok
    15:21:33.0315 2528 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    15:21:33.0335 2528 kbdclass - ok
    15:21:33.0345 2528 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    15:21:33.0415 2528 kbdhid - ok
    15:21:33.0435 2528 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    15:21:33.0455 2528 KeyIso - ok
    15:21:33.0495 2528 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    15:21:33.0505 2528 KSecDD - ok
    15:21:33.0545 2528 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    15:21:33.0555 2528 KSecPkg - ok
    15:21:33.0565 2528 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    15:21:33.0645 2528 ksthunk - ok
    15:21:33.0665 2528 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    15:21:33.0735 2528 KtmRm - ok
    15:21:33.0795 2528 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
    15:21:33.0865 2528 LanmanServer - ok
    15:21:33.0945 2528 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    15:21:34.0015 2528 LanmanWorkstation - ok
    15:21:34.0195 2528 [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    15:21:34.0235 2528 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
    15:21:34.0235 2528 LightScribeService - detected UnsignedFile.Multi.Generic (1)
    15:21:34.0325 2528 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    15:21:34.0415 2528 lltdio - ok
    15:21:34.0505 2528 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    15:21:34.0625 2528 lltdsvc - ok
    15:21:34.0675 2528 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    15:21:34.0715 2528 lmhosts - ok
    15:21:34.0775 2528 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    15:21:34.0845 2528 LSI_FC - ok
    15:21:34.0915 2528 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    15:21:34.0962 2528 LSI_SAS - ok
    15:21:34.0978 2528 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    15:21:34.0993 2528 LSI_SAS2 - ok
    15:21:35.0024 2528 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    15:21:35.0071 2528 LSI_SCSI - ok
    15:21:35.0118 2528 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    15:21:35.0180 2528 luafv - ok
    15:21:35.0290 2528 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    15:21:35.0305 2528 MBAMProtector - ok
    15:21:35.0399 2528 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    15:21:35.0430 2528 MBAMScheduler - ok
    15:21:36.0148 2528 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    15:21:36.0506 2528 MBAMService - ok
    15:21:36.0553 2528 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    15:21:36.0569 2528 Mcx2Svc - ok
    15:21:36.0678 2528 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    15:21:36.0834 2528 megasas - ok
    15:21:36.0896 2528 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    15:21:37.0084 2528 MegaSR - ok
    15:21:37.0130 2528 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    15:21:37.0193 2528 MMCSS - ok
    15:21:37.0208 2528 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    15:21:37.0271 2528 Modem - ok
    15:21:37.0302 2528 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    15:21:37.0349 2528 monitor - ok
     
  11. melissadotcom

    melissadotcom TS Rookie Topic Starter Posts: 18

    15:21:37.0396 2528 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    15:21:37.0411 2528 mouclass - ok
    15:21:37.0442 2528 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    15:21:37.0474 2528 mouhid - ok
    15:21:37.0505 2528 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    15:21:37.0520 2528 mountmgr - ok
    15:21:37.0661 2528 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    15:21:37.0708 2528 MozillaMaintenance - ok
    15:21:37.0770 2528 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    15:21:37.0832 2528 mpio - ok
    15:21:37.0895 2528 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    15:21:37.0942 2528 mpsdrv - ok
    15:21:38.0004 2528 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    15:21:38.0144 2528 MpsSvc - ok
    15:21:38.0191 2528 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    15:21:38.0300 2528 MRxDAV - ok
    15:21:38.0363 2528 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    15:21:38.0425 2528 mrxsmb - ok
    15:21:38.0472 2528 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    15:21:38.0519 2528 mrxsmb10 - ok
    15:21:38.0550 2528 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    15:21:38.0612 2528 mrxsmb20 - ok
    15:21:38.0644 2528 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    15:21:38.0706 2528 msahci - ok
    15:21:38.0722 2528 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    15:21:38.0753 2528 msdsm - ok
    15:21:38.0800 2528 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    15:21:38.0893 2528 MSDTC - ok
    15:21:38.0940 2528 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    15:21:38.0971 2528 Msfs - ok
    15:21:38.0987 2528 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    15:21:39.0049 2528 mshidkmdf - ok
    15:21:39.0065 2528 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    15:21:39.0065 2528 msisadrv - ok
    15:21:39.0143 2528 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    15:21:39.0236 2528 MSiSCSI - ok
    15:21:39.0236 2528 msiserver - ok
    15:21:39.0283 2528 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    15:21:39.0377 2528 MSKSSRV - ok
    15:21:39.0455 2528 [ 103B3BBE23AB774B009D182276EC6786 ] msloop C:\Windows\system32\DRIVERS\loop.sys
    15:21:39.0548 2528 msloop - ok
    15:21:39.0580 2528 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    15:21:39.0658 2528 MSPCLOCK - ok
    15:21:39.0689 2528 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    15:21:39.0782 2528 MSPQM - ok
    15:21:39.0829 2528 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    15:21:39.0845 2528 MsRPC - ok
    15:21:39.0892 2528 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    15:21:39.0954 2528 mssmbios - ok
    15:21:39.0970 2528 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    15:21:40.0063 2528 MSTEE - ok
    15:21:40.0079 2528 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    15:21:40.0157 2528 MTConfig - ok
    15:21:40.0188 2528 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    15:21:40.0219 2528 Mup - ok
    15:21:40.0282 2528 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    15:21:40.0375 2528 napagent - ok
    15:21:40.0422 2528 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    15:21:40.0500 2528 NativeWifiP - ok
    15:21:40.0594 2528 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    15:21:40.0656 2528 NDIS - ok
    15:21:40.0687 2528 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    15:21:40.0734 2528 NdisCap - ok
    15:21:40.0765 2528 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    15:21:40.0796 2528 NdisTapi - ok
    15:21:40.0859 2528 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    15:21:40.0921 2528 Ndisuio - ok
    15:21:40.0968 2528 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    15:21:41.0015 2528 NdisWan - ok
    15:21:41.0046 2528 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    15:21:41.0124 2528 NDProxy - ok
    15:21:41.0186 2528 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    15:21:41.0296 2528 NetBIOS - ok
    15:21:41.0374 2528 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    15:21:41.0514 2528 NetBT - ok
    15:21:41.0530 2528 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    15:21:41.0545 2528 Netlogon - ok
    15:21:41.0623 2528 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    15:21:41.0717 2528 Netman - ok
    15:21:41.0904 2528 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    15:21:41.0951 2528 NetMsmqActivator - ok
    15:21:41.0966 2528 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    15:21:41.0982 2528 NetPipeActivator - ok
    15:21:42.0013 2528 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    15:21:42.0200 2528 netprofm - ok
    15:21:42.0403 2528 [ 1982B291DF9833FB3ADC397EBD310A18 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
    15:21:42.0497 2528 netr28x - ok
    15:21:42.0528 2528 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    15:21:42.0544 2528 NetTcpActivator - ok
    15:21:42.0544 2528 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    15:21:42.0559 2528 NetTcpPortSharing - ok
    15:21:42.0575 2528 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    15:21:42.0622 2528 nfrd960 - ok
    15:21:42.0762 2528 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    15:21:42.0840 2528 NlaSvc - ok
    15:21:42.0856 2528 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    15:21:42.0902 2528 Npfs - ok
    15:21:42.0965 2528 npggsvc - ok
    15:21:42.0980 2528 NPPTNT2 - ok
    15:21:43.0027 2528 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    15:21:43.0105 2528 nsi - ok
    15:21:43.0121 2528 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    15:21:43.0214 2528 nsiproxy - ok
    15:21:43.0355 2528 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    15:21:43.0448 2528 Ntfs - ok
    15:21:43.0495 2528 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    15:21:43.0542 2528 Null - ok
    15:21:44.0478 2528 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    15:21:44.0634 2528 nvlddmkm - ok
    15:21:44.0728 2528 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    15:21:44.0837 2528 nvraid - ok
    15:21:44.0884 2528 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    15:21:45.0024 2528 nvstor - ok
    15:21:45.0149 2528 [ 43F91595049DE14C4B61D1E76436164F ] nvsvc C:\Windows\system32\nvvsvc.exe
    15:21:45.0258 2528 nvsvc - ok
    15:21:45.0445 2528 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    15:21:45.0492 2528 nvUpdatusService - ok
    15:21:45.0539 2528 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    15:21:45.0632 2528 nv_agp - ok
    15:21:45.0664 2528 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    15:21:45.0695 2528 ohci1394 - ok
    15:21:45.0788 2528 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    15:21:45.0835 2528 ose - ok
    15:21:46.0194 2528 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    15:21:46.0381 2528 osppsvc - ok
    15:21:46.0428 2528 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    15:21:46.0459 2528 p2pimsvc - ok
    15:21:46.0506 2528 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    15:21:46.0584 2528 p2psvc - ok
    15:21:46.0615 2528 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    15:21:46.0662 2528 Parport - ok
    15:21:46.0693 2528 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    15:21:46.0740 2528 partmgr - ok
    15:21:46.0771 2528 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    15:21:46.0896 2528 PcaSvc - ok
    15:21:46.0943 2528 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    15:21:46.0974 2528 pci - ok
    15:21:47.0021 2528 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    15:21:47.0036 2528 pciide - ok
    15:21:47.0068 2528 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    15:21:47.0114 2528 pcmcia - ok
    15:21:47.0130 2528 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    15:21:47.0161 2528 pcw - ok
    15:21:47.0224 2528 pdfcDispatcher - ok
    15:21:47.0333 2528 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    15:21:47.0473 2528 PEAUTH - ok
    15:21:48.0191 2528 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    15:21:48.0269 2528 PerfHost - ok
    15:21:48.0409 2528 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    15:21:48.0503 2528 pla - ok
    15:21:48.0596 2528 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    15:21:48.0706 2528 PlugPlay - ok
    15:21:48.0768 2528 PnkBstrA - ok
    15:21:48.0799 2528 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    15:21:48.0846 2528 PNRPAutoReg - ok
    15:21:48.0862 2528 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    15:21:48.0893 2528 PNRPsvc - ok
    15:21:48.0971 2528 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    15:21:49.0080 2528 PolicyAgent - ok
    15:21:49.0142 2528 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    15:21:49.0236 2528 Power - ok
    15:21:49.0298 2528 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    15:21:49.0423 2528 PptpMiniport - ok
    15:21:49.0470 2528 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    15:21:49.0564 2528 Processor - ok
    15:21:49.0626 2528 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    15:21:49.0688 2528 ProfSvc - ok
    15:21:49.0704 2528 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    15:21:49.0735 2528 ProtectedStorage - ok
    15:21:49.0844 2528 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    15:21:49.0985 2528 Psched - ok
    15:21:50.0047 2528 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
    15:21:50.0094 2528 PSI - ok
    15:21:50.0219 2528 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    15:21:50.0375 2528 ql2300 - ok
    15:21:50.0422 2528 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    15:21:50.0468 2528 ql40xx - ok
    15:21:50.0515 2528 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    15:21:50.0593 2528 QWAVE - ok
    15:21:50.0624 2528 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    15:21:50.0671 2528 QWAVEdrv - ok
    15:21:50.0887 2528 [ 5E0459ED0A8F540D2F7B6E52DA12C9D4 ] RapportCerberus_34302 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys
    15:21:50.0927 2528 RapportCerberus_34302 - ok
    15:21:51.0007 2528 [ C3C5F9517AAC5848FFB7F66040780C3C ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
    15:21:51.0047 2528 RapportEI64 - ok
    15:21:51.0077 2528 [ F6CD072AF2E424CD4FF82194E36A6F3C ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys
    15:21:51.0097 2528 RapportKE64 - ok
    15:21:51.0247 2528 [ C7D3492630472DC0546715DD4157B6C2 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    15:21:51.0287 2528 RapportMgmtService - ok
    15:21:51.0337 2528 [ 819E5A7E3729273C252AE35F9E5E0BC8 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
    15:21:51.0357 2528 RapportPG64 - ok
    15:21:51.0377 2528 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    15:21:51.0427 2528 RasAcd - ok
    15:21:51.0477 2528 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    15:21:51.0587 2528 RasAgileVpn - ok
    15:21:51.0637 2528 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    15:21:51.0737 2528 RasAuto - ok
    15:21:51.0767 2528 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    15:21:51.0917 2528 Rasl2tp - ok
    15:21:51.0977 2528 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    15:21:52.0067 2528 RasMan - ok
    15:21:52.0107 2528 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    15:21:52.0207 2528 RasPppoe - ok
    15:21:52.0257 2528 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    15:21:52.0327 2528 RasSstp - ok
    15:21:52.0367 2528 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    15:21:52.0447 2528 rdbss - ok
    15:21:52.0477 2528 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    15:21:52.0537 2528 rdpbus - ok
    15:21:52.0557 2528 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    15:21:52.0617 2528 RDPCDD - ok
    15:21:52.0667 2528 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    15:21:52.0752 2528 RDPENCDD - ok
    15:21:52.0768 2528 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    15:21:52.0799 2528 RDPREFMP - ok
    15:21:52.0893 2528 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    15:21:52.0955 2528 RDPWD - ok
    15:21:53.0018 2528 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    15:21:53.0080 2528 rdyboost - ok
    15:21:53.0236 2528 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    15:21:53.0392 2528 RemoteAccess - ok
    15:21:53.0470 2528 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    15:21:53.0657 2528 RemoteRegistry - ok
    15:21:53.0688 2528 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    15:21:53.0813 2528 RpcEptMapper - ok
    15:21:53.0844 2528 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    15:21:53.0938 2528 RpcLocator - ok
    15:21:54.0016 2528 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    15:21:54.0047 2528 RpcSs - ok
    15:21:54.0078 2528 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    15:21:54.0172 2528 rspndr - ok
    15:21:54.0219 2528 [ B15C021C2C9BB217A799D9532E8F04D4 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    15:21:54.0297 2528 RTL8167 - ok
    15:21:54.0312 2528 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    15:21:54.0328 2528 SamSs - ok
    15:21:54.0375 2528 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    15:21:54.0437 2528 sbp2port - ok
    15:21:54.0500 2528 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    15:21:54.0593 2528 SCardSvr - ok
    15:21:54.0624 2528 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    15:21:54.0734 2528 scfilter - ok
    15:21:54.0858 2528 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    15:21:55.0030 2528 Schedule - ok
    15:21:55.0061 2528 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    15:21:55.0092 2528 SCPolicySvc - ok
    15:21:55.0139 2528 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    15:21:55.0217 2528 SDRSVC - ok
    15:21:55.0295 2528 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    15:21:55.0342 2528 secdrv - ok
    15:21:55.0373 2528 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    15:21:55.0451 2528 seclogon - ok
    15:21:55.0779 2528 [ 9901DCF2B6DD2AD12CB42BD559E0C92D ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    15:21:55.0826 2528 Secunia PSI Agent - ok
    15:21:55.0982 2528 [ 4F2056349F8BA4154D5213BF8A476B14 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
    15:21:56.0044 2528 Secunia Update Agent - ok
    15:21:56.0091 2528 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
    15:21:56.0169 2528 SENS - ok
    15:21:56.0200 2528 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    15:21:56.0231 2528 SensrSvc - ok
    15:21:56.0294 2528 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    15:21:56.0387 2528 Serenum - ok
    15:21:56.0418 2528 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    15:21:56.0512 2528 Serial - ok
    15:21:56.0559 2528 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    15:21:56.0574 2528 sermouse - ok
    15:21:56.0621 2528 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    15:21:56.0762 2528 SessionEnv - ok
    15:21:56.0777 2528 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    15:21:56.0840 2528 sffdisk - ok
    15:21:56.0871 2528 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    15:21:56.0933 2528 sffp_mmc - ok
    15:21:56.0964 2528 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    15:21:57.0027 2528 sffp_sd - ok
    15:21:57.0089 2528 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    15:21:57.0167 2528 sfloppy - ok
    15:21:57.0245 2528 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
    15:21:57.0276 2528 Sftfs - ok
    15:21:57.0386 2528 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    15:21:57.0432 2528 sftlist - ok
    15:21:57.0510 2528 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
    15:21:57.0542 2528 Sftplay - ok
    15:21:57.0573 2528 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
    15:21:57.0604 2528 Sftredir - ok
    15:21:57.0604 2528 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
    15:21:57.0635 2528 Sftvol - ok
    15:21:57.0651 2528 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    15:21:57.0682 2528 sftvsa - ok
    15:21:57.0729 2528 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    15:21:57.0807 2528 SharedAccess - ok
    15:21:57.0854 2528 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    15:21:57.0978 2528 ShellHWDetection - ok
    15:21:57.0994 2528 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    15:21:58.0041 2528 SiSRaid2 - ok
    15:21:58.0056 2528 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    15:21:58.0088 2528 SiSRaid4 - ok
    15:21:58.0103 2528 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    15:21:58.0166 2528 Smb - ok
    15:21:58.0212 2528 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    15:21:58.0290 2528 SNMPTRAP - ok
    15:21:58.0306 2528 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    15:21:58.0322 2528 spldr - ok
    15:21:58.0368 2528 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    15:21:58.0446 2528 Spooler - ok
    15:21:58.0618 2528 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    15:21:58.0946 2528 sppsvc - ok
    15:21:58.0992 2528 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    15:21:59.0133 2528 sppuinotify - ok
    15:21:59.0226 2528 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    15:21:59.0336 2528 srv - ok
    15:21:59.0382 2528 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    15:21:59.0429 2528 srv2 - ok
    15:21:59.0445 2528 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    15:21:59.0476 2528 srvnet - ok
    15:21:59.0554 2528 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    15:21:59.0632 2528 SSDPSRV - ok
    15:21:59.0663 2528 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    15:21:59.0694 2528 SstpSvc - ok
    15:21:59.0757 2528 Steam Client Service - ok
    15:21:59.0882 2528 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    15:21:59.0913 2528 Stereo Service - ok
    15:21:59.0944 2528 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    15:21:59.0960 2528 stexstor - ok
    15:22:00.0038 2528 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    15:22:00.0100 2528 stisvc - ok
    15:22:00.0131 2528 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    15:22:02.0253 2528 swenum - ok
    15:22:02.0315 2528 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    15:22:02.0440 2528 swprv - ok
    15:22:02.0627 2528 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    15:22:02.0783 2528 SysMain - ok
    15:22:02.0861 2528 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    15:22:03.0017 2528 TabletInputService - ok
    15:22:03.0111 2528 [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys
    15:22:03.0189 2528 tap0901t ( UnsignedFile.Multi.Generic ) - warning
    15:22:03.0189 2528 tap0901t - detected UnsignedFile.Multi.Generic (1)
    15:22:03.0251 2528 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    15:22:03.0376 2528 TapiSrv - ok
    15:22:03.0423 2528 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    15:22:03.0501 2528 TBS - ok
    15:22:03.0704 2528 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    15:22:03.0906 2528 Tcpip - ok
    15:22:04.0031 2528 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    15:22:04.0078 2528 TCPIP6 - ok
    15:22:04.0125 2528 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    15:22:04.0218 2528 tcpipreg - ok
    15:22:04.0530 2528 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    15:22:04.0593 2528 TDPIPE - ok
    15:22:04.0640 2528 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    15:22:04.0686 2528 TDTCP - ok
    15:22:04.0796 2528 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    15:22:04.0858 2528 tdx - ok
    15:22:04.0905 2528 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    15:22:04.0920 2528 TermDD - ok
    15:22:04.0967 2528 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    15:22:05.0030 2528 TermService - ok
    15:22:05.0061 2528 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    15:22:05.0373 2528 Themes - ok
    15:22:05.0420 2528 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    15:22:05.0482 2528 THREADORDER - ok
    15:22:05.0560 2528 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    15:22:05.0700 2528 TrkWks - ok
    15:22:06.0153 2528 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    15:22:06.0262 2528 TrustedInstaller - ok
    15:22:06.0324 2528 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    15:22:06.0418 2528 tssecsrv - ok
    15:22:06.0496 2528 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    15:22:06.0543 2528 TsUsbFlt - ok
    15:22:06.0605 2528 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    15:22:06.0699 2528 tunnel - ok
    15:22:07.0073 2528 [ 3DB1CE045A552161EF7252988752C65F ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe
    15:22:07.0136 2528 TunngleService ( UnsignedFile.Multi.Generic ) - warning
    15:22:07.0136 2528 TunngleService - detected UnsignedFile.Multi.Generic (1)
    15:22:07.0167 2528 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    15:22:07.0182 2528 uagp35 - ok
    15:22:07.0245 2528 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    15:22:07.0292 2528 udfs - ok
    15:22:07.0323 2528 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    15:22:07.0354 2528 UI0Detect - ok
    15:22:07.0370 2528 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    15:22:07.0401 2528 uliagpkx - ok
    15:22:07.0448 2528 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    15:22:07.0526 2528 umbus - ok
    15:22:07.0572 2528 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    15:22:07.0635 2528 UmPass - ok
    15:22:07.0697 2528 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    15:22:07.0791 2528 upnphost - ok
    15:22:07.0853 2528 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    15:22:07.0962 2528 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
    15:22:07.0962 2528 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
    15:22:08.0040 2528 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    15:22:08.0087 2528 usbaudio - ok
    15:22:08.0150 2528 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    15:22:08.0243 2528 usbccgp - ok
    15:22:08.0274 2528 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    15:22:08.0306 2528 usbcir - ok
    15:22:08.0368 2528 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    15:22:08.0446 2528 usbehci - ok
    15:22:08.0477 2528 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
    15:22:08.0493 2528 usbfilter - ok
    15:22:08.0633 2528 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    15:22:08.0696 2528 usbhub - ok
    15:22:08.0742 2528 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    15:22:08.0805 2528 usbohci - ok
    15:22:08.0852 2528 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    15:22:08.0945 2528 usbprint - ok
    15:22:08.0976 2528 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    15:22:09.0008 2528 USBSTOR - ok
    15:22:09.0008 2528 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    15:22:09.0039 2528 usbuhci - ok
    15:22:09.0086 2528 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    15:22:09.0132 2528 usbvideo - ok
    15:22:09.0179 2528 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    15:22:09.0273 2528 UxSms - ok
    15:22:09.0304 2528 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    15:22:09.0335 2528 VaultSvc - ok
    15:22:09.0351 2528 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    15:22:09.0366 2528 vdrvroot - ok
    15:22:09.0429 2528 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    15:22:09.0491 2528 vds - ok
    15:22:09.0491 2528 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    15:22:09.0522 2528 vga - ok
    15:22:09.0554 2528 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    15:22:09.0678 2528 VgaSave - ok
    15:22:09.0725 2528 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    15:22:09.0819 2528 vhdmp - ok
    15:22:09.0850 2528 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    15:22:09.0912 2528 viaide - ok
    15:22:09.0928 2528 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    15:22:09.0959 2528 volmgr - ok
    15:22:09.0990 2528 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    15:22:10.0022 2528 volmgrx - ok
    15:22:10.0053 2528 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    15:22:10.0084 2528 volsnap - ok
    15:22:10.0115 2528 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    15:22:10.0146 2528 vsmraid - ok
    15:22:10.0256 2528 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    15:22:10.0349 2528 VSS - ok
    15:22:10.0365 2528 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    15:22:10.0412 2528 vwifibus - ok
    15:22:10.0427 2528 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    15:22:10.0443 2528 vwififlt - ok
    15:22:10.0521 2528 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    15:22:10.0552 2528 W32Time - ok
    15:22:10.0583 2528 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    15:22:10.0630 2528 WacomPen - ok
    15:22:10.0677 2528 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    15:22:10.0724 2528 WANARP - ok
    15:22:10.0724 2528 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    15:22:10.0770 2528 Wanarpv6 - ok
    15:22:10.0942 2528 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    15:22:11.0004 2528 WatAdminSvc - ok
    15:22:11.0192 2528 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    15:22:11.0316 2528 wbengine - ok
    15:22:11.0348 2528 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    15:22:11.0379 2528 WbioSrvc - ok
    15:22:11.0472 2528 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    15:22:11.0550 2528 wcncsvc - ok
    15:22:11.0566 2528 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    15:22:11.0597 2528 WcsPlugInService - ok
    15:22:11.0660 2528 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    15:22:11.0706 2528 Wd - ok
    15:22:11.0800 2528 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    15:22:11.0894 2528 Wdf01000 - ok
    15:22:11.0894 2528 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    15:22:11.0940 2528 WdiServiceHost - ok
    15:22:11.0940 2528 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    15:22:11.0956 2528 WdiSystemHost - ok
    15:22:12.0003 2528 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    15:22:12.0096 2528 WebClient - ok
    15:22:12.0128 2528 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    15:22:12.0190 2528 Wecsvc - ok
    15:22:12.0237 2528 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    15:22:12.0315 2528 wercplsupport - ok
    15:22:12.0346 2528 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    15:22:12.0393 2528 WerSvc - ok
    15:22:12.0424 2528 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    15:22:12.0455 2528 WfpLwf - ok
    15:22:12.0471 2528 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    15:22:12.0486 2528 WIMMount - ok
    15:22:12.0486 2528 WinDefend - ok
    15:22:12.0486 2528 WinHttpAutoProxySvc - ok
    15:22:12.0564 2528 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    15:22:12.0611 2528 Winmgmt - ok
    15:22:13.0001 2528 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    15:22:13.0095 2528 WinRM - ok
    15:22:13.0173 2528 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    15:22:13.0251 2528 Wlansvc - ok
    15:22:13.0469 2528 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    15:22:13.0516 2528 wlidsvc - ok
    15:22:13.0547 2528 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    15:22:13.0563 2528 WmiAcpi - ok
    15:22:13.0625 2528 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    15:22:13.0703 2528 wmiApSrv - ok
    15:22:13.0734 2528 WMPNetworkSvc - ok
    15:22:13.0797 2528 [ 58540037A4A3EEEEFA47C84100E1694F ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
    15:22:13.0812 2528 WMZuneComm - ok
    15:22:13.0890 2528 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    15:22:13.0953 2528 WPCSvc - ok
    15:22:13.0984 2528 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    15:22:14.0000 2528 WPDBusEnum - ok
    15:22:14.0015 2528 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    15:22:14.0078 2528 ws2ifsl - ok
    15:22:14.0093 2528 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
    15:22:14.0140 2528 wscsvc - ok
    15:22:14.0140 2528 WSearch - ok
    15:22:14.0421 2528 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    15:22:14.0483 2528 wuauserv - ok
    15:22:14.0499 2528 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    15:22:14.0592 2528 WudfPf - ok
    15:22:14.0655 2528 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    15:22:14.0702 2528 WUDFRd - ok
    15:22:14.0748 2528 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    15:22:14.0795 2528 wudfsvc - ok
    15:22:14.0858 2528 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    15:22:14.0889 2528 WwanSvc - ok
    15:22:15.0201 2528 X6va005 - ok
    15:22:15.0248 2528 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
    15:22:15.0279 2528 xusb21 - ok
    15:22:15.0435 2528 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    15:22:15.0450 2528 YahooAUService - ok
    15:22:15.0887 2528 [ D6EF205269C2A584AF6B56B9F95010F8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
    15:22:16.0074 2528 ZuneNetworkSvc - ok
    15:22:16.0090 2528 [ 7A565AFE58F3822A9E622868E5CC0E5C ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
    15:22:16.0121 2528 ZuneWlanCfgSvc - ok
    15:22:16.0137 2528 ================ Scan global ===============================
    15:22:16.0152 2528 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    15:22:16.0184 2528 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    15:22:16.0199 2528 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    15:22:16.0215 2528 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    15:22:16.0277 2528 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    15:22:16.0308 2528 [Global] - ok
    15:22:16.0308 2528 ================ Scan MBR ==================================
    15:22:16.0402 2528 [ AA009EC3C3402BE4B5D00E6E29FC38EC ] \Device\Harddisk0\DR0
    15:22:18.0071 2528 \Device\Harddisk0\DR0 - ok
    15:22:18.0071 2528 ================ Scan VBR ==================================
    15:22:18.0102 2528 [ 008F0737E1ACE846FA00BC315264D053 ] \Device\Harddisk0\DR0\Partition1
    15:22:18.0102 2528 \Device\Harddisk0\DR0\Partition1 - ok
    15:22:18.0118 2528 [ 57D8B1C3EC1C17F87DD3502CE8E19A13 ] \Device\Harddisk0\DR0\Partition2
    15:22:18.0118 2528 \Device\Harddisk0\DR0\Partition2 - ok
    15:22:18.0134 2528 [ 16D1778C5300332AFD2318821AD67134 ] \Device\Harddisk0\DR0\Partition3
    15:22:18.0165 2528 \Device\Harddisk0\DR0\Partition3 - ok
    15:22:18.0165 2528 ============================================================
    15:22:18.0165 2528 Scan finished
    15:22:18.0165 2528 ============================================================
    15:22:18.0165 4120 Detected object count: 6
    15:22:18.0165 4120 Actual detected object count: 6
    15:23:39.0557 4120 FlipShareServer ( UnsignedFile.Multi.Generic ) - skipped by user
    15:23:39.0557 4120 FlipShareServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
    15:23:39.0557 4120 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
    15:23:39.0557 4120 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    15:23:39.0557 4120 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
    15:23:39.0557 4120 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    15:23:39.0557 4120 tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user
    15:23:39.0557 4120 tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip
    15:23:39.0572 4120 TunngleService ( UnsignedFile.Multi.Generic ) - skipped by user
    15:23:39.0572 4120 TunngleService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    15:23:39.0572 4120 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
    15:23:39.0572 4120 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    15:26:43.0694 2896 Deinitialize success
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    =======================================


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
     
  13. melissadotcom

    melissadotcom TS Rookie Topic Starter Posts: 18

    I am scanning now. So far my computer has been good. I still have removable disks drivers there that I didn't put myself and a random folder popped up in my OS again that is empty and locked. The last ones were gone for a good few hours before this one popped up so I don't know if its something just with my computer that does it or something more. The only alert I have in my system tray is for a windows update that I can't get to update. It always has an error and doesn't finish.

    I have work in a little bit so I will post the scan results tonight. Thanks again for helping. Main thing I want to be able to say is that my computer is clean so hopefully it is or will be.

    I did scan with the exact scanner right before I asked for help on the forums. It did pick up 11 threats. I pasted what it found in note pad if you want me to give you that as well.
     
  14. melissadotcom

    melissadotcom TS Rookie Topic Starter Posts: 18

    No threats where found at all.
     
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

  16. melissadotcom

    melissadotcom TS Rookie Topic Starter Posts: 18

    Am I attaching the screenshots?
     
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Please do.
     
  18. melissadotcom

    melissadotcom TS Rookie Topic Starter Posts: 18

    Here they are. disk.PNG random numbers.PNG
     
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    For the first screenshot, the hidden drives, those are no big deal. That actually highlights the reference points, if you were to plug in a flash drive or external drive to your PC.

    To hide that, along with other hidden files/folders, press the ALT button while in Computer window there, press Tools > Folder Options.

    Select the View tab, find "Don't show hidden files and folders" and select that, Apply changes.

    That should make those disappear.

    As for the second screenshot, those are files created by Windows to help update your computer, install service packs, etc. Only Windows Installer Cleanup utility can remove these. Which it doesn't matter if you keep them or not, as they are safe folders.
     
  20. melissadotcom

    melissadotcom TS Rookie Topic Starter Posts: 18

    I had looked up the the files before and found the same thing about being made by windows. Just wanted to be safer then sorry. :)
    Well that is great to know. I haven't seen anything else going on with my computer so far. I will post again if something comes up. Thanks again for helping me.
     
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    You're welcome!

    We will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete
    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
  22. melissadotcom

    melissadotcom TS Rookie Topic Starter Posts: 18

    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    ESET Smart Security 5.2
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Secunia PSI (3.0.0.4001)
    Malwarebytes Anti-Malware version 1.65.0.1400
    Java 7 Update 7
    Adobe Flash Player 11.4.402.287
    Mozilla Firefox (15.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    ESET NOD32 Antivirus egui.exe
    ESET NOD32 Antivirus ekrn.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 5%
    ````````````````````End of Log``````````````````````
     
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.

    Any other questions before I mark this topic solved?
     
  24. melissadotcom

    melissadotcom TS Rookie Topic Starter Posts: 18

    Not at all. If something pops up I will post right away. Thank you. :)
     
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Okay. We'll be here. :)

    Topic marked solved.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...