Solved Win64/patched.a

mossimo654

mossimo654

Posts: 22   +0
Hi,
This virus appeared about 2 hours ago, and ever since I've been getting regular updates from my free AVG about every 20 minutes telling me that system32\services.exe is infected. Since I'm assuming this is a critical exe, I have no idea what to do. A quick search on this forum reveals that a lot of other people are getting this virus, so hopefully I will be able to get rid of it.

Thanks so much!
I'm using win7 (64)
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================

What Windows version is it?
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2012
Ran by SYSTEM at 04-11-2012 10:14:12
Running from G:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6468712 2012-03-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.139.290\AsusWSPanel.exe /S [740704 2012-03-15] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2011-10-31] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [M-Audio Taskbar Icon] C:\Windows\system32\MAFWDITray.exe [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Kyle\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [3111744 2012-04-26] (DT Soft Ltd)
HKU\Kyle\...\Run: [Steam] "A:\Program Files\Steam\Steam.exe" -silent [x]
HKU\Kyle\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\Kyle\...\Run: [Spotify] "C:\Users\Kyle\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [7901144 2012-10-30] (Spotify Ltd)
HKU\Kyle\...\Run: [Spotify Web Helper] "C:\Users\Kyle\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2012-10-30] (Spotify Ltd)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ===================

2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-28] ()
2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
2 AsusFanControlService; "C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe" [1478272 2012-01-12] (ASUSTeK Computer Inc.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5167736 2012-08-13] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
3 ICCS; "C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe" [160768 2011-05-27] (Intel Corporation)
2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) =====================

3 AiCharger; C:\Windows\SysWow64\Drivers\AiCharger.sys [14592 2010-10-20] (ASUSTek Computer Inc.)
1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2010-08-23] ()
1 AsUpIO; C:\Windows\SysWow64\Drivers\AsUpIO.sys [14464 2010-08-02] ()
3 ASUSFILTER; C:\Windows\SysWow64\Drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-26] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
3 MAFWPROFIRE; C:\Windows\System32\DRIVERS\MAudioProFire.sys [287240 2010-03-01] (Avid Technology, Inc.)
1 ndisrd; C:\Windows\System32\Drivers\ndisrd.sys [32360 2011-08-12] (NT Kernel Resources)
3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan620.sys [32360 2011-09-15] (Realtek Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-09-05] (Duplex Secure Ltd.)
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-04 09:42 - 2012-11-04 09:42 - 01459963 ____A (Farbar) C:\Users\Kyle\Downloads\FRST64.exe
2012-11-04 01:17 - 2012-11-04 01:17 - 00520207 ___AT C:\Users\Kyle\Desktop\Minimall.wav.asd
2012-11-03 21:29 - 2012-11-03 21:29 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Cycling '74
2012-11-03 15:47 - 2012-11-04 01:16 - 45030156 ___AT C:\Users\Kyle\Desktop\Minimall.wav
2012-11-03 13:02 - 2012-11-03 13:02 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-11-03 12:56 - 2012-11-03 12:56 - 00000000 ____D C:\Users\Kyle\Desktop\New folder
2012-11-03 12:56 - 2010-01-15 02:37 - 00000046 ____N C:\Users\Kyle\Downloads\FILE_ID.DIZ
2012-11-03 12:56 - 2010-01-14 13:24 - 00004729 ____N C:\Users\Kyle\Downloads\AiR.nfo
2012-11-03 12:56 - 2010-01-14 12:35 - 00204288 ____N C:\Users\Kyle\Downloads\Image_Line_Vocodex_VST_v1_0_keygen_by_AiR.exe
2012-11-03 12:54 - 2012-11-03 12:55 - 00000000 ____D C:\Users\Kyle\Downloads\Image_Line_Vocodex_VST_v1_0_keygen_by_AiR
2012-11-03 12:22 - 2012-11-03 12:22 - 00001993 ____A C:\Users\Public\Desktop\Max Runtime 5.1.lnk
2012-11-03 12:22 - 2012-11-03 12:22 - 00001977 ____A C:\Users\Public\Desktop\Max 5.1.lnk
2012-11-03 12:22 - 2012-11-03 12:22 - 00000000 ____D C:\Program Files (x86)\Cycling '74
2012-11-03 12:14 - 2012-11-03 12:21 - 159204968 ____A C:\Users\Kyle\Downloads\Max5_48561.zip
2012-11-03 12:10 - 2012-11-03 12:10 - 00516255 ___AT C:\Users\Kyle\Desktop\Minimall.aif.asd
2012-11-03 12:09 - 2012-11-03 12:09 - 44645294 ___AT C:\Users\Kyle\Desktop\Minimall.aif
2012-11-03 12:03 - 2012-11-03 23:59 - 00000000 ____D C:\Users\Kyle\Desktop\Soundcloud
2012-11-02 14:47 - 2012-11-02 14:47 - 15949304 ____A C:\Users\Kyle\Desktop\Minimall 2.m4a
2012-11-02 12:10 - 2012-11-02 12:10 - 15648095 ____A C:\Users\Kyle\Desktop\Minimall 1.m4a
2012-11-02 10:34 - 2012-11-03 13:24 - 17174384 ____A C:\Users\Kyle\Desktop\Minimall.m4a
2012-10-30 20:46 - 2012-10-30 20:46 - 00484499 ___AT C:\Users\Kyle\Desktop\Because harmony breakdown.mp3.asd
2012-10-30 20:38 - 2012-10-30 20:38 - 846126122 ____A C:\Windows\MEMORY.DMP
2012-10-30 20:38 - 2012-10-30 20:38 - 00277416 ____A C:\Windows\Minidump\103012-14508-01.dmp
2012-10-30 20:38 - 2012-10-30 20:38 - 00000000 ____D C:\Windows\Minidump
2012-10-29 22:16 - 2012-10-29 22:16 - 00325595 ___AT C:\Users\Kyle\Desktop\11 I Live With You.mp3.asd
2012-10-27 14:26 - 2012-11-04 10:09 - 00000262 ____A C:\Windows\Tasks\AutoKMS.job
2012-10-27 14:26 - 2012-10-28 14:26 - 00000000 ____D C:\Windows\AutoKMS
2012-10-27 14:16 - 2012-10-27 14:16 - 00771962 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-10-27 14:12 - 2012-10-27 14:12 - 00889416 ____A (Microsoft Corporation) C:\Users\Kyle\Downloads\dotNetFx40_Full_setup.exe
2012-10-24 11:57 - 2012-10-27 14:07 - 00003021 ____A C:\Users\Kyle\Desktop\Microsoft Word 2010.lnk
2012-10-24 11:57 - 2012-10-24 11:57 - 00000000 ____D C:\Windows\PCHEALTH
2012-10-24 11:55 - 2012-10-24 11:55 - 00000000 ____D C:\Program Files\Microsoft Office
2012-10-24 11:55 - 2012-10-24 11:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2012-10-24 11:54 - 2012-10-27 14:07 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-10-24 11:54 - 2012-10-24 11:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-10-24 11:54 - 2012-10-24 11:54 - 00000000 __RHD C:\MSOCache
2012-10-24 11:54 - 2012-10-24 11:54 - 00000000 ____D C:\Users\Kyle\AppData\Local\Microsoft Help
2012-10-24 01:48 - 2012-10-24 01:44 - 44761957 ____A C:\Users\Kyle\Desktop\Dan Deacon by Kyle.m4a
2012-10-24 01:44 - 2012-10-24 01:44 - 00360523 ___AT C:\Users\Kyle\Desktop\Dan Deacon by Kyle.wav.asd
2012-10-24 01:43 - 2012-10-24 01:43 - 52822944 ___AT C:\Users\Kyle\Desktop\Dan Deacon by Kyle.wav
2012-10-23 12:50 - 2012-10-23 12:50 - 00580051 ___AT C:\Users\Kyle\Desktop\Elena - Juana Molina.mp3.asd
2012-10-23 00:02 - 2012-10-23 00:02 - 00599263 ___AT C:\Users\Kyle\Desktop\Elena 1.m4a.asd
2012-10-23 00:01 - 2012-06-09 12:42 - 18733595 ____A C:\Users\Kyle\Desktop\Elena 1.m4a
2012-10-22 13:01 - 2012-10-22 13:03 - 28257789 ____A C:\Users\Kyle\Downloads\ESPN RSMB.zip
2012-10-17 15:05 - 2012-11-04 10:09 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Spotify
2012-10-17 15:05 - 2012-10-24 19:40 - 00000000 ____D C:\Users\Kyle\AppData\Local\Spotify
2012-10-17 15:05 - 2012-10-17 15:05 - 00001799 ____A C:\Users\Kyle\Desktop\Spotify.lnk
2012-10-17 15:04 - 2012-10-17 15:04 - 17617480 ____A (Spotify Ltd) C:\Users\Kyle\Downloads\Spotify Installer.exe
2012-10-13 18:14 - 2012-10-30 11:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-12 10:15 - 2012-10-12 10:15 - 20865884 ____A C:\Users\Kyle\Desktop\Tittays.m4a
2012-10-12 10:15 - 2012-10-12 10:15 - 00346271 ___AT C:\Users\Kyle\Desktop\A cure.aif.asd
2012-10-12 10:10 - 2012-10-12 10:10 - 38159697 ____A C:\Users\Kyle\Desktop\A cure.m4a
2012-10-12 10:07 - 2012-10-12 10:14 - 30044958 ___AT C:\Users\Kyle\Desktop\A cure.aif
2012-10-12 04:43 - 2012-10-12 04:43 - 00833024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2012-10-12 04:43 - 2012-10-12 04:43 - 00410624 ____A C:\Windows\SysWOW64\systemcpl.dll
2012-10-12 04:43 - 2012-10-12 04:43 - 00113543 ____A C:\Windows\SysWOW64\slmgr.vbs
2012-10-12 04:43 - 2012-10-12 04:43 - 00113543 ____A C:\Windows\System32\slmgr.vbs
2012-10-12 04:43 - 2012-10-12 04:43 - 00002048 ____A C:\Windows\SysWOW64\winver.exe
2012-10-12 04:43 - 2012-10-12 04:43 - 00001536 ____A C:\Windows\SysWOW64\sppcomapi.dll
2012-10-12 04:40 - 2012-10-12 04:41 - 13150218 ____A C:\Users\Kyle\Downloads\Remove WAT(1).rar
2012-10-12 03:28 - 2012-09-27 23:18 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-12 03:27 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-10-12 03:27 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-10-12 03:27 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-10-12 03:27 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-10-12 03:27 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-10-12 03:27 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-10-12 03:27 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-10-12 03:27 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-10-12 03:27 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-10-12 03:27 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-10-12 03:27 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-10-12 03:27 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-10-12 03:27 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-10-12 03:27 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-10-12 03:27 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-10-12 03:27 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-10-12 03:27 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-10-12 03:27 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-10-12 03:27 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-10-12 03:27 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-10-12 03:27 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-10-12 03:27 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-10-12 03:27 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-10-12 03:27 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-10-12 03:27 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-10-12 03:27 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-10-12 03:27 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-10-12 03:27 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-10-12 03:27 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-10-12 03:27 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-10-12 03:27 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-10-12 03:27 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-10-12 03:26 - 2012-10-12 03:26 - 00000000 ____D C:\Windows\System32\SPReview
2012-10-12 03:25 - 2012-10-12 03:25 - 00000000 ____D C:\Windows\System32\EventProviders
2012-10-12 03:22 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-12 03:22 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-12 03:22 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-12 03:22 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-12 03:22 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-12 03:22 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-12 03:22 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-12 03:22 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-12 03:22 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-12 03:22 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-12 03:22 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-12 03:22 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-12 03:22 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-12 03:22 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-12 03:22 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-11 23:19 - 2012-10-11 23:19 - 02279676 ___AT C:\Users\Kyle\Desktop\Avey.wav
2012-10-11 23:19 - 2012-10-11 23:19 - 00029675 ___AT C:\Users\Kyle\Desktop\Avey.wav.asd
2012-10-10 00:11 - 2012-10-10 00:11 - 00373279 ___AT C:\Users\Kyle\Desktop\08. A Cure.mp3.asd
2012-10-09 17:47 - 2012-10-09 17:49 - 00000000 ____D C:\Vstplugins
2012-10-09 02:05 - 2012-10-09 02:05 - 00055175 ___AT C:\Users\Kyle\Desktop\01 Alan Lomax Speaking To Charles Ku.m4a.asd
2012-10-09 02:05 - 2009-10-23 15:22 - 01406274 ____A C:\Users\Kyle\Desktop\01 Alan Lomax Speaking To Charles Ku.m4a
2012-10-09 01:56 - 2012-10-09 01:56 - 00513415 ___AT C:\Users\Kyle\Desktop\01 Te Deum - Te Deum Laudamus.m4a.asd
2012-10-09 01:55 - 2009-01-24 17:17 - 12809297 ____A C:\Users\Kyle\Desktop\01 Te Deum - Te Deum Laudamus.m4a
2012-10-08 21:43 - 2012-10-08 21:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-10-08 21:43 - 2012-10-08 21:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-10-08 21:42 - 2012-10-08 21:43 - 13085120 ____A (Microsoft Corporation) C:\Users\Kyle\Downloads\Silverlight_x64.exe


==================== 3 Months Modified Files ==================

2012-11-04 10:09 - 2012-10-27 14:26 - 00000262 ____A C:\Windows\Tasks\AutoKMS.job
2012-11-04 10:09 - 2012-09-02 17:39 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-04 10:09 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-04 10:09 - 2009-07-13 20:51 - 00032159 ____A C:\Windows\setupact.log
2012-11-04 09:44 - 2012-09-02 17:39 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-04 09:42 - 2012-11-04 09:42 - 01459963 ____A (Farbar) C:\Users\Kyle\Downloads\FRST64.exe
2012-11-04 09:31 - 2009-07-13 21:13 - 00777976 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-04 09:27 - 2012-09-02 17:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-04 01:17 - 2012-11-04 01:17 - 00520207 ___AT C:\Users\Kyle\Desktop\Minimall.wav.asd
2012-11-04 01:16 - 2012-11-03 15:47 - 45030156 ___AT C:\Users\Kyle\Desktop\Minimall.wav
2012-11-03 19:51 - 2009-07-13 20:45 - 00013040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-03 19:51 - 2009-07-13 20:45 - 00013040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-03 13:24 - 2012-11-02 10:34 - 17174384 ____A C:\Users\Kyle\Desktop\Minimall.m4a
2012-11-03 12:55 - 2012-08-30 08:39 - 01051256 ____A C:\Windows\WindowsUpdate.log
2012-11-03 12:22 - 2012-11-03 12:22 - 00001993 ____A C:\Users\Public\Desktop\Max Runtime 5.1.lnk
2012-11-03 12:22 - 2012-11-03 12:22 - 00001977 ____A C:\Users\Public\Desktop\Max 5.1.lnk
2012-11-03 12:21 - 2012-11-03 12:14 - 159204968 ____A C:\Users\Kyle\Downloads\Max5_48561.zip
2012-11-03 12:10 - 2012-11-03 12:10 - 00516255 ___AT C:\Users\Kyle\Desktop\Minimall.aif.asd
2012-11-03 12:09 - 2012-11-03 12:09 - 44645294 ___AT C:\Users\Kyle\Desktop\Minimall.aif
2012-11-02 14:47 - 2012-11-02 14:47 - 15949304 ____A C:\Users\Kyle\Desktop\Minimall 2.m4a
2012-11-02 12:10 - 2012-11-02 12:10 - 15648095 ____A C:\Users\Kyle\Desktop\Minimall 1.m4a
2012-11-01 18:25 - 2012-09-27 19:17 - 00000328 ____A C:\Windows\Tasks\At2.job
2012-10-30 20:46 - 2012-10-30 20:46 - 00484499 ___AT C:\Users\Kyle\Desktop\Because harmony breakdown.mp3.asd
2012-10-30 20:38 - 2012-10-30 20:38 - 846126122 ____A C:\Windows\MEMORY.DMP
2012-10-30 20:38 - 2012-10-30 20:38 - 00277416 ____A C:\Windows\Minidump\103012-14508-01.dmp
2012-10-30 20:38 - 2012-09-02 17:22 - 00750920 ____A C:\Windows\PFRO.log
2012-10-30 20:38 - 2009-07-13 20:45 - 00414656 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-29 22:16 - 2012-10-29 22:16 - 00325595 ___AT C:\Users\Kyle\Desktop\11 I Live With You.mp3.asd
2012-10-27 14:16 - 2012-10-27 14:16 - 00771962 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-10-27 14:12 - 2012-10-27 14:12 - 00889416 ____A (Microsoft Corporation) C:\Users\Kyle\Downloads\dotNetFx40_Full_setup.exe
2012-10-27 14:07 - 2012-10-24 11:57 - 00003021 ____A C:\Users\Kyle\Desktop\Microsoft Word 2010.lnk
2012-10-24 20:43 - 2012-08-30 08:54 - 00108840 ____A C:\Users\Kyle\AppData\Local\GDIPFONTCACHEV1.DAT
2012-10-24 11:58 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-10-24 01:44 - 2012-10-24 01:48 - 44761957 ____A C:\Users\Kyle\Desktop\Dan Deacon by Kyle.m4a
2012-10-24 01:44 - 2012-10-24 01:44 - 00360523 ___AT C:\Users\Kyle\Desktop\Dan Deacon by Kyle.wav.asd
2012-10-24 01:43 - 2012-10-24 01:43 - 52822944 ___AT C:\Users\Kyle\Desktop\Dan Deacon by Kyle.wav
2012-10-23 12:50 - 2012-10-23 12:50 - 00580051 ___AT C:\Users\Kyle\Desktop\Elena - Juana Molina.mp3.asd
2012-10-23 00:02 - 2012-10-23 00:02 - 00599263 ___AT C:\Users\Kyle\Desktop\Elena 1.m4a.asd
2012-10-22 13:03 - 2012-10-22 13:01 - 28257789 ____A C:\Users\Kyle\Downloads\ESPN RSMB.zip
2012-10-17 15:05 - 2012-10-17 15:05 - 00001799 ____A C:\Users\Kyle\Desktop\Spotify.lnk
2012-10-17 15:04 - 2012-10-17 15:04 - 17617480 ____A (Spotify Ltd) C:\Users\Kyle\Downloads\Spotify Installer.exe
2012-10-12 10:15 - 2012-10-12 10:15 - 20865884 ____A C:\Users\Kyle\Desktop\Tittays.m4a
2012-10-12 10:15 - 2012-10-12 10:15 - 00346271 ___AT C:\Users\Kyle\Desktop\A cure.aif.asd
2012-10-12 10:14 - 2012-10-12 10:07 - 30044958 ___AT C:\Users\Kyle\Desktop\A cure.aif
2012-10-12 10:10 - 2012-10-12 10:10 - 38159697 ____A C:\Users\Kyle\Desktop\A cure.m4a
2012-10-12 04:43 - 2012-10-12 04:43 - 00833024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2012-10-12 04:43 - 2012-10-12 04:43 - 00410624 ____A C:\Windows\SysWOW64\systemcpl.dll
2012-10-12 04:43 - 2012-10-12 04:43 - 00113543 ____A C:\Windows\SysWOW64\slmgr.vbs
2012-10-12 04:43 - 2012-10-12 04:43 - 00113543 ____A C:\Windows\System32\slmgr.vbs
2012-10-12 04:43 - 2012-10-12 04:43 - 00002048 ____A C:\Windows\SysWOW64\winver.exe
2012-10-12 04:43 - 2012-10-12 04:43 - 00001536 ____A C:\Windows\SysWOW64\sppcomapi.dll
2012-10-12 04:41 - 2012-10-12 04:40 - 13150218 ____A C:\Users\Kyle\Downloads\Remove WAT(1).rar
2012-10-12 03:32 - 2009-07-13 18:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-10-12 03:32 - 2009-07-13 18:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2012-10-11 23:19 - 2012-10-11 23:19 - 02279676 ___AT C:\Users\Kyle\Desktop\Avey.wav
2012-10-11 23:19 - 2012-10-11 23:19 - 00029675 ___AT C:\Users\Kyle\Desktop\Avey.wav.asd
2012-10-10 00:11 - 2012-10-10 00:11 - 00373279 ___AT C:\Users\Kyle\Desktop\08. A Cure.mp3.asd
2012-10-09 02:05 - 2012-10-09 02:05 - 00055175 ___AT C:\Users\Kyle\Desktop\01 Alan Lomax Speaking To Charles Ku.m4a.asd
2012-10-09 01:56 - 2012-10-09 01:56 - 00513415 ___AT C:\Users\Kyle\Desktop\01 Te Deum - Te Deum Laudamus.m4a.asd
2012-10-08 21:43 - 2012-10-08 21:42 - 13085120 ____A (Microsoft Corporation) C:\Users\Kyle\Downloads\Silverlight_x64.exe
2012-10-08 21:28 - 2012-09-02 17:17 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-08 21:28 - 2012-09-02 17:17 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-27 23:18 - 2012-10-12 03:28 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-27 19:23 - 2012-09-27 19:23 - 00002892 ____A () C:\Windows\SysWOW64\audcon.sys
2012-09-27 19:23 - 2012-09-27 19:23 - 00000051 ____A C:\Windows\SysWOW64\SYNSOPOS.exe.cfg
2012-09-27 19:23 - 2012-09-02 17:46 - 00012564 ____A C:\Windows\DPINST.LOG
2012-09-27 19:18 - 2012-09-27 19:17 - 00000460 ____A C:\Windows\Tasks\At1.job
2012-09-27 19:09 - 2012-09-27 19:09 - 01005294 ____A C:\Windows\SysWOW64\TmpA2486141
2012-09-27 18:38 - 2012-09-27 18:38 - 01005294 ____A C:\Windows\SysWOW64\TmpA629760
2012-09-27 18:26 - 2012-09-27 18:26 - 01005294 ____A C:\Windows\SysWOW64\TmpA112761937
2012-09-24 15:10 - 2012-09-24 15:04 - 117456919 ____A C:\Users\Kyle\Downloads\BLP0dc2044b616a450e1913d7f64b67c2a1.zip
2012-09-24 14:14 - 2012-09-24 14:14 - 16409960 ____A (Safer Networking Limited ) C:\Users\Kyle\Downloads\spybotsd162.exe
2012-09-22 01:02 - 2012-09-22 01:02 - 00142419 ___AT C:\Users\Kyle\Desktop\Easier.m4a.asd
2012-09-22 01:02 - 2012-09-22 01:02 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-09-22 01:01 - 2012-09-22 00:59 - 39483256 ____A (Apple Inc.) C:\Users\Kyle\Downloads\QuickTimeInstaller.exe
2012-09-19 23:57 - 2012-09-19 23:57 - 00332227 ___AT C:\Users\Kyle\Desktop\10 Naomi.mp3.asd
2012-09-19 00:32 - 2012-09-19 00:32 - 01078731 ___RA C:\Users\Kyle\Desktop\Resources.xpak
2012-09-18 23:36 - 2012-09-18 23:36 - 00004258 ____A C:\Users\Kyle\Desktop\WavesTune Output.mid
2012-09-18 09:57 - 2012-09-18 09:57 - 00376875 ___AT C:\Users\Kyle\Desktop\01 Even Spring.mp3.asd
2012-09-18 09:38 - 2012-09-18 09:38 - 00406528 ____A (Propellerhead Software AB) C:\Windows\SysWOW64\ReWire.dll
2012-09-18 09:38 - 2012-09-18 09:38 - 00338432 ____A (Propellerhead Software AB) C:\Windows\SysWOW64\REX Shared Library.dll
2012-09-16 15:35 - 2012-09-16 15:30 - 74881004 ____A C:\Users\Kyle\Downloads\Breakup Song (rip).zip
2012-09-14 11:19 - 2012-10-12 03:22 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:28 - 2012-10-12 03:22 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-10 23:28 - 2012-09-10 23:28 - 04978824 ____A (FLAC To MP3, http://www.FlacMP3.net/ ) C:\Users\Kyle\Downloads\flac2mp3.exe
2012-09-10 22:33 - 2012-09-10 22:31 - 13150218 ____A C:\Users\Kyle\Downloads\Remove WAT.rar
2012-09-10 22:22 - 2012-09-10 22:22 - 01716425 ____A C:\Users\Kyle\Downloads\WGA-Remover-2012-Fixexe.zip
2012-09-08 10:38 - 2012-09-08 10:37 - 12343816 ____A (M-Audio, a division of Avid Technology, Inc.) C:\Users\Kyle\Downloads\Install M-Audio ProFire 6_0_9.exe
2012-09-08 00:06 - 2012-09-05 10:16 - 00062396 ____A C:\Windows\DirectX.log
2012-09-06 19:17 - 2012-09-06 19:17 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-09-06 19:17 - 2012-09-06 19:17 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-09-06 19:17 - 2012-09-06 19:17 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-09-06 19:17 - 2012-09-06 19:17 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-09-06 19:17 - 2012-09-06 19:17 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-09-06 19:17 - 2012-09-06 19:17 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-09-06 19:17 - 2012-09-06 19:17 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-09-06 19:17 - 2012-09-06 19:17 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-09-06 19:17 - 2012-09-06 19:17 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-09-06 19:17 - 2012-09-06 19:17 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-09-06 19:17 - 2012-09-06 19:17 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-09-06 19:17 - 2012-09-06 19:17 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-09-06 19:17 - 2012-09-06 19:17 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-09-06 19:17 - 2012-09-06 19:17 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-09-06 19:17 - 2012-09-06 19:17 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-09-06 19:17 - 2012-09-06 19:17 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-09-06 19:17 - 2012-09-06 19:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-09-06 19:17 - 2012-09-06 19:17 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-09-06 19:17 - 2012-09-06 19:17 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-09-06 19:17 - 2012-09-06 19:17 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-09-06 19:17 - 2012-09-06 19:17 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-09-06 19:17 - 2012-09-06 19:10 - 00003797 ____A C:\Windows\IE9_main.log
2012-09-05 16:14 - 2012-09-05 16:13 - 09860056 ____A (MusicBrainz) C:\Users\Kyle\Downloads\picard-setup-1.1.exe
2012-09-05 12:49 - 2012-09-05 12:49 - 00000216 ____A C:\Users\Kyle\Desktop\MLB 2K12.url
2012-09-05 12:48 - 2012-09-05 12:48 - 00000216 ____A C:\Users\Kyle\Desktop\L.A. Noire.url
2012-09-05 12:41 - 2012-09-05 12:41 - 00000686 ____A C:\Users\Public\Desktop\Steam.lnk
2012-09-05 09:59 - 2012-09-05 09:59 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-05 00:13 - 2012-09-02 16:46 - 00560184 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys
2012-09-02 22:44 - 2012-09-02 22:44 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-09-02 18:33 - 2012-09-02 18:33 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-09-02 18:33 - 2012-09-02 18:33 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2012-09-02 18:33 - 2012-09-02 18:33 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-09-02 17:48 - 2012-09-02 16:43 - 00054665 ____A C:\Windows\Ascd_log.ini
2012-09-02 17:47 - 2012-09-02 17:47 - 00000086 ____A C:\Windows\imsm.log
2012-09-02 17:47 - 2012-09-02 17:47 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2012-09-02 17:46 - 2012-09-02 17:45 - 00000086 ____A C:\Windows\MEI.log
2012-09-02 17:44 - 2012-09-02 17:42 - 00002169 ____A C:\RHDSetup.log
2012-09-02 17:44 - 2012-09-02 17:42 - 00000206 ____A C:\Windows\audio.log
2012-09-02 17:40 - 2012-09-02 17:40 - 00002255 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-09-02 17:37 - 2012-09-02 16:37 - 00038744 ____A C:\Windows\Ascd_tmp.ini
2012-09-02 17:37 - 2012-09-02 16:37 - 00001769 ____A C:\Windows\Language_trs.ini
2012-09-02 17:03 - 2012-09-02 17:03 - 00896912 ____A (BitTorrent, Inc.) C:\Users\Kyle\Desktop\uTorrent.exe
2012-09-02 16:59 - 2012-09-02 16:59 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-09-02 16:46 - 2012-09-02 16:46 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ICCWDT_01009.Wdf
2012-09-02 16:43 - 2012-09-02 16:43 - 00000186 ____A C:\Windows\lan.log
2012-09-02 16:31 - 2012-09-02 16:31 - 00000000 ____A C:\Windows\ativpsrm.bin
2012-09-01 00:33 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-09-01 00:33 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-08-31 23:35 - 2012-08-31 23:35 - 00001313 ____A C:\Windows\TSSysprep.log
2012-08-31 23:35 - 2012-08-31 23:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-08-31 23:35 - 2009-07-13 20:46 - 00001774 ____A C:\Windows\DtcInstall.log
2012-08-30 10:03 - 2012-10-12 03:22 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 09:12 - 2012-10-12 03:22 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 09:12 - 2012-10-12 03:22 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-30 08:40 - 2012-08-30 08:40 - 00000020 ___SH C:\Users\Kyle\ntuser.ini
2012-08-25 15:16 - 2012-08-25 15:13 - 00000108 ____A C:\Users\Kyle\Downloads\ReadMe and Comment.html
2012-08-25 15:16 - 2012-08-25 15:13 - 00000089 ____A C:\Users\Kyle\Downloads\Download RegistryEasy to Fix Windows.html
2012-08-24 14:43 - 2012-08-24 14:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-08-24 10:05 - 2012-10-12 03:22 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 08:57 - 2012-10-12 03:22 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 03:15 - 2012-10-12 03:27 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-10-12 03:27 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-10-12 03:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-10-12 03:27 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-10-12 03:27 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-10-12 03:27 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-10-12 03:27 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-10-12 03:27 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-10-12 03:27 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-10-12 03:27 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-10-12 03:27 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-10-12 03:27 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-10-12 03:27 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-10-12 03:27 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-10-12 03:27 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-10-12 03:27 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-10-12 03:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-10-12 03:27 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-10-12 03:27 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-10-12 03:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-10-12 03:27 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-10-12 03:27 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-10-12 03:27 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-10-12 03:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-10-12 03:27 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-10-12 03:27 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-10-12 03:27 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-10-12 03:27 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-10-12 03:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-10-12 03:27 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-10-12 03:27 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-10-12 03:27 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-10 16:56 - 2012-10-12 03:22 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 15:56 - 2012-10-12 03:22 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

ZeroAccess:
C:\Windows\Installer\{0aaae9d4-1845-58c1-a35b-3b645d409b85}
C:\Windows\Installer\{0aaae9d4-1845-58c1-a35b-3b645d409b85}\@
C:\Windows\Installer\{0aaae9d4-1845-58c1-a35b-3b645d409b85}\L
C:\Windows\Installer\{0aaae9d4-1845-58c1-a35b-3b645d409b85}\U
C:\Windows\Installer\{0aaae9d4-1845-58c1-a35b-3b645d409b85}\L\00000004.@
C:\Windows\Installer\{0aaae9d4-1845-58c1-a35b-3b645d409b85}\L\201d3dde
C:\Windows\Installer\{0aaae9d4-1845-58c1-a35b-3b645d409b85}\U\00000004.@
C:\Windows\Installer\{0aaae9d4-1845-58c1-a35b-3b645d409b85}\U\00000008.@
C:\Windows\Installer\{0aaae9d4-1845-58c1-a35b-3b645d409b85}\U\000000cb.@
C:\Windows\Installer\{0aaae9d4-1845-58c1-a35b-3b645d409b85}\U\80000000.@
C:\Windows\Installer\{0aaae9d4-1845-58c1-a35b-3b645d409b85}\U\80000032.@
C:\Windows\Installer\{0aaae9d4-1845-58c1-a35b-3b645d409b85}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll
[2012-09-07 16:52] - [2010-11-20 05:27] - 1008640 ____A (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E

C:\Windows\SysWOW64\User32.dll
[2012-10-12 04:43] - [2012-10-12 04:43] - 0833024 ____A (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-27 14:07:32
Restore point made on: 2012-11-03 12:22:05

==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 16339.57 MB
Available physical RAM: 15034.54 MB
Total Pagefile: 16337.72 MB
Available Pagefile: 15106.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:119.14 GB) (Free:49.64 GB) NTFS
2 Drive d: (Local Disk) (Fixed) (Total:931.51 GB) (Free:639.17 GB) NTFS
3 Drive f: (Devil_and_Daniel_Johnston) (CDROM) (Total:7.58 GB) (Free:0 GB) UDF
4 Drive g: () (Removable) (Total:1.87 GB) (Free:1.86 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 119 GB 0 B
Disk 1 Online 931 GB 0 B
Disk 2 Online 1911 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 119 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 119 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D Local Disk NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1910 MB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 1910 MB Healthy

=========================================================

Last Boot: 2012-10-26 02:59

==================== End Of Log =============================
 
Farbar Recovery Scan Tool (x64) Version: 30-10-2012
Ran by SYSTEM at 2012-11-04 10:13:34
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

=====================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

==================================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=====================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

===============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 

Attachments

  • fixlist.txt
    384 bytes · Views: 1
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2012
Ran by SYSTEM at 2012-11-04 10:41:04 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
C:\Windows\Installer\{0aaae9d4-1845-58c1-a35b-3b645d409b85} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====
 
10:45:12.0307 1588 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:45:12.0915 1588 ============================================================
10:45:12.0915 1588 Current date / time: 2012/11/04 10:45:12.0915
10:45:12.0915 1588 SystemInfo:
10:45:12.0915 1588
10:45:12.0915 1588 OS Version: 6.1.7601 ServicePack: 1.0
10:45:12.0915 1588 Product type: Workstation
10:45:12.0915 1588 ComputerName: KYLE-PC
10:45:12.0915 1588 UserName: Kyle
10:45:12.0915 1588 Windows directory: C:\Windows
10:45:12.0915 1588 System windows directory: C:\Windows
10:45:12.0915 1588 Running under WOW64
10:45:12.0915 1588 Processor architecture: Intel x64
10:45:12.0915 1588 Number of processors: 8
10:45:12.0915 1588 Page size: 0x1000
10:45:12.0915 1588 Boot type: Normal boot
10:45:12.0915 1588 ============================================================
10:45:13.0178 1588 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:45:13.0180 1588 Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:45:13.0185 1588 Drive \Device\Harddisk2\DR2 - Size: 0x77700000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:45:13.0186 1588 ============================================================
10:45:13.0186 1588 \Device\Harddisk0\DR0:
10:45:13.0186 1588 MBR partitions:
10:45:13.0186 1588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
10:45:13.0186 1588 \Device\Harddisk1\DR1:
10:45:13.0188 1588 MBR partitions:
10:45:13.0188 1588 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:45:13.0188 1588 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
10:45:13.0188 1588 \Device\Harddisk2\DR2:
10:45:13.0188 1588 MBR partitions:
10:45:13.0188 1588 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3BB7E0
10:45:13.0188 1588 ============================================================
10:45:13.0190 1588 C: <-> \Device\Harddisk1\DR1\Partition2
10:45:13.0210 1588 A: <-> \Device\Harddisk0\DR0\Partition1
10:45:13.0210 1588 ============================================================
10:45:13.0210 1588 Initialize success
10:45:13.0210 1588 ============================================================
10:45:17.0698 5244 ============================================================
10:45:17.0698 5244 Scan started
10:45:17.0698 5244 Mode: Manual;
10:45:17.0698 5244 ============================================================
10:45:17.0879 5244 ================ Scan system memory ========================
10:45:17.0879 5244 System memory - ok
10:45:17.0879 5244 ================ Scan services =============================
10:45:17.0905 5244 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:45:17.0907 5244 1394ohci - ok
10:45:17.0913 5244 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:45:17.0917 5244 ACPI - ok
10:45:17.0920 5244 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:45:17.0921 5244 AcpiPmi - ok
10:45:17.0937 5244 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:45:17.0940 5244 AdobeFlashPlayerUpdateSvc - ok
10:45:17.0948 5244 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:45:17.0953 5244 adp94xx - ok
10:45:17.0959 5244 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:45:17.0962 5244 adpahci - ok
10:45:17.0967 5244 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:45:17.0969 5244 adpu320 - ok
10:45:17.0974 5244 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:45:17.0975 5244 AeLookupSvc - ok
10:45:17.0982 5244 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:45:17.0987 5244 AFD - ok
10:45:17.0990 5244 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:45:17.0991 5244 agp440 - ok
10:45:17.0994 5244 [ A41B855EDC1F141851E27F984827942C ] AiCharger C:\Windows\syswow64\drivers\AiCharger.sys
10:45:17.0995 5244 AiCharger - ok
10:45:17.0998 5244 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:45:18.0000 5244 ALG - ok
10:45:18.0002 5244 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:45:18.0004 5244 aliide - ok
10:45:18.0008 5244 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:45:18.0010 5244 AMD External Events Utility - ok
10:45:18.0012 5244 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:45:18.0013 5244 amdide - ok
10:45:18.0016 5244 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:45:18.0018 5244 AmdK8 - ok
10:45:18.0132 5244 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:45:18.0228 5244 amdkmdag - ok
10:45:18.0235 5244 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:45:18.0236 5244 amdkmdap - ok
10:45:18.0239 5244 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:45:18.0240 5244 AmdPPM - ok
10:45:18.0243 5244 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:45:18.0244 5244 amdsata - ok
10:45:18.0247 5244 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:45:18.0249 5244 amdsbs - ok
10:45:18.0251 5244 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:45:18.0252 5244 amdxata - ok
10:45:18.0254 5244 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:45:18.0256 5244 AppID - ok
10:45:18.0258 5244 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:45:18.0259 5244 AppIDSvc - ok
10:45:18.0261 5244 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:45:18.0262 5244 Appinfo - ok
10:45:18.0266 5244 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:45:18.0268 5244 Apple Mobile Device - ok
10:45:18.0272 5244 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:45:18.0274 5244 AppMgmt - ok
10:45:18.0276 5244 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:45:18.0277 5244 arc - ok
10:45:18.0280 5244 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:45:18.0281 5244 arcsas - ok
10:45:18.0291 5244 [ F7692E60147E56A1CEEE144974F41830 ] asComSvc C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
10:45:18.0294 5244 asComSvc - ok
10:45:18.0304 5244 [ 0466B91EE5767A769E9F8EDB8EF94DDB ] asHmComSvc C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
10:45:18.0307 5244 asHmComSvc - ok
10:45:18.0309 5244 [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
10:45:18.0310 5244 AsIO - ok
10:45:18.0313 5244 [ 22842362DF890F5492F85AA60916A697 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
10:45:18.0313 5244 asmthub3 - ok
10:45:18.0318 5244 [ 08E2D77766CC05E75A0707207D9FC684 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
10:45:18.0320 5244 asmtxhci - ok
10:45:18.0329 5244 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:45:18.0332 5244 aspnet_state - ok
10:45:18.0335 5244 [ AD8947D621FDCA48F1F39F4624B60AA1 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
10:45:18.0336 5244 AsSysCtrlService - ok
10:45:18.0338 5244 [ 1392B92179B07B672720763D9B1028A5 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
10:45:18.0338 5244 AsUpIO - ok
10:45:18.0352 5244 [ B4F550250E33C02E6E71955621F7A0A6 ] AsusFanControlService C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe
10:45:18.0358 5244 AsusFanControlService - ok
10:45:18.0360 5244 [ A5E4CDB420540095D1293C874B5F89AA ] ASUSFILTER C:\Windows\syswow64\drivers\ASUSFILTER.sys
10:45:18.0361 5244 ASUSFILTER - ok
10:45:18.0363 5244 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:45:18.0364 5244 AsyncMac - ok
10:45:18.0366 5244 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:45:18.0366 5244 atapi - ok
10:45:18.0370 5244 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
10:45:18.0370 5244 AtiHDAudioService - ok
10:45:18.0378 5244 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:45:18.0383 5244 AudioEndpointBuilder - ok
10:45:18.0390 5244 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:45:18.0392 5244 AudioSrv - ok
10:45:18.0436 5244 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
10:45:18.0454 5244 AVGIDSAgent - ok
10:45:18.0458 5244 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
10:45:18.0458 5244 AVGIDSDriver - ok
10:45:18.0460 5244 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
10:45:18.0460 5244 AVGIDSFilter - ok
10:45:18.0462 5244 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
10:45:18.0462 5244 AVGIDSHA - ok
10:45:18.0467 5244 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
10:45:18.0468 5244 Avgldx64 - ok
10:45:18.0470 5244 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
10:45:18.0471 5244 Avgmfx64 - ok
10:45:18.0473 5244 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
10:45:18.0473 5244 Avgrkx64 - ok
10:45:18.0478 5244 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
10:45:18.0480 5244 Avgtdia - ok
10:45:18.0483 5244 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
10:45:18.0484 5244 avgwd - ok
10:45:18.0487 5244 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:45:18.0488 5244 AxInstSV - ok
10:45:18.0494 5244 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:45:18.0498 5244 b06bdrv - ok
10:45:18.0502 5244 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:45:18.0505 5244 b57nd60a - ok
10:45:18.0508 5244 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:45:18.0510 5244 BDESVC - ok
10:45:18.0511 5244 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:45:18.0512 5244 Beep - ok
10:45:18.0514 5244 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:45:18.0515 5244 blbdrive - ok
10:45:18.0521 5244 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:45:18.0523 5244 Bonjour Service - ok
10:45:18.0525 5244 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:45:18.0526 5244 bowser - ok
10:45:18.0528 5244 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:45:18.0529 5244 BrFiltLo - ok
10:45:18.0531 5244 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:45:18.0531 5244 BrFiltUp - ok
10:45:18.0535 5244 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:45:18.0537 5244 Browser - ok
10:45:18.0541 5244 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:45:18.0543 5244 Brserid - ok
10:45:18.0546 5244 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:45:18.0547 5244 BrSerWdm - ok
10:45:18.0548 5244 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:45:18.0549 5244 BrUsbMdm - ok
10:45:18.0551 5244 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:45:18.0552 5244 BrUsbSer - ok
10:45:18.0554 5244 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:45:18.0555 5244 BTHMODEM - ok
10:45:18.0558 5244 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:45:18.0560 5244 bthserv - ok
10:45:18.0562 5244 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:45:18.0563 5244 cdfs - ok
10:45:18.0566 5244 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
10:45:18.0568 5244 cdrom - ok
10:45:18.0571 5244 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:45:18.0572 5244 CertPropSvc - ok
10:45:18.0574 5244 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:45:18.0576 5244 circlass - ok
10:45:18.0580 5244 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:45:18.0583 5244 CLFS - ok
10:45:18.0588 5244 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:45:18.0589 5244 clr_optimization_v2.0.50727_32 - ok
10:45:18.0592 5244 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:45:18.0595 5244 clr_optimization_v2.0.50727_64 - ok
10:45:18.0600 5244 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:45:18.0608 5244 clr_optimization_v4.0.30319_32 - ok
10:45:18.0611 5244 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:45:18.0614 5244 clr_optimization_v4.0.30319_64 - ok
10:45:18.0616 5244 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:45:18.0617 5244 CmBatt - ok
10:45:18.0619 5244 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:45:18.0619 5244 cmdide - ok
10:45:18.0625 5244 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:45:18.0628 5244 CNG - ok
10:45:18.0631 5244 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:45:18.0632 5244 Compbatt - ok
10:45:18.0634 5244 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:45:18.0635 5244 CompositeBus - ok
10:45:18.0637 5244 COMSysApp - ok
10:45:18.0639 5244 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:45:18.0640 5244 crcdisk - ok
10:45:18.0644 5244 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:45:18.0646 5244 CryptSvc - ok
10:45:18.0652 5244 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
10:45:18.0655 5244 CSC - ok
10:45:18.0662 5244 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
10:45:18.0667 5244 CscService - ok
10:45:18.0674 5244 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:45:18.0679 5244 DcomLaunch - ok
10:45:18.0683 5244 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:45:18.0686 5244 defragsvc - ok
10:45:18.0688 5244 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:45:18.0689 5244 DfsC - ok
10:45:18.0694 5244 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:45:18.0697 5244 Dhcp - ok
10:45:18.0699 5244 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:45:18.0700 5244 discache - ok
10:45:18.0703 5244 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:45:18.0703 5244 Disk - ok
10:45:18.0707 5244 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:45:18.0709 5244 Dnscache - ok
10:45:18.0713 5244 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:45:18.0716 5244 dot3svc - ok
10:45:18.0719 5244 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:45:18.0721 5244 DPS - ok
10:45:18.0722 5244 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:45:18.0723 5244 drmkaud - ok
10:45:18.0733 5244 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:45:18.0737 5244 DXGKrnl - ok
10:45:18.0740 5244 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:45:18.0741 5244 EapHost - ok
10:45:18.0768 5244 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:45:18.0793 5244 ebdrv - ok
10:45:18.0795 5244 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:45:18.0796 5244 EFS - ok
10:45:18.0804 5244 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:45:18.0807 5244 ehRecvr - ok
10:45:18.0810 5244 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:45:18.0811 5244 ehSched - ok
10:45:18.0817 5244 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:45:18.0822 5244 elxstor - ok
10:45:18.0824 5244 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:45:18.0825 5244 ErrDev - ok
10:45:18.0832 5244 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:45:18.0835 5244 EventSystem - ok
10:45:18.0838 5244 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:45:18.0840 5244 exfat - ok
10:45:18.0844 5244 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:45:18.0846 5244 fastfat - ok
10:45:18.0853 5244 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:45:18.0856 5244 Fax - ok
10:45:18.0858 5244 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:45:18.0859 5244 fdc - ok
10:45:18.0861 5244 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:45:18.0862 5244 fdPHost - ok
10:45:18.0864 5244 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:45:18.0865 5244 FDResPub - ok
10:45:18.0867 5244 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:45:18.0868 5244 FileInfo - ok
10:45:18.0870 5244 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:45:18.0871 5244 Filetrace - ok
10:45:18.0873 5244 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:45:18.0874 5244 flpydisk - ok
10:45:18.0878 5244 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:45:18.0880 5244 FltMgr - ok
10:45:18.0891 5244 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
10:45:18.0900 5244 FontCache - ok
10:45:18.0903 5244 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:45:18.0903 5244 FontCache3.0.0.0 - ok
10:45:18.0905 5244 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:45:18.0906 5244 FsDepends - ok
10:45:18.0908 5244 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:45:18.0909 5244 Fs_Rec - ok
10:45:18.0913 5244 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:45:18.0914 5244 fvevol - ok
10:45:18.0917 5244 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:45:18.0918 5244 gagp30kx - ok
10:45:18.0920 5244 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:45:18.0921 5244 GEARAspiWDM - ok
10:45:18.0929 5244 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:45:18.0935 5244 gpsvc - ok
10:45:18.0937 5244 gupdate - ok
10:45:18.0938 5244 gupdatem - ok
10:45:18.0941 5244 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:45:18.0942 5244 hcw85cir - ok
10:45:18.0947 5244 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:45:18.0950 5244 HdAudAddService - ok
10:45:18.0953 5244 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:45:18.0954 5244 HDAudBus - ok
10:45:18.0956 5244 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:45:18.0957 5244 HidBatt - ok
10:45:18.0960 5244 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:45:18.0961 5244 HidBth - ok
10:45:18.0963 5244 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:45:18.0965 5244 HidIr - ok
10:45:18.0967 5244 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:45:18.0968 5244 hidserv - ok
10:45:18.0970 5244 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
10:45:18.0971 5244 HidUsb - ok
10:45:18.0988 5244 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:45:19.0043 5244 hkmsvc - ok
10:45:19.0049 5244 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:45:19.0054 5244 HomeGroupListener - ok
10:45:19.0059 5244 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:45:19.0063 5244 HomeGroupProvider - ok
10:45:19.0067 5244 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:45:19.0069 5244 HpSAMD - ok
10:45:19.0081 5244 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:45:19.0087 5244 HTTP - ok
10:45:19.0091 5244 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:45:19.0092 5244 hwpolicy - ok
10:45:19.0096 5244 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:45:19.0098 5244 i8042prt - ok
10:45:19.0107 5244 [ D1753C06EE17E29352B065EACF3F10D0 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:45:19.0110 5244 iaStor - ok
10:45:19.0113 5244 [ 545462D0DBE24AF379BA869B7C185CCD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:45:19.0114 5244 IAStorDataMgrSvc - ok
10:45:19.0120 5244 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:45:19.0124 5244 iaStorV - ok
10:45:19.0128 5244 [ 90D95B25F8413F937A2E155F196D892C ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
10:45:19.0129 5244 ICCS - ok
10:45:19.0131 5244 [ C1010ADD3DDAE1196ED21057AF7B2AAE ] ICCWDT C:\Windows\system32\DRIVERS\ICCWDT.sys
10:45:19.0132 5244 ICCWDT - ok
10:45:19.0142 5244 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:45:19.0146 5244 idsvc - ok
10:45:19.0149 5244 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:45:19.0151 5244 iirsp - ok
10:45:19.0160 5244 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:45:19.0168 5244 IKEEXT - ok
10:45:19.0224 5244 [ 5F6A3EA5BD7CA861863A3A06CECC115C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:45:19.0244 5244 IntcAzAudAddService - ok
10:45:19.0252 5244 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
10:45:19.0255 5244 Intel(R) Capability Licensing Service Interface - ok
10:45:19.0257 5244 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:45:19.0258 5244 intelide - ok
10:45:19.0260 5244 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:45:19.0260 5244 intelppm - ok
10:45:19.0263 5244 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:45:19.0264 5244 IPBusEnum - ok
10:45:19.0267 5244 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:45:19.0268 5244 IpFilterDriver - ok
10:45:19.0270 5244 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:45:19.0271 5244 IPMIDRV - ok
10:45:19.0274 5244 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:45:19.0276 5244 IPNAT - ok
10:45:19.0285 5244 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:45:19.0288 5244 iPod Service - ok
10:45:19.0290 5244 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:45:19.0291 5244 IRENUM - ok
10:45:19.0293 5244 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:45:19.0294 5244 isapnp - ok
10:45:19.0298 5244 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:45:19.0300 5244 iScsiPrt - ok
10:45:19.0302 5244 [ 846354992EBB373F452EB9182D501B08 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
10:45:19.0303 5244 iusb3hcs - ok
10:45:19.0308 5244 [ 1D88A23853387D34D52CC8F9DDBFC56C ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
10:45:19.0309 5244 iusb3hub - ok
10:45:19.0317 5244 [ FC5EFD7C797DF19DFB999F0605A7924E ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
10:45:19.0320 5244 iusb3xhc - ok
10:45:19.0324 5244 [ 16FB3C63287DC1E0061101012844F26F ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
10:45:19.0324 5244 jhi_service - ok
10:45:19.0327 5244 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
10:45:19.0327 5244 kbdclass - ok
10:45:19.0329 5244 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:45:19.0330 5244 kbdhid - ok
10:45:19.0332 5244 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:45:19.0333 5244 KeyIso - ok
10:45:19.0335 5244 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:45:19.0336 5244 KSecDD - ok
10:45:19.0339 5244 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:45:19.0340 5244 KSecPkg - ok
10:45:19.0342 5244 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:45:19.0343 5244 ksthunk - ok
10:45:19.0348 5244 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:45:19.0351 5244 KtmRm - ok
10:45:19.0355 5244 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:45:19.0358 5244 LanmanServer - ok
10:45:19.0361 5244 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:45:19.0363 5244 LanmanWorkstation - ok
10:45:19.0365 5244 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:45:19.0366 5244 lltdio - ok
10:45:19.0371 5244 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:45:19.0374 5244 lltdsvc - ok
10:45:19.0376 5244 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:45:19.0377 5244 lmhosts - ok
10:45:19.0381 5244 [ 8D7E37CDE7393D59C46A3A61D30C6228 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:45:19.0383 5244 LMS - ok
10:45:19.0386 5244 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:45:19.0388 5244 LSI_FC - ok
10:45:19.0390 5244 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:45:19.0392 5244 LSI_SAS - ok
10:45:19.0394 5244 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:45:19.0395 5244 LSI_SAS2 - ok
 
10:45:19.0397 5244 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:45:19.0399 5244 LSI_SCSI - ok
10:45:19.0401 5244 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:45:19.0402 5244 luafv - ok
10:45:19.0407 5244 [ 7212995303FB21E44457E0302CA59B65 ] MAFWPROFIRE C:\Windows\system32\DRIVERS\MAudioProFire.sys
10:45:19.0408 5244 MAFWPROFIRE - ok
10:45:19.0410 5244 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:45:19.0412 5244 Mcx2Svc - ok
10:45:19.0414 5244 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:45:19.0415 5244 megasas - ok
10:45:19.0420 5244 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:45:19.0422 5244 MegaSR - ok
10:45:19.0425 5244 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:45:19.0425 5244 MEIx64 - ok
10:45:19.0428 5244 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:45:19.0429 5244 MMCSS - ok
10:45:19.0431 5244 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:45:19.0432 5244 Modem - ok
10:45:19.0434 5244 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:45:19.0434 5244 monitor - ok
10:45:19.0436 5244 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
10:45:19.0437 5244 mouclass - ok
10:45:19.0439 5244 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:45:19.0439 5244 mouhid - ok
10:45:19.0442 5244 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:45:19.0443 5244 mountmgr - ok
10:45:19.0447 5244 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:45:19.0449 5244 MozillaMaintenance - ok
10:45:19.0452 5244 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:45:19.0454 5244 mpio - ok
10:45:19.0456 5244 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:45:19.0458 5244 mpsdrv - ok
10:45:19.0461 5244 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:45:19.0463 5244 MRxDAV - ok
10:45:19.0466 5244 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:45:19.0467 5244 mrxsmb - ok
10:45:19.0471 5244 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:45:19.0472 5244 mrxsmb10 - ok
10:45:19.0475 5244 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:45:19.0475 5244 mrxsmb20 - ok
10:45:19.0477 5244 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:45:19.0478 5244 msahci - ok
10:45:19.0481 5244 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:45:19.0482 5244 msdsm - ok
10:45:19.0485 5244 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:45:19.0487 5244 MSDTC - ok
10:45:19.0491 5244 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:45:19.0491 5244 Msfs - ok
10:45:19.0493 5244 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:45:19.0494 5244 mshidkmdf - ok
10:45:19.0496 5244 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:45:19.0496 5244 msisadrv - ok
10:45:19.0499 5244 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:45:19.0501 5244 MSiSCSI - ok
10:45:19.0503 5244 msiserver - ok
10:45:19.0505 5244 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:45:19.0506 5244 MSKSSRV - ok
10:45:19.0508 5244 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:45:19.0509 5244 MSPCLOCK - ok
10:45:19.0510 5244 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:45:19.0511 5244 MSPQM - ok
10:45:19.0516 5244 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:45:19.0518 5244 MsRPC - ok
10:45:19.0521 5244 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:45:19.0522 5244 mssmbios - ok
10:45:19.0524 5244 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:45:19.0525 5244 MSTEE - ok
10:45:19.0526 5244 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:45:19.0527 5244 MTConfig - ok
10:45:19.0529 5244 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:45:19.0530 5244 Mup - ok
10:45:19.0535 5244 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:45:19.0540 5244 napagent - ok
10:45:19.0544 5244 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:45:19.0547 5244 NativeWifiP - ok
10:45:19.0557 5244 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
10:45:19.0564 5244 NDIS - ok
10:45:19.0566 5244 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:45:19.0567 5244 NdisCap - ok
10:45:19.0569 5244 [ DE4CEF317628F50B576673964A8C712B ] ndisrd C:\Windows\system32\DRIVERS\ndisrd.sys
10:45:19.0570 5244 ndisrd - ok
10:45:19.0572 5244 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:45:19.0573 5244 NdisTapi - ok
10:45:19.0575 5244 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:45:19.0575 5244 Ndisuio - ok
10:45:19.0579 5244 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:45:19.0580 5244 NdisWan - ok
10:45:19.0582 5244 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:45:19.0583 5244 NDProxy - ok
10:45:19.0585 5244 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:45:19.0586 5244 NetBIOS - ok
10:45:19.0590 5244 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:45:19.0591 5244 NetBT - ok
10:45:19.0593 5244 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:45:19.0594 5244 Netlogon - ok
10:45:19.0599 5244 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:45:19.0602 5244 Netman - ok
10:45:19.0605 5244 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:45:19.0608 5244 NetMsmqActivator - ok
10:45:19.0610 5244 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:45:19.0611 5244 NetPipeActivator - ok
10:45:19.0616 5244 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:45:19.0620 5244 netprofm - ok
10:45:19.0622 5244 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:45:19.0623 5244 NetTcpActivator - ok
10:45:19.0625 5244 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:45:19.0626 5244 NetTcpPortSharing - ok
10:45:19.0628 5244 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:45:19.0629 5244 nfrd960 - ok
10:45:19.0634 5244 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:45:19.0637 5244 NlaSvc - ok
10:45:19.0639 5244 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:45:19.0639 5244 Npfs - ok
10:45:19.0641 5244 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:45:19.0642 5244 nsi - ok
10:45:19.0644 5244 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:45:19.0645 5244 nsiproxy - ok
10:45:19.0661 5244 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:45:19.0672 5244 Ntfs - ok
10:45:19.0675 5244 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:45:19.0675 5244 Null - ok
10:45:19.0678 5244 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:45:19.0680 5244 nvraid - ok
10:45:19.0683 5244 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:45:19.0685 5244 nvstor - ok
10:45:19.0688 5244 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:45:19.0689 5244 nv_agp - ok
10:45:19.0692 5244 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:45:19.0693 5244 ohci1394 - ok
10:45:19.0698 5244 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:45:19.0700 5244 ose - ok
10:45:19.0740 5244 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:45:19.0775 5244 osppsvc - ok
10:45:19.0781 5244 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:45:19.0784 5244 p2pimsvc - ok
10:45:19.0790 5244 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:45:19.0794 5244 p2psvc - ok
10:45:19.0796 5244 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:45:19.0798 5244 Parport - ok
10:45:19.0800 5244 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:45:19.0801 5244 partmgr - ok
10:45:19.0804 5244 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:45:19.0807 5244 PcaSvc - ok
10:45:19.0810 5244 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:45:19.0812 5244 pci - ok
10:45:19.0813 5244 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:45:19.0814 5244 pciide - ok
10:45:19.0818 5244 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:45:19.0820 5244 pcmcia - ok
10:45:19.0822 5244 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:45:19.0823 5244 pcw - ok
10:45:19.0829 5244 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:45:19.0834 5244 PEAUTH - ok
10:45:19.0846 5244 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:45:19.0856 5244 PeerDistSvc - ok
10:45:19.0870 5244 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:45:19.0871 5244 PerfHost - ok
10:45:19.0886 5244 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:45:19.0897 5244 pla - ok
10:45:19.0902 5244 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:45:19.0906 5244 PlugPlay - ok
10:45:19.0908 5244 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:45:19.0910 5244 PNRPAutoReg - ok
10:45:19.0914 5244 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:45:19.0916 5244 PNRPsvc - ok
10:45:19.0921 5244 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:45:19.0926 5244 PolicyAgent - ok
10:45:19.0930 5244 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:45:19.0932 5244 Power - ok
10:45:19.0935 5244 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:45:19.0935 5244 PptpMiniport - ok
10:45:19.0938 5244 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:45:19.0939 5244 Processor - ok
10:45:19.0942 5244 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
10:45:19.0945 5244 ProfSvc - ok
10:45:19.0947 5244 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:45:19.0948 5244 ProtectedStorage - ok
10:45:19.0951 5244 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:45:19.0952 5244 Psched - ok
10:45:19.0965 5244 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:45:19.0976 5244 ql2300 - ok
10:45:19.0979 5244 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:45:19.0981 5244 ql40xx - ok
10:45:19.0985 5244 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:45:19.0988 5244 QWAVE - ok
10:45:19.0990 5244 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:45:19.0991 5244 QWAVEdrv - ok
10:45:19.0992 5244 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:45:19.0993 5244 RasAcd - ok
10:45:19.0996 5244 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:45:19.0997 5244 RasAgileVpn - ok
10:45:19.0999 5244 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:45:20.0001 5244 RasAuto - ok
10:45:20.0004 5244 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:45:20.0005 5244 Rasl2tp - ok
10:45:20.0009 5244 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:45:20.0013 5244 RasMan - ok
10:45:20.0015 5244 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:45:20.0017 5244 RasPppoe - ok
10:45:20.0019 5244 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:45:20.0020 5244 RasSstp - ok
10:45:20.0025 5244 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:45:20.0026 5244 rdbss - ok
10:45:20.0028 5244 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:45:20.0029 5244 rdpbus - ok
10:45:20.0031 5244 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:45:20.0031 5244 RDPCDD - ok
10:45:20.0035 5244 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:45:20.0036 5244 RDPDR - ok
10:45:20.0039 5244 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:45:20.0039 5244 RDPENCDD - ok
10:45:20.0042 5244 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:45:20.0042 5244 RDPREFMP - ok
10:45:20.0046 5244 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:45:20.0047 5244 RdpVideoMiniport - ok
10:45:20.0051 5244 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:45:20.0053 5244 RDPWD - ok
10:45:20.0057 5244 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:45:20.0059 5244 rdyboost - ok
10:45:20.0062 5244 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:45:20.0063 5244 RemoteAccess - ok
10:45:20.0066 5244 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:45:20.0069 5244 RemoteRegistry - ok
10:45:20.0071 5244 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:45:20.0072 5244 RpcEptMapper - ok
10:45:20.0074 5244 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:45:20.0075 5244 RpcLocator - ok
10:45:20.0081 5244 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:45:20.0083 5244 RpcSs - ok
10:45:20.0086 5244 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:45:20.0087 5244 rspndr - ok
10:45:20.0094 5244 [ 8181B5E7BFC040E0B26349C73E719335 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:45:20.0097 5244 RTL8167 - ok
10:45:20.0099 5244 [ E16B7C030A05EF649B18FAB0A93D871F ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
10:45:20.0099 5244 RtNdPt60 - ok
10:45:20.0101 5244 [ 1DE78F5008120CD79B34C12394DCD493 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam60.sys
10:45:20.0107 5244 RTTEAMPT - ok
10:45:20.0109 5244 [ ED0624ED83121E1BC141F49B1316CAA0 ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan620.sys
10:45:20.0110 5244 RTVLANPT - ok
10:45:20.0112 5244 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:45:20.0113 5244 s3cap - ok
10:45:20.0115 5244 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:45:20.0116 5244 SamSs - ok
10:45:20.0118 5244 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:45:20.0120 5244 sbp2port - ok
10:45:20.0132 5244 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
10:45:20.0140 5244 SBSDWSCService - ok
10:45:20.0144 5244 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:45:20.0147 5244 SCardSvr - ok
10:45:20.0149 5244 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:45:20.0149 5244 scfilter - ok
10:45:20.0159 5244 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:45:20.0168 5244 Schedule - ok
10:45:20.0171 5244 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:45:20.0171 5244 SCPolicySvc - ok
10:45:20.0174 5244 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:45:20.0177 5244 SDRSVC - ok
10:45:20.0179 5244 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:45:20.0180 5244 secdrv - ok
10:45:20.0182 5244 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:45:20.0183 5244 seclogon - ok
10:45:20.0186 5244 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:45:20.0187 5244 SENS - ok
10:45:20.0189 5244 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:45:20.0191 5244 SensrSvc - ok
10:45:20.0193 5244 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:45:20.0194 5244 Serenum - ok
10:45:20.0196 5244 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:45:20.0198 5244 Serial - ok
10:45:20.0200 5244 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:45:20.0201 5244 sermouse - ok
10:45:20.0207 5244 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:45:20.0209 5244 SessionEnv - ok
10:45:20.0211 5244 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:45:20.0212 5244 sffdisk - ok
10:45:20.0214 5244 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:45:20.0215 5244 sffp_mmc - ok
10:45:20.0216 5244 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:45:20.0217 5244 sffp_sd - ok
10:45:20.0219 5244 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:45:20.0220 5244 sfloppy - ok
10:45:20.0226 5244 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:45:20.0229 5244 ShellHWDetection - ok
10:45:20.0232 5244 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:45:20.0233 5244 SiSRaid2 - ok
10:45:20.0236 5244 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:45:20.0237 5244 SiSRaid4 - ok
10:45:20.0239 5244 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:45:20.0241 5244 Smb - ok
10:45:20.0245 5244 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:45:20.0246 5244 SNMPTRAP - ok
10:45:20.0248 5244 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:45:20.0249 5244 spldr - ok
10:45:20.0255 5244 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
10:45:20.0258 5244 Spooler - ok
10:45:20.0286 5244 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:45:20.0312 5244 sppsvc - ok
10:45:20.0316 5244 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:45:20.0317 5244 sppuinotify - ok
10:45:20.0324 5244 [ A15860E920B02C9A7CE8F3A6C2FF1E3A ] sptd C:\Windows\System32\Drivers\sptd.sys
10:45:20.0328 5244 sptd - ok
10:45:20.0334 5244 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:45:20.0336 5244 srv - ok
10:45:20.0341 5244 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:45:20.0343 5244 srv2 - ok
10:45:20.0346 5244 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:45:20.0347 5244 srvnet - ok
10:45:20.0351 5244 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:45:20.0354 5244 SSDPSRV - ok
10:45:20.0356 5244 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:45:20.0358 5244 SstpSvc - ok
10:45:20.0361 5244 Steam Client Service - ok
10:45:20.0364 5244 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:45:20.0365 5244 stexstor - ok
10:45:20.0372 5244 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:45:20.0377 5244 stisvc - ok
10:45:20.0380 5244 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:45:20.0380 5244 storflt - ok
10:45:20.0382 5244 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:45:20.0383 5244 storvsc - ok
10:45:20.0385 5244 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:45:20.0385 5244 swenum - ok
10:45:20.0391 5244 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:45:20.0396 5244 swprv - ok
10:45:20.0398 5244 Synth3dVsc - ok
10:45:20.0413 5244 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:45:20.0426 5244 SysMain - ok
10:45:20.0429 5244 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:45:20.0431 5244 TabletInputService - ok
10:45:20.0435 5244 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:45:20.0439 5244 TapiSrv - ok
10:45:20.0441 5244 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:45:20.0442 5244 TBS - ok
10:45:20.0458 5244 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:45:20.0465 5244 Tcpip - ok
10:45:20.0482 5244 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:45:20.0489 5244 TCPIP6 - ok
10:45:20.0492 5244 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:45:20.0493 5244 tcpipreg - ok
10:45:20.0495 5244 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:45:20.0496 5244 TDPIPE - ok
10:45:20.0498 5244 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:45:20.0499 5244 TDTCP - ok
10:45:20.0502 5244 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:45:20.0503 5244 tdx - ok
10:45:20.0504 5244 [ 1DE78F5008120CD79B34C12394DCD493 ] TEAM C:\Windows\system32\DRIVERS\RtTeam60.sys
10:45:20.0505 5244 TEAM - ok
10:45:20.0507 5244 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:45:20.0508 5244 TermDD - ok
10:45:20.0515 5244 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:45:20.0521 5244 TermService - ok
10:45:20.0523 5244 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:45:20.0524 5244 Themes - ok
10:45:20.0527 5244 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:45:20.0527 5244 THREADORDER - ok
10:45:20.0531 5244 [ 832F9D02B20DE69C52E81DBE13599EE1 ] Tpkd C:\Windows\system32\drivers\Tpkd.sys
10:45:20.0532 5244 Tpkd - ok
10:45:20.0534 5244 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:45:20.0536 5244 TrkWks - ok
10:45:20.0539 5244 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:45:20.0541 5244 TrustedInstaller - ok
10:45:20.0544 5244 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:45:20.0545 5244 tssecsrv - ok
10:45:20.0547 5244 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:45:20.0548 5244 TsUsbFlt - ok
10:45:20.0550 5244 tsusbhub - ok
10:45:20.0553 5244 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:45:20.0554 5244 tunnel - ok
10:45:20.0556 5244 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:45:20.0557 5244 uagp35 - ok
10:45:20.0562 5244 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:45:20.0563 5244 udfs - ok
10:45:20.0567 5244 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:45:20.0568 5244 UI0Detect - ok
10:45:20.0571 5244 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:45:20.0572 5244 uliagpkx - ok
10:45:20.0574 5244 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
10:45:20.0575 5244 umbus - ok
10:45:20.0578 5244 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:45:20.0579 5244 UmPass - ok
10:45:20.0582 5244 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
10:45:20.0585 5244 UmRdpService - ok
10:45:20.0591 5244 [ F8626F1D56FA417C3B4AB6114D8471D5 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:45:20.0594 5244 UNS - ok
10:45:20.0598 5244 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:45:20.0602 5244 upnphost - ok
10:45:20.0605 5244 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
10:45:20.0606 5244 usbccgp - ok
10:45:20.0609 5244 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:45:20.0610 5244 usbcir - ok
10:45:20.0613 5244 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:45:20.0614 5244 usbehci - ok
10:45:20.0618 5244 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
10:45:20.0621 5244 usbhub - ok
10:45:20.0623 5244 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:45:20.0624 5244 usbohci - ok
10:45:20.0626 5244 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:45:20.0627 5244 usbprint - ok
10:45:20.0630 5244 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
10:45:20.0631 5244 USBSTOR - ok
10:45:20.0633 5244 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:45:20.0634 5244 usbuhci - ok
10:45:20.0636 5244 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:45:20.0637 5244 UxSms - ok
10:45:20.0639 5244 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:45:20.0640 5244 VaultSvc - ok
10:45:20.0642 5244 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:45:20.0642 5244 vdrvroot - ok
10:45:20.0648 5244 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:45:20.0651 5244 vds - ok
10:45:20.0653 5244 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:45:20.0654 5244 vga - ok
10:45:20.0656 5244 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:45:20.0657 5244 VgaSave - ok
10:45:20.0658 5244 VGPU - ok
10:45:20.0663 5244 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:45:20.0665 5244 vhdmp - ok
10:45:20.0667 5244 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:45:20.0668 5244 viaide - ok
10:45:20.0671 5244 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:45:20.0673 5244 vmbus - ok
10:45:20.0675 5244 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:45:20.0676 5244 VMBusHID - ok
10:45:20.0678 5244 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:45:20.0679 5244 volmgr - ok
10:45:20.0684 5244 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:45:20.0687 5244 volmgrx - ok
10:45:20.0691 5244 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:45:20.0693 5244 volsnap - ok
10:45:20.0697 5244 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:45:20.0699 5244 vsmraid - ok
10:45:20.0713 5244 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:45:20.0725 5244 VSS - ok
10:45:20.0727 5244 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:45:20.0728 5244 vwifibus - ok
10:45:20.0733 5244 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:45:20.0737 5244 W32Time - ok
10:45:20.0740 5244 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:45:20.0741 5244 WacomPen - ok
10:45:20.0744 5244 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:45:20.0745 5244 WANARP - ok
10:45:20.0747 5244 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:45:20.0747 5244 Wanarpv6 - ok
10:45:20.0759 5244 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:45:20.0768 5244 WatAdminSvc - ok
10:45:20.0782 5244 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:45:20.0788 5244 wbengine - ok
10:45:20.0792 5244 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:45:20.0795 5244 WbioSrvc - ok
10:45:20.0800 5244 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:45:20.0804 5244 wcncsvc - ok
10:45:20.0806 5244 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:45:20.0808 5244 WcsPlugInService - ok
10:45:20.0810 5244 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:45:20.0811 5244 Wd - ok
10:45:20.0817 5244 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:45:20.0822 5244 Wdf01000 - ok
10:45:20.0825 5244 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:45:20.0826 5244 WdiServiceHost - ok
10:45:20.0828 5244 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:45:20.0830 5244 WdiSystemHost - ok
10:45:20.0834 5244 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:45:20.0837 5244 WebClient - ok
10:45:20.0841 5244 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:45:20.0843 5244 Wecsvc - ok
10:45:20.0846 5244 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:45:20.0848 5244 wercplsupport - ok
10:45:20.0851 5244 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:45:20.0853 5244 WerSvc - ok
10:45:20.0855 5244 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:45:20.0856 5244 WfpLwf - ok
10:45:20.0858 5244 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:45:20.0858 5244 WIMMount - ok
10:45:20.0862 5244 WinHttpAutoProxySvc - ok
10:45:20.0868 5244 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:45:20.0871 5244 Winmgmt - ok
10:45:20.0888 5244 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:45:20.0903 5244 WinRM - ok
10:45:20.0914 5244 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:45:20.0921 5244 Wlansvc - ok
10:45:20.0924 5244 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:45:20.0924 5244 WmiAcpi - ok
10:45:20.0929 5244 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:45:20.0929 5244 wmiApSrv - ok
10:45:20.0931 5244 WMPNetworkSvc - ok
10:45:20.0933 5244 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:45:20.0935 5244 WPCSvc - ok
10:45:20.0938 5244 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:45:20.0939 5244 WPDBusEnum - ok
10:45:20.0941 5244 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:45:20.0942 5244 ws2ifsl - ok
10:45:20.0944 5244 WSearch - ok
10:45:20.0948 5244 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:45:20.0948 5244 WudfPf - ok
10:45:20.0952 5244 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:45:20.0953 5244 WUDFRd - ok
10:45:20.0955 5244 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:45:20.0957 5244 wudfsvc - ok
10:45:20.0961 5244 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:45:20.0964 5244 WwanSvc - ok
10:45:20.0966 5244 ================ Scan global ===============================
10:45:20.0968 5244 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:45:20.0972 5244 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:45:20.0977 5244 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:45:20.0980 5244 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:45:20.0985 5244 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:45:20.0987 5244 [Global] - ok
10:45:20.0987 5244 ================ Scan MBR ==================================
10:45:20.0994 5244 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:45:20.0997 5244 \Device\Harddisk0\DR0 - ok
10:45:20.0999 5244 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
10:45:21.0211 5244 \Device\Harddisk1\DR1 - ok
10:45:21.0214 5244 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
10:45:21.0218 5244 \Device\Harddisk2\DR2 - ok
10:45:21.0219 5244 ================ Scan VBR ==================================
10:45:21.0220 5244 [ FC68C32853C9872385301BAC246403D4 ] \Device\Harddisk0\DR0\Partition1
10:45:21.0221 5244 \Device\Harddisk0\DR0\Partition1 - ok
10:45:21.0222 5244 [ 9789D32501E76D938AA8D369EDA264E6 ] \Device\Harddisk1\DR1\Partition1
10:45:21.0223 5244 \Device\Harddisk1\DR1\Partition1 - ok
10:45:21.0225 5244 [ 6D8778497848A51DA8252066A0F7821F ] \Device\Harddisk1\DR1\Partition2
10:45:21.0226 5244 \Device\Harddisk1\DR1\Partition2 - ok
10:45:21.0227 5244 [ 0E9DAA01710622A93E45A93D0441BEA6 ] \Device\Harddisk2\DR2\Partition1
10:45:21.0228 5244 \Device\Harddisk2\DR2\Partition1 - ok
10:45:21.0228 5244 ============================================================
10:45:21.0228 5244 Scan finished
10:45:21.0228 5244 ============================================================
10:45:21.0232 6092 Detected object count: 0
10:45:21.0233 6092 Actual detected object count: 0
 
RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kyle [Admin rights]
Mode : Remove -- Date : 11/04/2012 10:49:33

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][SUSP PATH] At2.job : C:\Windows\bfsvvc.exe -> DELETED
[TASK][SUSP PATH] At1 : C:\Windows\System32\cmd.exe /c del /F /Q "C:\Users\Kyle\AppData\Local\Temp\ remove.exe" -> DELETED
[TASK][SUSP PATH] At2 : C:\Windows\bfsvvc.exe -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1002FAEX-00Z3A0 +++++
--- User ---
[MBR] 99f06f7412044c0170fc1a8a15f10a32
[BSP] 80063aafe33d648d2e2d20eea960f47f : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: M4-CT128M4SSD2 +++++
--- User ---
[MBR] 793d29b9250a19c12d7a77af4af46b51
[BSP] b97910024113c824dfce84aca86e6a9d : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: General USB Flash Disk USB Device +++++
--- User ---
[MBR] 5129a2bb8ca18d9843955a141bc3ea40
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 1910 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_11042012_02d1049.txt >>
RKreport[1]_S_11042012_02d1049.txt ; RKreport[2]_D_11042012_02d1049.txt
 
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.04.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kyle :: KYLE-PC [administrator]

11/4/2012 10:54:08 AM
mbam-log-2012-11-04 (10-54-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202149
Time elapsed: 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\$Recycle.Bin\S-1-5-21-2813369277-930754200-592956274-1000\$RNEGJD1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\Temp1_Image_Line_Vocodex_VST_v1_0_keygen_by_AiR.zip\Image_Line_Vocodex_VST_v1_0_keygen_by_AiR.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Kyle\Downloads\Remove WAT.exe (HackTool.Wpakill) -> Quarantined and deleted successfully.
C:\Users\Kyle\Downloads\Windows Loader.exe (PUP.HackTool.H) -> Quarantined and deleted successfully.

(end)
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-04 10:58:44
-----------------------------
10:58:44.289 OS Version: Windows x64 6.1.7601 Service Pack 1
10:58:44.289 Number of processors: 8 586 0x2A07
10:58:44.290 ComputerName: KYLE-PC UserName: Kyle
10:58:44.426 Initialize success
11:02:44.329 AVAST engine defs: 12110400
11:03:29.562 The log file has been saved successfully to "C:\Users\Kyle\Desktop\aswMBR.txt"
 
Sorry, here's the log:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-04 10:58:44
-----------------------------
10:58:44.289 OS Version: Windows x64 6.1.7601 Service Pack 1
10:58:44.289 Number of processors: 8 586 0x2A07
10:58:44.290 ComputerName: KYLE-PC UserName: Kyle
10:58:44.426 Initialize success
11:02:44.329 AVAST engine defs: 12110400
11:03:29.562 The log file has been saved successfully to "C:\Users\Kyle\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-04 10:58:44
-----------------------------
10:58:44.289 OS Version: Windows x64 6.1.7601 Service Pack 1
10:58:44.289 Number of processors: 8 586 0x2A07
10:58:44.290 ComputerName: KYLE-PC UserName: Kyle
10:58:44.426 Initialize success
11:02:44.329 AVAST engine defs: 12110400
11:03:29.562 The log file has been saved successfully to "C:\Users\Kyle\Desktop\aswMBR.txt"
11:11:30.786 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:11:30.789 Disk 0 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3
11:11:30.791 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
11:11:30.794 Disk 1 Vendor: M4-CT128 000F Size: 122104MB BusType: 3
11:11:30.798 Disk 1 MBR read successfully
11:11:30.801 Disk 1 MBR scan
11:11:30.806 Disk 1 Windows 7 default MBR code
11:11:30.809 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:11:30.815 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
11:11:30.824 Disk 1 scanning C:\Windows\system32\drivers
11:11:33.067 Service scanning
11:11:38.432 Modules scanning
11:11:38.770 Disk 1 trace - called modules:
11:11:38.776 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys sptd.sys hal.dll
11:11:38.781 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800fa2f790]
11:11:38.786 3 CLASSPNP.SYS[fffff88001f9f43f] -> nt!IofCallDriver -> [0xfffffa800d214c40]
11:11:38.791 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa800d21b050]
11:11:38.958 AVAST engine scan C:\Windows
11:11:39.343 AVAST engine scan C:\Windows\system32
11:12:33.270 AVAST engine scan C:\Windows\system32\drivers
11:12:35.738 AVAST engine scan C:\Users\Kyle
11:13:21.033 AVAST engine scan C:\ProgramData
11:13:32.347 Scan finished successfully
11:13:42.217 Disk 1 MBR has been saved successfully to "C:\Users\Kyle\Desktop\MBR.dat"
11:13:42.220 The log file has been saved successfully to "C:\Users\Kyle\Desktop\aswMBR.txt"
 
Good :)

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

=================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 12-11-04.01 - Kyle 11/04/2012 11:52:37.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16340.13770 [GMT -8:00]
Running from: c:\users\Kyle\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-04 to 2012-11-04 )))))))))))))))))))))))))))))))
.
.
2012-11-04 18:53 . 2012-11-04 18:53 -------- d-----w- c:\users\Kyle\AppData\Roaming\Malwarebytes
2012-11-04 18:53 . 2012-11-04 18:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-04 18:53 . 2012-11-04 18:53 -------- d-----w- c:\programdata\Malwarebytes
2012-11-04 18:53 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-04 18:04 . 2012-11-04 18:04 -------- d-----w- C:\FRST
2012-11-04 05:29 . 2012-11-04 05:29 -------- d-----w- c:\users\Kyle\AppData\Roaming\Cycling '74
2012-11-03 21:02 . 2012-11-03 21:02 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-11-03 20:22 . 2012-11-03 20:22 -------- d-----w- c:\program files (x86)\Cycling '74
2012-10-27 22:26 . 2012-10-28 22:26 -------- d-----w- c:\windows\AutoKMS
2012-10-24 19:57 . 2012-10-27 22:15 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-10-24 19:57 . 2012-10-24 19:57 -------- d-----w- c:\windows\PCHEALTH
2012-10-24 19:55 . 2012-10-24 19:55 -------- d-----w- c:\program files\Microsoft Office
2012-10-24 19:55 . 2012-10-24 19:55 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-10-24 19:54 . 2012-10-24 19:54 -------- d-----w- c:\users\Kyle\AppData\Local\Microsoft Help
2012-10-24 19:54 . 2012-10-27 22:07 -------- d-----w- c:\programdata\Microsoft Help
2012-10-24 19:54 . 2012-10-24 19:54 -------- d-----r- C:\MSOCache
2012-10-17 23:05 . 2012-11-04 18:57 -------- d-----w- c:\users\Kyle\AppData\Roaming\Spotify
2012-10-17 23:05 . 2012-10-25 03:40 -------- d-----w- c:\users\Kyle\AppData\Local\Spotify
2012-10-12 12:43 . 2012-10-12 12:43 2048 ----a-w- c:\windows\SysWow64\winver.exe
2012-10-12 12:43 . 2012-10-12 12:43 833024 ----a-w- c:\windows\SysWow64\user32.dll
2012-10-12 12:43 . 2012-10-12 12:43 410624 ----a-w- c:\windows\SysWow64\systemcpl.dll
2012-10-12 12:43 . 2012-10-12 12:43 1536 ----a-w- c:\windows\SysWow64\sppcomapi.dll
2012-10-12 12:43 . 2012-10-12 12:43 113543 ----a-w- c:\windows\SysWow64\slmgr.vbs
2012-10-12 12:43 . 2012-10-12 12:43 113543 ----a-w- c:\windows\system32\slmgr.vbs
2012-10-12 11:28 . 2012-09-28 07:18 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-12 11:26 . 2012-10-12 11:26 -------- d-----w- c:\windows\system32\SPReview
2012-10-12 11:25 . 2012-10-12 11:25 -------- d-----w- c:\windows\system32\EventProviders
2012-10-10 01:47 . 2012-10-10 01:49 -------- d-----w- C:\Vstplugins
2012-10-09 05:43 . 2012-10-09 05:43 -------- d-----w- c:\program files\Microsoft Silverlight
2012-10-09 05:43 . 2012-10-09 05:43 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 11:32 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-10-12 11:32 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-10-09 05:28 . 2012-09-03 01:17 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 05:28 . 2012-09-03 01:17 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-28 03:23 . 2012-09-28 03:23 2892 ----a-w- c:\windows\SysWow64\audcon.sys
2012-09-18 17:38 . 2012-09-18 17:38 406528 ----a-w- c:\windows\SysWow64\ReWire.dll
2012-09-18 17:38 . 2012-09-18 17:38 338432 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
2012-09-07 03:17 . 2012-09-07 03:17 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-07 03:17 . 2012-09-07 03:17 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-07 03:17 . 2012-09-07 03:17 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-07 03:17 . 2012-09-07 03:17 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-07 03:17 . 2012-09-07 03:17 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-07 03:17 . 2012-09-07 03:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-07 03:17 . 2012-09-07 03:17 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-07 03:17 . 2012-09-07 03:17 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-07 03:17 . 2012-09-07 03:17 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-07 03:17 . 2012-09-07 03:17 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-07 03:17 . 2012-09-07 03:17 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-07 03:17 . 2012-09-07 03:17 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-07 03:17 . 2012-09-07 03:17 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-07 03:17 . 2012-09-07 03:17 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-07 03:17 . 2012-09-07 03:17 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-07 03:17 . 2012-09-07 03:17 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-07 03:17 . 2012-09-07 03:17 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-07 03:17 . 2012-09-07 03:17 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-07 03:17 . 2012-09-07 03:17 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-07 03:17 . 2012-09-07 03:17 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-07 03:17 . 2012-09-07 03:17 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-07 03:17 . 2012-09-07 03:17 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-07 03:17 . 2012-09-07 03:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-07 03:17 . 2012-09-07 03:17 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-07 03:17 . 2012-09-07 03:17 448512 ----a-w- c:\windows\system32\html.iec
2012-09-07 03:17 . 2012-09-07 03:17 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-07 03:17 . 2012-09-07 03:17 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-07 03:17 . 2012-09-07 03:17 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-07 03:17 . 2012-09-07 03:17 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-07 03:17 . 2012-09-07 03:17 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-07 03:17 . 2012-09-07 03:17 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-07 03:17 . 2012-09-07 03:17 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-07 03:17 . 2012-09-07 03:17 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-07 03:17 . 2012-09-07 03:17 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-07 03:17 . 2012-09-07 03:17 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-07 03:17 . 2012-09-07 03:17 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-07 03:17 . 2012-09-07 03:17 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-07 03:17 . 2012-09-07 03:17 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-07 03:17 . 2012-09-07 03:17 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-07 03:17 . 2012-09-07 03:17 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-07 03:17 . 2012-09-07 03:17 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-07 03:17 . 2012-09-07 03:17 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-07 03:17 . 2012-09-07 03:17 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-07 03:17 . 2012-09-07 03:17 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-07 03:17 . 2012-09-07 03:17 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-07 03:17 . 2012-09-07 03:17 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-07 03:17 . 2012-09-07 03:17 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-07 03:17 . 2012-09-07 03:17 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-07 03:17 . 2012-09-07 03:17 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-05 08:13 . 2012-09-03 00:46 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-09-03 02:33 . 2012-09-03 02:33 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-09-03 02:33 . 2012-09-03 02:33 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-09-03 02:33 . 2012-09-03 02:33 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-08-28 08:49 . 2012-09-03 01:06 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{700FF8D6-DB97-4D26-A827-D73778E86930}\mpengine.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-11-20 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-10-12 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
"Steam"="a:\program files\Steam\Steam.exe" [2012-09-05 1353080]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Spotify"="c:\users\Kyle\AppData\Roaming\Spotify\Spotify.exe" [2012-10-31 7901144]
"Spotify Web Helper"="c:\users\Kyle\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-31 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.139.290\AsusWSPanel.exe" [2012-03-16 740704]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2011-10-31 465536]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWDITray.exe" [2010-03-02 313864]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-06 363800]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-05-27 160768]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2011-06-15 48416]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys [2011-09-16 32360]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2011-06-15 48416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-11 1255736]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-26 16152]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2011-08-12 32360]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-02-02 951936]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-02-17 149120]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe [2012-01-13 1478272]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-06 163608]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2011-06-15 32544]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-26 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-26 788760]
S3 MAFWPROFIRE;Service for M-Audio ProFire;c:\windows\system32\DRIVERS\MAudioProFire.sys [2010-03-02 287240]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-03 677480]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 05:28]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-03 01:39]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-03 01:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-03-16 07:37 1506656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.139.290\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-03-16 07:37 1506656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.139.290\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-03-16 07:37 1506656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.139.290\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-20 6468712]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tt6i0gtg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/
FF - ExtSQL: 2012-10-23 18:39; yesscript@userstyles.org; c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tt6i0gtg.default\extensions\yesscript@userstyles.org.xpi
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
BHO-{39677538-3E8F-721E-5669-15225D304BAE} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-11-04 11:57:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-04 19:57
.
Pre-Run: 53,207,220,224 bytes free
Post-Run: 53,978,320,896 bytes free
.
- - End Of File - - 84A17CDE21FDFB68D8BE3BE7870EDF8D
 
Looks good :)

Any current issues?

=========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
No issues to speak of. I had the registry error come up after combofix completed, but after a restart it seems fine. Do I have to continue downloading and running these programs?
 
OTL logfile created on: 11/4/2012 12:40:40 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kyle\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.96 Gb Total Physical Memory | 13.25 Gb Available Physical Memory | 83.06% Memory free
31.91 Gb Paging File | 28.90 Gb Available in Paging File | 90.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 50.15 Gb Free Space | 42.09% Space Free | Partition Type: NTFS
Drive D: | 7.58 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 1.87 Gb Total Space | 1.86 Gb Free Space | 99.83% Space Free | Partition Type: FAT

Computer Name: KYLE-PC | User Name: Kyle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/04 12:36:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Downloads\OTL.exe
PRC - [2012/10/30 20:38:53 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Kyle\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/10/30 20:38:52 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/10/30 11:20:58 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/08 21:28:44 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/09/05 12:42:44 | 001,353,080 | ---- | M] (Valve Corporation) -- A:\Program Files\Steam\Steam.exe
PRC - [2012/04/26 04:33:38 | 003,111,744 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
PRC - [2012/04/26 04:33:16 | 002,743,104 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2012/04/02 16:25:42 | 003,111,552 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
PRC - [2012/03/13 11:34:12 | 002,935,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2012/03/06 15:14:34 | 001,154,176 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe
PRC - [2012/03/06 13:41:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/03/06 13:41:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/03/06 13:40:14 | 000,163,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/26 11:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/16 22:26:00 | 000,149,120 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
PRC - [2012/02/08 02:10:34 | 001,111,680 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
PRC - [2012/02/02 14:20:32 | 000,889,984 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
PRC - [2012/02/02 01:56:35 | 000,951,936 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
PRC - [2012/02/01 15:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/02/01 15:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/01/12 20:44:01 | 001,478,272 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe
PRC - [2012/01/10 08:39:40 | 001,501,824 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
PRC - [2012/01/04 13:13:24 | 001,256,576 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
PRC - [2011/10/31 08:57:48 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
PRC - [2011/10/28 17:59:26 | 000,918,448 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
PRC - [2011/09/08 20:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2011/05/27 10:07:36 | 000,160,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
PRC - [2010/03/01 16:16:06 | 000,313,864 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\SysWOW64\MAFWDITray.exe
PRC - [2009/01/26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/30 20:38:52 | 020,317,008 | ---- | M] () -- A:\Program Files\Steam\bin\libcef.dll
MOD - [2012/10/30 20:38:52 | 001,099,616 | ---- | M] () -- A:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/10/30 20:38:52 | 000,902,480 | ---- | M] () -- A:\Program Files\Steam\bin\chromehtml.dll
MOD - [2012/10/30 20:38:52 | 000,190,816 | ---- | M] () -- A:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/10/30 20:38:52 | 000,123,232 | ---- | M] () -- A:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012/10/30 11:20:58 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/12 04:57:30 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4cbbd3d2335c2d89b7ee5d035651bd80\IAStorUtil.ni.dll
MOD - [2012/10/12 04:57:30 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\d68502fe60d7ada68627a895282ef58d\IAStorCommon.ni.dll
MOD - [2012/10/12 03:39:36 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2012/10/12 03:39:22 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2012/10/12 03:39:11 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2012/10/12 03:39:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2012/10/12 03:39:05 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2012/10/12 03:39:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2012/10/12 03:39:02 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2012/10/12 03:38:59 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2012/10/08 21:28:44 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/05/30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/04/12 16:46:28 | 001,124,352 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll
MOD - [2012/04/05 10:38:34 | 000,883,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
MOD - [2012/03/21 11:07:44 | 000,972,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
MOD - [2012/03/14 09:12:26 | 000,150,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\gep.dll
MOD - [2012/03/01 13:20:30 | 001,296,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
MOD - [2012/02/10 10:29:44 | 001,047,040 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
MOD - [2012/02/02 14:12:48 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\func.dll
MOD - [2011/12/28 09:13:20 | 000,043,520 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
MOD - [2011/10/14 19:03:22 | 000,885,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
MOD - [2011/09/26 18:36:24 | 000,869,376 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
MOD - [2011/09/26 17:37:26 | 001,616,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2011/09/19 19:18:20 | 001,243,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
MOD - [2011/09/07 22:23:54 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
MOD - [2011/07/21 08:06:44 | 000,846,848 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
MOD - [2011/07/12 18:14:52 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
MOD - [2010/10/05 07:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
MOD - [2010/10/05 07:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\pngio.dll
MOD - [2010/10/05 07:22:50 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
MOD - [2010/08/22 18:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
MOD - [2009/08/12 19:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/04/05 18:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/02/02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/30 20:38:52 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/30 11:20:58 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/08 21:28:44 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/06 13:41:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/03/06 13:41:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/03/06 13:40:14 | 000,163,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/16 22:26:00 | 000,149,120 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2012/02/02 01:56:35 | 000,951,936 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe -- (asHmComSvc)
SRV - [2012/02/01 15:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/01/12 20:44:01 | 001,478,272 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe -- (AsusFanControlService)
SRV - [2011/10/28 17:59:26 | 000,918,448 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe -- (asComSvc)
SRV - [2011/05/27 10:07:36 | 000,160,768 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/05 00:13:18 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/04/05 21:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 17:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/26 11:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/26 11:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/26 11:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/02/23 04:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/03 05:01:20 | 000,677,480 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/02/01 15:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/11/03 10:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/11/03 10:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/09/15 23:12:58 | 000,032,360 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan620.sys -- (RTVLANPT)
DRV:64bit: - [2011/08/12 02:13:36 | 000,032,360 | R--- | M] (NT Kernel Resources) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ndisrd.sys -- (ndisrd)
DRV:64bit: - [2011/06/15 05:11:20 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2011/06/15 05:11:20 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2011/06/15 05:11:20 | 000,032,544 | R--- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2011/03/24 21:14:12 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/08/17 09:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2010/03/01 16:15:50 | 000,287,240 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MAudioProFire.sys -- (MAFWPROFIRE)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2813369277-930754200-592956274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3220468
IE - HKU\S-1-5-21-2813369277-930754200-592956274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2813369277-930754200-592956274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A 30 07 A9 6E 89 CD 01 [binary data]
IE - HKU\S-1-5-21-2813369277-930754200-592956274-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2813369277-930754200-592956274-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2813369277-930754200-592956274-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
IE - HKU\S-1-5-21-2813369277-930754200-592956274-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2813369277-930754200-592956274-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.nytimes.com/"
FF - prefs.js..extensions.enabledAddons: yesscript@userstyles.org:1.9
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/30 11:20:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/30 11:20:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/09/02 16:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions
[2012/10/23 17:39:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tt6i0gtg.default\extensions
[2012/10/23 17:39:56 | 000,053,072 | ---- | M] () (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tt6i0gtg.default\extensions\yesscript@userstyles.org.xpi
[2012/10/13 18:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/30 11:20:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/24 18:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 18:14:43 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/11/04 11:55:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {39677538-3E8F-721E-5669-15225D304BAE} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.139.290\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\MAFWDITray.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-2813369277-930754200-592956274-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2813369277-930754200-592956274-1000..\Run: [Spotify] C:\Users\Kyle\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2813369277-930754200-592956274-1000..\Run: [Spotify Web Helper] C:\Users\Kyle\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2813369277-930754200-592956274-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-2813369277-930754200-592956274-1000..\Run: [Steam] A:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2813369277-930754200-592956274-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2813369277-930754200-592956274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5188C32D-E869-4BAB-A741-B4B87AE80C5C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/06/23 20:43:35 | 000,000,031 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/04 11:57:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/04 11:55:37 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/11/04 11:52:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/04 11:52:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/04 11:52:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/04 11:51:42 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/11/04 11:50:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/04 11:49:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/04 10:53:24 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Malwarebytes
[2012/11/04 10:53:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/04 10:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/04 10:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/04 10:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/04 10:48:58 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Desktop\RK_Quarantine
[2012/11/04 10:04:07 | 000,000,000 | ---D | C] -- C:\FRST
[2012/11/03 21:29:11 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Cycling '74
[2012/11/03 13:02:39 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/11/03 12:56:35 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Desktop\New folder
[2012/11/03 12:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cycling '74
[2012/11/03 12:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cycling '74
[2012/11/03 12:03:29 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Desktop\Soundcloud
[2012/10/30 20:38:36 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/10/27 14:26:25 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2012/10/24 11:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/10/24 11:57:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/10/24 11:57:18 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/10/24 11:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/10/24 11:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/10/24 11:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/10/24 11:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/10/24 11:54:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Microsoft Help
[2012/10/24 11:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/10/24 11:54:41 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012/10/17 15:05:16 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Spotify
[2012/10/17 15:05:16 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Spotify
[2012/10/13 18:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/12 03:26:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/10/12 03:25:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/10/09 17:47:47 | 000,000,000 | ---D | C] -- C:\Vstplugins
[2012/10/08 21:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/10/08 21:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/10/08 21:43:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

========== Files - Modified Within 30 Days ==========

[2012/11/04 12:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/04 12:11:17 | 000,777,976 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/04 12:11:17 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/04 12:11:17 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/04 12:03:03 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/04 12:02:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/04 12:02:56 | 4260,024,318 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/04 11:55:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/04 11:54:56 | 000,013,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/04 11:54:56 | 000,013,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/04 11:44:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/04 11:13:42 | 000,000,512 | ---- | M] () -- C:\Users\Kyle\Desktop\MBR.dat
[2012/11/04 01:17:39 | 000,520,207 | ---- | M] () -- C:\Users\Kyle\Desktop\Minimall.wav.asd
[2012/11/04 01:16:07 | 045,030,156 | ---- | M] () -- C:\Users\Kyle\Desktop\Minimall.wav
[2012/11/03 13:24:39 | 017,174,384 | ---- | M] () -- C:\Users\Kyle\Desktop\Minimall.m4a
[2012/11/03 12:22:24 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Max Runtime 5.1.lnk
[2012/11/03 12:22:24 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Max 5.1.lnk
[2012/11/03 12:10:56 | 000,516,255 | ---- | M] () -- C:\Users\Kyle\Desktop\Minimall.aif.asd
[2012/11/03 12:09:34 | 044,645,294 | ---- | M] () -- C:\Users\Kyle\Desktop\Minimall.aif
[2012/11/02 14:47:10 | 015,949,304 | ---- | M] () -- C:\Users\Kyle\Desktop\Minimall 2.m4a
[2012/11/02 12:10:20 | 015,648,095 | ---- | M] () -- C:\Users\Kyle\Desktop\Minimall 1.m4a
[2012/10/30 20:46:11 | 000,484,499 | ---- | M] () -- C:\Users\Kyle\Desktop\Because harmony breakdown.mp3.asd
[2012/10/30 20:44:40 | 013,723,585 | ---- | M] () -- C:\Users\Kyle\Desktop\Because harmony breakdown.mp3
[2012/10/30 20:38:36 | 000,414,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/30 20:38:30 | 846,126,122 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/29 22:16:08 | 000,325,595 | ---- | M] () -- C:\Users\Kyle\Desktop\11 I Live With You.mp3.asd
[2012/10/27 14:16:40 | 000,771,962 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/27 14:07:46 | 000,003,021 | ---- | M] () -- C:\Users\Kyle\Desktop\Microsoft Word 2010.lnk
[2012/10/24 01:44:56 | 044,761,957 | ---- | M] () -- C:\Users\Kyle\Desktop\Dan Deacon by Kyle.m4a
[2012/10/24 01:44:13 | 000,360,523 | ---- | M] () -- C:\Users\Kyle\Desktop\Dan Deacon by Kyle.wav.asd
[2012/10/24 01:43:28 | 052,822,944 | ---- | M] () -- C:\Users\Kyle\Desktop\Dan Deacon by Kyle.wav
[2012/10/23 12:50:08 | 000,580,051 | ---- | M] () -- C:\Users\Kyle\Desktop\Elena - Juana Molina.mp3.asd
[2012/10/23 12:49:06 | 004,603,720 | ---- | M] () -- C:\Users\Kyle\Desktop\Elena - Juana Molina.mp3
[2012/10/23 00:02:19 | 000,599,263 | ---- | M] () -- C:\Users\Kyle\Desktop\Elena 1.m4a.asd
[2012/10/17 15:05:16 | 000,001,799 | ---- | M] () -- C:\Users\Kyle\Desktop\Spotify.lnk
[2012/10/12 10:15:50 | 020,865,884 | ---- | M] () -- C:\Users\Kyle\Desktop\Tittays.m4a
[2012/10/12 10:15:32 | 000,346,271 | ---- | M] () -- C:\Users\Kyle\Desktop\A cure.aif.asd
[2012/10/12 10:14:03 | 030,044,958 | ---- | M] () -- C:\Users\Kyle\Desktop\A cure.aif
[2012/10/12 10:10:29 | 038,159,697 | ---- | M] () -- C:\Users\Kyle\Desktop\A cure.m4a
[2012/10/12 04:43:04 | 000,002,048 | ---- | M] () -- C:\Windows\SysWow64\winver.exe
[2012/10/12 04:43:01 | 000,113,543 | ---- | M] () -- C:\Windows\SysWow64\slmgr.vbs
[2012/10/12 04:43:01 | 000,113,543 | ---- | M] () -- C:\Windows\SysNative\slmgr.vbs
[2012/10/11 23:19:31 | 000,029,675 | ---- | M] () -- C:\Users\Kyle\Desktop\Avey.wav.asd
[2012/10/11 23:19:30 | 002,279,676 | ---- | M] () -- C:\Users\Kyle\Desktop\Avey.wav
[2012/10/10 00:11:43 | 000,373,279 | ---- | M] () -- C:\Users\Kyle\Desktop\08. A Cure.mp3.asd
[2012/10/09 02:05:55 | 000,055,175 | ---- | M] () -- C:\Users\Kyle\Desktop\01 Alan Lomax Speaking To Charles Ku.m4a.asd
[2012/10/09 01:56:25 | 000,513,415 | ---- | M] () -- C:\Users\Kyle\Desktop\01 Te Deum - Te Deum Laudamus.m4a.asd

========== Files Created - No Company Name ==========

[2012/11/04 11:52:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/04 11:52:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/04 11:52:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/04 11:52:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/04 11:52:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/04 11:13:42 | 000,000,512 | ---- | C] () -- C:\Users\Kyle\Desktop\MBR.dat
[2012/11/04 01:17:39 | 000,520,207 | ---- | C] () -- C:\Users\Kyle\Desktop\Minimall.wav.asd
[2012/11/03 15:47:22 | 045,030,156 | ---- | C] () -- C:\Users\Kyle\Desktop\Minimall.wav
[2012/11/03 12:22:24 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Max Runtime 5.1.lnk
[2012/11/03 12:22:24 | 000,001,977 | ---- | C] () -- C:\Users\Public\Desktop\Max 5.1.lnk
[2012/11/03 12:10:56 | 000,516,255 | ---- | C] () -- C:\Users\Kyle\Desktop\Minimall.aif.asd
[2012/11/03 12:09:34 | 044,645,294 | ---- | C] () -- C:\Users\Kyle\Desktop\Minimall.aif
[2012/11/02 14:47:15 | 015,949,304 | ---- | C] () -- C:\Users\Kyle\Desktop\Minimall 2.m4a
[2012/11/02 12:10:24 | 015,648,095 | ---- | C] () -- C:\Users\Kyle\Desktop\Minimall 1.m4a
[2012/11/02 10:34:45 | 017,174,384 | ---- | C] () -- C:\Users\Kyle\Desktop\Minimall.m4a
[2012/10/30 20:46:11 | 000,484,499 | ---- | C] () -- C:\Users\Kyle\Desktop\Because harmony breakdown.mp3.asd
[2012/10/30 20:42:16 | 013,723,585 | ---- | C] () -- C:\Users\Kyle\Desktop\Because harmony breakdown.mp3
[2012/10/30 20:38:30 | 846,126,122 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/10/29 22:16:08 | 000,325,595 | ---- | C] () -- C:\Users\Kyle\Desktop\11 I Live With You.mp3.asd
[2012/10/29 22:15:43 | 011,904,657 | ---- | C] () -- C:\Users\Kyle\Desktop\11 I Live With You.mp3
[2012/10/27 14:16:39 | 000,771,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/24 11:57:32 | 000,003,021 | ---- | C] () -- C:\Users\Kyle\Desktop\Microsoft Word 2010.lnk
[2012/10/24 01:48:56 | 044,761,957 | ---- | C] () -- C:\Users\Kyle\Desktop\Dan Deacon by Kyle.m4a
[2012/10/24 01:44:13 | 000,360,523 | ---- | C] () -- C:\Users\Kyle\Desktop\Dan Deacon by Kyle.wav.asd
[2012/10/24 01:43:08 | 052,822,944 | ---- | C] () -- C:\Users\Kyle\Desktop\Dan Deacon by Kyle.wav
[2012/10/23 12:50:08 | 000,580,051 | ---- | C] () -- C:\Users\Kyle\Desktop\Elena - Juana Molina.mp3.asd
[2012/10/23 12:48:44 | 004,603,720 | ---- | C] () -- C:\Users\Kyle\Desktop\Elena - Juana Molina.mp3
[2012/10/23 00:02:19 | 000,599,263 | ---- | C] () -- C:\Users\Kyle\Desktop\Elena 1.m4a.asd
[2012/10/23 00:01:55 | 018,733,595 | ---- | C] () -- C:\Users\Kyle\Desktop\Elena 1.m4a
[2012/10/17 15:05:16 | 000,001,799 | ---- | C] () -- C:\Users\Kyle\Desktop\Spotify.lnk
[2012/10/17 15:05:16 | 000,001,785 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/10/12 10:15:56 | 020,865,884 | ---- | C] () -- C:\Users\Kyle\Desktop\Tittays.m4a
[2012/10/12 10:15:32 | 000,346,271 | ---- | C] () -- C:\Users\Kyle\Desktop\A cure.aif.asd
[2012/10/12 10:10:35 | 038,159,697 | ---- | C] () -- C:\Users\Kyle\Desktop\A cure.m4a
[2012/10/12 10:07:18 | 030,044,958 | ---- | C] () -- C:\Users\Kyle\Desktop\A cure.aif
[2012/10/12 04:43:01 | 000,113,543 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs
[2012/10/12 04:43:01 | 000,113,543 | ---- | C] () -- C:\Windows\SysNative\slmgr.vbs
[2012/10/12 04:43:01 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe
[2012/10/11 23:19:30 | 002,279,676 | ---- | C] () -- C:\Users\Kyle\Desktop\Avey.wav
[2012/10/11 23:19:30 | 000,029,675 | ---- | C] () -- C:\Users\Kyle\Desktop\Avey.wav.asd
[2012/10/10 00:11:43 | 000,373,279 | ---- | C] () -- C:\Users\Kyle\Desktop\08. A Cure.mp3.asd
[2012/10/10 00:11:20 | 013,040,710 | ---- | C] () -- C:\Users\Kyle\Desktop\08. A Cure.mp3
[2012/10/09 02:05:55 | 000,055,175 | ---- | C] () -- C:\Users\Kyle\Desktop\01 Alan Lomax Speaking To Charles Ku.m4a.asd
[2012/10/09 02:05:38 | 001,406,274 | ---- | C] () -- C:\Users\Kyle\Desktop\01 Alan Lomax Speaking To Charles Ku.m4a
[2012/10/09 01:56:25 | 000,513,415 | ---- | C] () -- C:\Users\Kyle\Desktop\01 Te Deum - Te Deum Laudamus.m4a.asd
[2012/10/09 01:55:40 | 012,809,297 | ---- | C] () -- C:\Users\Kyle\Desktop\01 Te Deum - Te Deum Laudamus.m4a
[2012/09/27 19:23:18 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2012/09/27 19:23:16 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2012/09/27 19:23:16 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2012/09/24 14:39:13 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\FxGoWinFu.dll
[2012/09/02 18:45:02 | 000,002,240 | ---- | C] () -- C:\Windows\LENDIG.sys
[2012/09/02 16:44:39 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/09/02 16:44:38 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/09/02 16:43:05 | 000,054,665 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/09/02 16:37:09 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/09/02 16:37:05 | 000,038,744 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/09/02 16:31:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/09/02 16:29:53 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/09/02 16:29:53 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/09/02 16:29:53 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/03/09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011/09/04 23:19:56 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2011/03/24 21:15:30 | 000,021,112 | ---- | C] () -- C:\Windows\SysWow64\drivers\iLokDrvr.sys

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/05 12:05:28 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\2K Sports
[2012/09/02 17:58:46 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Ableton
[2012/09/27 19:29:35 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Arturia
[2012/09/02 16:43:53 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\ASUS WebStorage
[2012/11/03 21:29:11 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Cycling '74
[2012/09/05 10:01:55 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\DAEMON Tools Pro
[2012/09/19 12:56:17 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\MediaMonkey
[2012/09/05 16:15:30 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\MusicBrainz
[2012/09/02 17:27:44 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Nico Mak Computing
[2012/09/20 13:42:59 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Propellerhead Software
[2012/11/04 12:03:24 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Spotify
[2012/11/03 19:51:17 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\uTorrent
[2012/09/05 12:52:44 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Waves Audio

========== Purity Check ==========



< End of report >
 
Reinstall AVG as soon as possible.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (no name) - {39677538-3E8F-721E-5669-15225D304BAE} - No CLSID value found.
[2012/11/04 10:04:07 | 000,000,000 | ---D | C] -- C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

=============================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39677538-3E8F-721E-5669-15225D304BAE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39677538-3E8F-721E-5669-15225D304BAE}\ not found.
C:\FRST\Quarantine\{0aaae9d4-1845-58c1-a35b-3b645d409b85}\U folder moved successfully.
C:\FRST\Quarantine\{0aaae9d4-1845-58c1-a35b-3b645d409b85}\L folder moved successfully.
C:\FRST\Quarantine\{0aaae9d4-1845-58c1-a35b-3b645d409b85} folder moved successfully.
Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kyle
->Temp folder emptied: 215582 bytes
->Temporary Internet Files folder emptied: 25554084 bytes
->FireFox cache emptied: 928619107 bytes
->Flash cache emptied: 35518 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 148 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46403118 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 954.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Kyle

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Kyle
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11042012_131003

Files\Folders moved on Reboot...
File\Folder C:\FRST\Quarantine not found!
C:\Users\Kyle\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
Adobe Flash Player 11.4.402.287
Mozilla Firefox (16.0.2)
Google Chrome 11.0.696.77
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 04-11-2012
Ran by Kyle (administrator) on 04-11-2012 at 13:17:21
Running from "C:\Users\Kyle\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
You must log in or register to reply here.

Similar threads

Cal Jeffrey
Hackers used Ars Technica and Vimeo to deliver malware using obfuscated binary instructions...
Replies
0
Views
134
Cal Jeffrey
Cal Jeffrey
midian182
Congress refuses Army request to spend $400 million on Microsoft HoloLens-based headsets
Replies
12
Views
858
toooooot
T
I
Solved Possible infection?
2
Replies
38
Views
7K
Broni
Broni

Latest posts

Back