Solved Gethotresults.com hijacker....and possibly other issues

[andrew ellis]

Just like to start with a thanks ahead of time.

My Norton AV is also not able to be opened even though it is running in the processes...

Requested Logs:

Malware Bytes: I had already downloaded and used this before coming here. I will post 2 logs the first being the initial scan and the second log will have the results of what keeps coming up with every scan after the initial.

Log 1:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.21.08

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
andrew :: ANDREW-PC [administrator]

9/21/2012 11:26:13 AM
mbam-log-2012-09-21 (11-26-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216958
Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2996 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{625F420E-A4A9-4B40-BC23-716C1C43893A} (Adware.Adurr) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\andrew\Downloads\mplayer_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\andrew\Downloads\RJParser.exe (Trojan.Agent.VGENX) -> Quarantined and deleted successfully.
C:\Users\andrew\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\andrew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

Log 2:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.21.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
andrew :: ANDREW-PC [administrator]

9/21/2012 11:48:32 AM
mbam-log-2012-09-21 (11-59-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218240
Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 5612 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)



GMER: No log created

DDS Txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by andrew at 12:24:47 on 2012-09-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.5537 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\system32\dlcccoms.exe
C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\ccSvcHst.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\coIEPlg.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\IPS\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\coIEPlg.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMAZON~1.LNK - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\BfLLR.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{8F2DAEC8-978E-44C1-9489-A0F6F82A5F94} : DhcpNameServer = 192.168.2.1 192.168.2.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO-X64: Browser Guard BHO - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\coIEPlg.dll
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\piwh3j3b.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\andrew\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\andrew\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\andrew\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-8-7 8704]
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [?]
R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys --> C:\Windows\system32\drivers\TfFsMon.sys [?]
R0 TFSysMon;TFSysMon;C:\Windows\system32\drivers\TfSysMon.sys --> C:\Windows\system32\drivers\TfSysMon.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120905.001\BHDrvx64.sys [2012-8-31 1385120]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120919.001\IDSviA64.sys [2012-9-19 513184]
R1 pctgntdi;pctgntdi;\??\C:\Windows\System32\drivers\pctgntdi64.sys --> C:\Windows\System32\drivers\pctgntdi64.sys [?]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0603000.00E\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-14 136616]
R2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2011-12-22 490496]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-9-14 575448]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 Dyyno Launcher;Dyyno Service;C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2012-4-12 417408]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\ccsvchst.exe [2012-8-23 138272]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-8-21 1019328]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-6-21 92632]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;C:\Windows\system32\DRIVERS\Edge7x64.sys --> C:\Windows\system32\DRIVERS\Edge7x64.sys [?]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;C:\Windows\system32\DRIVERS\Xeno7x64.sys --> C:\Windows\system32\DRIVERS\Xeno7x64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-11 138912]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-9-20 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S2 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2011-6-3 272864]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]
S3 pctplsg;pctplsg;\??\C:\Windows\System32\drivers\pctplsg64.sys --> C:\Windows\System32\drivers\pctplsg64.sys [?]
S3 rzjoystk;Razer VJoystick;C:\Windows\system32\DRIVERS\rzjoystk.sys --> C:\Windows\system32\DRIVERS\rzjoystk.sys [?]
S3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-9-14 402368]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2012-9-14 1118680]
S3 TfNetMon;TfNetMon;\??\C:\Windows\system32\drivers\TfNetMon.sys --> C:\Windows\system32\drivers\TfNetMon.sys [?]
S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-09-21 18:48:12 20480 ------w- C:\Windows\svchost.exe
2012-09-21 18:25:36 -------- d-----w- C:\Users\andrew\AppData\Roaming\Malwarebytes
2012-09-21 18:25:28 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-21 18:25:28 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-21 17:41:20 -------- d-----w- C:\$RECYCLE.BIN
2012-09-21 17:28:42 98816 ----a-w- C:\Windows\sed.exe
2012-09-21 17:28:42 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-21 17:28:42 256000 ----a-w- C:\Windows\PEV.exe
2012-09-21 17:28:42 208896 ----a-w- C:\Windows\MBR.exe
2012-09-21 17:28:37 -------- d-----w- C:\ComboFix
2012-09-21 08:53:39 110080 ----a-r- C:\Users\andrew\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconF7A21AF7.exe
2012-09-21 08:53:39 110080 ----a-r- C:\Users\andrew\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconD7F16134.exe
2012-09-21 08:53:39 110080 ----a-r- C:\Users\andrew\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\Icon1226A4C5.exe
2012-09-21 08:53:38 -------- d-----w- C:\sh4ldr
2012-09-21 08:53:38 -------- d-----w- C:\Program Files\Enigma Software Group
2012-09-21 08:52:24 -------- d-----w- C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-20 17:39:32 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-09-20 17:39:32 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-09-20 04:13:44 -------- d-----w- C:\Users\andrew\AppData\Local\{DDEC9E07-FCEE-4EFA-99B6-56060B198DF6}
2012-09-20 04:13:30 -------- d-----w- C:\Users\andrew\AppData\Roaming\Windows Live Writer
2012-09-20 04:13:30 -------- d-----w- C:\Users\andrew\AppData\Local\Windows Live Writer
2012-09-20 04:09:54 -------- d-----w- C:\Users\andrew\AppData\Roaming\Wise Registry Cleaner
2012-09-20 04:09:29 -------- d-----w- C:\Program Files (x86)\Wise
2012-09-17 22:32:51 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-17 22:32:06 -------- d-----w- C:\Program Files\iPod
2012-09-17 22:32:05 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-17 22:32:05 -------- d-----w- C:\Program Files\iTunes
2012-09-17 22:32:05 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-17 03:16:23 -------- d-----w- C:\Program Files (x86)\GUM1BA6.tmp
2012-09-14 22:59:34 706776 --s---w- C:\Windows\System32\drivers\TfSysMon.sys
2012-09-14 22:59:34 65664 --s---w- C:\Windows\System32\drivers\TfFsMon.sys
2012-09-14 22:59:34 41968 --s---w- C:\Windows\System32\drivers\TfNetMon.sys
2012-09-14 22:43:54 85224 ----a-w- C:\Windows\System32\drivers\PCTBD64.sys
2012-09-14 22:43:54 767960 ----a-w- C:\Windows\BDTSupport.dll
2012-09-14 22:43:53 2267096 ----a-w- C:\Windows\PCTBDCore.dll
2012-09-14 22:43:53 1689560 ----a-w- C:\Windows\PCTBDRes.dll
2012-09-14 22:43:53 149464 ----a-w- C:\Windows\SGDetectionTool.dll
2012-09-14 22:43:08 341200 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2012-09-14 22:43:08 145464 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-09-14 22:43:04 14808 ----a-w- C:\Windows\System32\drivers\pctBTFix64.sys
2012-09-14 22:43:02 92928 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-09-14 22:41:07 453896 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2012-09-14 22:41:07 1096176 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2012-09-14 22:41:05 426616 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2012-09-14 22:41:03 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-09-14 22:41:03 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-09-14 22:41:03 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-09-14 22:40:51 -------- d-----w- C:\ProgramData\PC Tools
2012-09-14 22:40:50 -------- d-----w- C:\Users\andrew\AppData\Roaming\TestApp
2012-09-12 02:55:47 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 02:55:47 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 02:55:45 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 02:55:45 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 02:55:43 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 02:55:43 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 02:55:43 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-12 02:55:26 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1B548B39-A207-495F-ABCA-F25B76D4896F}\mpengine.dll
2012-09-04 21:35:50 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs
2012-09-01 07:39:23 -------- d-----w- C:\ProgramData\Amazon
2012-09-01 07:38:27 -------- d-----w- C:\Windows\Downloaded Installations
2012-09-01 07:13:00 -------- d-----w- C:\Program Files (x86)\SMPlayer
2012-08-23 19:23:26 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\symnets.sys
2012-08-23 19:23:26 1129120 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\symefa64.sys
2012-08-23 19:23:25 737952 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\srtsp64.sys
2012-08-23 19:23:25 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\symds64.sys
2012-08-23 19:23:25 37536 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\srtspx64.sys
2012-08-23 19:23:25 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\ironx64.sys
2012-08-23 19:23:25 167072 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\ccsetx64.sys
2012-08-23 19:23:16 -------- d-----w- C:\Windows\System32\drivers\N360x64\0603000.00E
.
==================== Find3M ====================
.
2012-08-27 16:53:56 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-27 16:53:56 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-21 20:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 20:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-11 18:44:54 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-22 11:06:32 68272 ----a-w- C:\Program Files (x86)\fraps64.dat
2011-10-22 11:06:32 231600 ----a-w- C:\Program Files (x86)\fraps32.dll
2011-10-22 11:06:32 185520 ----a-w- C:\Program Files (x86)\fraps64.dll
2011-10-22 11:06:30 2533040 ----a-w- C:\Program Files (x86)\fraps.exe
2011-10-22 11:04:34 140288 ----a-w- C:\Program Files (x86)\frapslcd.dll
.
============= FINISH: 12:25:30.21 ===============

DDS Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/13/2011 5:03:26 PM
System Uptime: 9/21/2012 11:46:28 AM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A87TD EVO
Processor: AMD Phenom(tm) II X4 840 Processor | AM3 | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 432.185 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP214: 9/11/2012 7:54:35 PM - Windows Update
RP215: 9/11/2012 11:35:33 PM - Windows Update
RP216: 9/20/2012 10:47:02 AM - Installed DirectX
RP217: 9/20/2012 10:49:15 AM - Installed DirectX
RP218: 9/21/2012 1:52:30 AM - Installed SpyHunter
RP219: 9/21/2012 10:03:49 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Advanced Combat Tracker (remove only)
Amazon Kindle
Amazon Unbox Video
AMD OverDrive Beta
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
Bigfoot Networks Killer Network Manager
Browser Guard 4.0
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Curse Client
D3DX10
Dell Driver Download Manager
Diablo II
Diablo III
Dyyno Broadcaster
Evernote v. 4.5.6
Geeks3D.com FurMark 1.9.1
Google Talk Plugin
Hi-Rez Studios Authenticate and Update Service
HydraVision
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
League of Legends
Magic: The Gathering - Duels of the Planeswalkers 2013
Malwarebytes Anti-Malware version 1.65.0.1400
Mesh Runtime
Messenger Companion
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSI Afterburner 2.1.0
MSVCRT
MSVCRT_amd64
Mumble 1.2.3
MurGee Auto Mouse Click 1.0
NEC Electronics USB 3.0 Host Controller Driver
Need For Speed™ World
NETGEAR WNDA3100v2 wireless USB 2.0 adapter
Norton Security Suite
NVIDIA PhysX
Origin
Pando Media Booster
PC Tools Spyware Doctor 9.0
QuickTime
RaidCall
RIFT
Sapphire TRIXX
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 5.10
SMPlayer 0.6.9
Spybot - Search & Destroy
Star Wars: The Old Republic
StarCraft II
Steam
StreamTorrent 1.0
TERA
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Torchlight
Torchlight II
Tribes: Ascend
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vista Services Optimizer
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wise Registry Cleaner 7.45
World of Warcraft
XSplit
.
==== Event Viewer Messages From Past Week ========
.
9/21/2012 12:02:10 PM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).
9/21/2012 11:47:28 AM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.
9/21/2012 11:47:21 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
9/21/2012 11:23:11 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2012 11:23:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/21/2012 11:22:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/21/2012 11:22:48 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 discache eeCtrl IDSVia64 PCTSD spldr SRTSP SRTSPX SymIRON SymNetS TfFsMon TFSysMon Wanarpv6
9/21/2012 10:38:52 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/21/2012 10:38:19 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
9/21/2012 10:28:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
9/21/2012 10:10:25 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
9/21/2012 10:08:05 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/21/2012 10:08:05 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The pipe has been ended.
9/21/2012 10:08:05 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
9/20/2012 12:15:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/20/2012 10:27:42 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Amazon Unbox Video Service service to connect.
9/20/2012 10:23:04 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
9/19/2012 10:13:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/19/2012 10:13:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_N360 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy pctgntdi PCTSD Psched rdbss spldr SRTSP SRTSPX SymIRON SymNetS Tcpip tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
9/19/2012 10:13:16 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/19/2012 10:13:16 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/19/2012 10:13:16 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/19/2012 10:13:16 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/19/2012 10:13:16 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/19/2012 10:13:16 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
9/19/2012 10:13:16 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/19/2012 10:13:16 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/19/2012 10:13:16 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/19/2012 10:13:16 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/19/2012 10:13:16 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/17/2012 3:30:15 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
9/17/2012 3:29:15 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/17/2012 3:28:45 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/14/2012 3:59:34 PM, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/14/2012 3:25:00 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

Hopefully all this is correct. And again thanks for the help.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[andrew ellis]

Here you go:

19:06:07.0065 12648 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:06:07.0714 12648 ============================================================
19:06:07.0714 12648 Current date / time: 2012/09/21 19:06:07.0714
19:06:07.0714 12648 SystemInfo:
19:06:07.0714 12648
19:06:07.0714 12648 OS Version: 6.1.7601 ServicePack: 1.0
19:06:07.0714 12648 Product type: Workstation
19:06:07.0714 12648 ComputerName: ANDREW-PC
19:06:07.0714 12648 UserName: andrew
19:06:07.0714 12648 Windows directory: C:\Windows
19:06:07.0715 12648 System windows directory: C:\Windows
19:06:07.0715 12648 Running under WOW64
19:06:07.0715 12648 Processor architecture: Intel x64
19:06:07.0715 12648 Number of processors: 4
19:06:07.0715 12648 Page size: 0x1000
19:06:07.0715 12648 Boot type: Normal boot
19:06:07.0715 12648 ============================================================
19:06:08.0974 12648 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:06:08.0982 12648 ============================================================
19:06:08.0982 12648 \Device\Harddisk0\DR0:
19:06:08.0983 12648 MBR partitions:
19:06:08.0983 12648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:06:08.0983 12648 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
19:06:08.0983 12648 ============================================================
19:06:09.0018 12648 C: <-> \Device\Harddisk0\DR0\Partition2
19:06:09.0018 12648 ============================================================
19:06:09.0018 12648 Initialize success
19:06:09.0018 12648 ============================================================
19:15:55.0302 6716 ============================================================
19:15:55.0302 6716 Scan started
19:15:55.0302 6716 Mode: Manual;
19:15:55.0302 6716 ============================================================
19:15:58.0758 6716 ================ Scan system memory ========================
19:15:58.0758 6716 System memory - ok
19:15:58.0758 6716 ================ Scan services =============================
19:15:58.0958 6716 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
19:15:58.0960 6716 1394ohci - ok
19:15:58.0972 6716 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:15:58.0975 6716 ACPI - ok
19:15:58.0989 6716 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:15:58.0990 6716 AcpiPmi - ok
19:15:59.0114 6716 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:15:59.0115 6716 AdobeARMservice - ok
19:15:59.0155 6716 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:15:59.0160 6716 adp94xx - ok
19:15:59.0211 6716 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:15:59.0214 6716 adpahci - ok
19:15:59.0225 6716 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:15:59.0227 6716 adpu320 - ok
19:15:59.0297 6716 [ 96A0FF09E226B023DC6ACA253AACEE2E ] ADVService C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
19:15:59.0298 6716 ADVService - ok
19:15:59.0321 6716 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:15:59.0323 6716 AeLookupSvc - ok
19:15:59.0375 6716 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:15:59.0380 6716 AFD - ok
19:15:59.0447 6716 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:15:59.0449 6716 agp440 - ok
19:15:59.0463 6716 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:15:59.0465 6716 ALG - ok
19:15:59.0500 6716 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:15:59.0501 6716 aliide - ok
19:15:59.0585 6716 ALSysIO - ok
19:15:59.0636 6716 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:15:59.0638 6716 AMD External Events Utility - ok
19:15:59.0717 6716 AMD FUEL Service - ok
19:15:59.0740 6716 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:15:59.0741 6716 amdide - ok
19:15:59.0782 6716 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
19:15:59.0784 6716 amdiox64 - ok
19:15:59.0816 6716 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:15:59.0817 6716 AmdK8 - ok
19:16:00.0001 6716 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:16:00.0095 6716 amdkmdag - ok
19:16:00.0137 6716 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:16:00.0141 6716 amdkmdap - ok
19:16:00.0177 6716 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:16:00.0178 6716 AmdPPM - ok
19:16:00.0218 6716 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:16:00.0269 6716 amdsata - ok
19:16:00.0307 6716 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:16:00.0320 6716 amdsbs - ok
19:16:00.0364 6716 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:16:00.0393 6716 amdxata - ok
19:16:00.0526 6716 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:16:00.0527 6716 AODDriver4.01 - ok
19:16:00.0541 6716 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:16:00.0542 6716 AODDriver4.1 - ok
19:16:00.0586 6716 [ 419DFC4FCF642A3D8D9794C15FCA92FD ] AODService C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
19:16:00.0587 6716 AODService - ok
19:16:00.0637 6716 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:16:00.0638 6716 AppID - ok
19:16:00.0651 6716 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:16:00.0653 6716 AppIDSvc - ok
19:16:00.0665 6716 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:16:00.0667 6716 Appinfo - ok
19:16:00.0720 6716 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:16:00.0721 6716 Apple Mobile Device - ok
19:16:00.0771 6716 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:16:00.0773 6716 arc - ok
19:16:00.0785 6716 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:16:00.0787 6716 arcsas - ok
19:16:00.0791 6716 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:16:00.0792 6716 AsyncMac - ok
19:16:00.0808 6716 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:16:00.0808 6716 atapi - ok
19:16:00.0877 6716 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:16:00.0879 6716 AtiHDAudioService - ok
19:16:00.0897 6716 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:16:00.0903 6716 AudioEndpointBuilder - ok
19:16:00.0912 6716 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:16:00.0915 6716 AudioSrv - ok
19:16:00.0959 6716 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:16:00.0961 6716 AxInstSV - ok
19:16:01.0006 6716 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:16:01.0011 6716 b06bdrv - ok
19:16:01.0054 6716 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:16:01.0058 6716 b57nd60a - ok
19:16:01.0117 6716 [ E49110A58A32E9450356686A95DD7763 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
19:16:01.0125 6716 BCMH43XX - ok
19:16:01.0148 6716 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:16:01.0159 6716 BDESVC - ok
19:16:01.0191 6716 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:16:01.0192 6716 Beep - ok
19:16:01.0251 6716 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:16:01.0257 6716 BFE - ok
19:16:01.0299 6716 [ 07132255ADCB05CD7078B6C7B7215058 ] BfEdge7x64 C:\Windows\system32\DRIVERS\Edge7x64.sys
19:16:01.0300 6716 BfEdge7x64 - ok
19:16:01.0346 6716 [ 33B114FC0394358DB521828B6F6ACC54 ] BFN7x64 C:\Windows\system32\DRIVERS\Xeno7x64.sys
19:16:01.0348 6716 BFN7x64 - ok
19:16:01.0553 6716 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120905.001\BHDrvx64.sys
19:16:01.0566 6716 BHDrvx64 - ok
19:16:01.0677 6716 [ 3AA3791DE4E7AEDA470649B8E9543C5A ] Bigfoot Networks Killer Service C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
19:16:01.0679 6716 Bigfoot Networks Killer Service - ok
19:16:01.0706 6716 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
19:16:01.0716 6716 BITS - ok
19:16:01.0757 6716 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:16:01.0758 6716 blbdrive - ok
19:16:01.0834 6716 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:16:01.0836 6716 Bonjour Service - ok
19:16:01.0887 6716 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:16:01.0889 6716 bowser - ok
19:16:01.0903 6716 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:16:01.0904 6716 BrFiltLo - ok
19:16:01.0919 6716 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:16:01.0920 6716 BrFiltUp - ok
19:16:01.0963 6716 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:16:01.0965 6716 BridgeMP - ok
19:16:01.0989 6716 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:16:01.0991 6716 Browser - ok
19:16:02.0115 6716 [ 7EFFCCD7B6EA4D3428F5B3ACE8DE8F5A ] Browser Defender Update Service C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
19:16:02.0118 6716 Browser Defender Update Service - ok
19:16:02.0141 6716 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:16:02.0144 6716 Brserid - ok
19:16:02.0166 6716 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:16:02.0168 6716 BrSerWdm - ok
19:16:02.0181 6716 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:16:02.0182 6716 BrUsbMdm - ok
19:16:02.0191 6716 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:16:02.0193 6716 BrUsbSer - ok
19:16:02.0209 6716 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:16:02.0211 6716 BTHMODEM - ok
19:16:02.0233 6716 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:16:02.0235 6716 bthserv - ok
19:16:02.0368 6716 catchme - ok
19:16:02.0446 6716 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys
19:16:02.0449 6716 ccSet_N360 - ok
19:16:02.0470 6716 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:16:02.0471 6716 cdfs - ok
19:16:02.0528 6716 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:16:02.0530 6716 cdrom - ok
19:16:02.0566 6716 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:16:02.0567 6716 CertPropSvc - ok
19:16:02.0600 6716 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:16:02.0601 6716 circlass - ok
19:16:02.0618 6716 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:16:02.0622 6716 CLFS - ok
19:16:02.0669 6716 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:16:02.0671 6716 clr_optimization_v2.0.50727_32 - ok
19:16:02.0710 6716 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:16:02.0711 6716 clr_optimization_v2.0.50727_64 - ok
19:16:02.0783 6716 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:16:02.0785 6716 clr_optimization_v4.0.30319_32 - ok
19:16:02.0843 6716 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:16:02.0845 6716 clr_optimization_v4.0.30319_64 - ok
19:16:02.0876 6716 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
19:16:02.0877 6716 CmBatt - ok
19:16:02.0886 6716 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:16:02.0887 6716 cmdide - ok
19:16:02.0920 6716 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:16:02.0925 6716 CNG - ok
19:16:02.0929 6716 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:16:02.0930 6716 Compbatt - ok
19:16:02.0958 6716 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:16:02.0960 6716 CompositeBus - ok
19:16:02.0978 6716 COMSysApp - ok
19:16:03.0024 6716 cpuz134 - ok
19:16:03.0051 6716 [ C08063F052308B6F5882482615387F30 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
19:16:03.0053 6716 cpuz135 - ok
19:16:03.0072 6716 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:16:03.0073 6716 crcdisk - ok
19:16:03.0124 6716 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:16:03.0126 6716 CryptSvc - ok
19:16:03.0149 6716 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:16:03.0155 6716 DcomLaunch - ok
19:16:03.0182 6716 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:16:03.0196 6716 defragsvc - ok
19:16:03.0220 6716 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:16:03.0222 6716 DfsC - ok
19:16:03.0262 6716 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:16:03.0265 6716 Dhcp - ok
19:16:03.0281 6716 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:16:03.0282 6716 discache - ok
19:16:03.0317 6716 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:16:03.0319 6716 Disk - ok
19:16:03.0332 6716 dlcc_device - ok
19:16:03.0368 6716 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:16:03.0370 6716 Dnscache - ok
19:16:03.0393 6716 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:16:03.0397 6716 dot3svc - ok
19:16:03.0408 6716 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:16:03.0410 6716 DPS - ok
19:16:03.0454 6716 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:16:03.0455 6716 drmkaud - ok
19:16:03.0488 6716 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:16:03.0497 6716 DXGKrnl - ok
19:16:03.0551 6716 [ 465400278B82F85E590D09AE4F57AD61 ] Dyyno Launcher C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
19:16:03.0554 6716 Dyyno Launcher - ok
19:16:03.0564 6716 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:16:03.0566 6716 EapHost - ok
19:16:03.0629 6716 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:16:03.0658 6716 ebdrv - ok
19:16:03.0708 6716 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:16:03.0713 6716 eeCtrl - ok
19:16:03.0745 6716 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:16:03.0746 6716 EFS - ok
19:16:03.0809 6716 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:16:03.0815 6716 ehRecvr - ok
19:16:03.0864 6716 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:16:03.0867 6716 ehSched - ok
19:16:03.0891 6716 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:16:03.0897 6716 elxstor - ok
19:16:03.0943 6716 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:16:03.0945 6716 EraserUtilRebootDrv - ok
19:16:03.0953 6716 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:16:03.0954 6716 ErrDev - ok
19:16:04.0018 6716 [ DF96C3CD6AE15F6D0A6BCB70F9C1E88D ] esgiguard C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
19:16:04.0019 6716 esgiguard - ok
19:16:04.0041 6716 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:16:04.0045 6716 EventSystem - ok
19:16:04.0060 6716 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:16:04.0062 6716 exfat - ok
19:16:04.0083 6716 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:16:04.0086 6716 fastfat - ok
19:16:04.0126 6716 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:16:04.0134 6716 Fax - ok
19:16:04.0148 6716 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:16:04.0150 6716 fdc - ok
19:16:04.0193 6716 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:16:04.0194 6716 fdPHost - ok
19:16:04.0206 6716 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:16:04.0207 6716 FDResPub - ok
19:16:04.0216 6716 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:16:04.0218 6716 FileInfo - ok
19:16:04.0231 6716 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:16:04.0232 6716 Filetrace - ok
19:16:04.0247 6716 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:16:04.0249 6716 flpydisk - ok
19:16:04.0282 6716 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:16:04.0285 6716 FltMgr - ok
19:16:04.0339 6716 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:16:04.0350 6716 FontCache - ok
19:16:04.0376 6716 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:16:04.0377 6716 FontCache3.0.0.0 - ok
19:16:04.0391 6716 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:16:04.0392 6716 FsDepends - ok
19:16:04.0443 6716 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
19:16:04.0445 6716 fssfltr - ok
19:16:04.0501 6716 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:16:04.0515 6716 fsssvc - ok
19:16:04.0542 6716 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:16:04.0544 6716 Fs_Rec - ok
19:16:04.0582 6716 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:16:04.0584 6716 fvevol - ok
19:16:04.0611 6716 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:16:04.0613 6716 gagp30kx - ok
19:16:04.0667 6716 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:16:04.0668 6716 GEARAspiWDM - ok
19:16:04.0700 6716 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:16:04.0708 6716 gpsvc - ok
19:16:04.0718 6716 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:16:04.0719 6716 hcw85cir - ok
19:16:04.0763 6716 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:16:04.0767 6716 HdAudAddService - ok
19:16:04.0799 6716 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:16:04.0800 6716 HDAudBus - ok
19:16:04.0816 6716 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:16:04.0817 6716 HidBatt - ok
19:16:04.0834 6716 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:16:04.0837 6716 HidBth - ok
19:16:04.0849 6716 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:16:04.0851 6716 HidIr - ok
19:16:04.0867 6716 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
19:16:04.0868 6716 hidserv - ok
19:16:04.0912 6716 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:16:04.0913 6716 HidUsb - ok
19:16:04.0967 6716 [ 8D1F00F4254C3EF428B715484940427C ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
19:16:04.0967 6716 HiPatchService - ok
19:16:04.0992 6716 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:16:04.0994 6716 hkmsvc - ok
19:16:05.0003 6716 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:16:05.0017 6716 HomeGroupListener - ok
19:16:05.0040 6716 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:16:05.0043 6716 HomeGroupProvider - ok
19:16:05.0067 6716 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:16:05.0069 6716 HpSAMD - ok
19:16:05.0115 6716 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:16:05.0122 6716 HTTP - ok
19:16:05.0134 6716 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:16:05.0135 6716 hwpolicy - ok
19:16:05.0168 6716 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:16:05.0170 6716 i8042prt - ok
19:16:05.0210 6716 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:16:05.0215 6716 iaStorV - ok
19:16:05.0248 6716 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:16:05.0257 6716 idsvc - ok
19:16:05.0352 6716 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120919.001\IDSvia64.sys
19:16:05.0358 6716 IDSVia64 - ok
19:16:05.0384 6716 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:16:05.0386 6716 iirsp - ok
19:16:05.0417 6716 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:16:05.0425 6716 IKEEXT - ok
19:16:05.0447 6716 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:16:05.0449 6716 intelide - ok
19:16:05.0479 6716 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
19:16:05.0542 6716 intelppm - ok
19:16:05.0565 6716 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:16:05.0585 6716 IPBusEnum - ok
19:16:05.0627 6716 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:16:05.0657 6716 IpFilterDriver - ok
19:16:05.0676 6716 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:16:05.0681 6716 iphlpsvc - ok
19:16:05.0686 6716 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:16:05.0688 6716 IPMIDRV - ok
19:16:05.0699 6716 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:16:05.0702 6716 IPNAT - ok
19:16:05.0763 6716 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:16:05.0767 6716 iPod Service - ok
19:16:05.0805 6716 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:16:05.0806 6716 IRENUM - ok
19:16:05.0817 6716 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:16:05.0818 6716 isapnp - ok
19:16:05.0832 6716 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:16:05.0835 6716 iScsiPrt - ok
19:16:05.0866 6716 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:16:05.0867 6716 kbdclass - ok
19:16:05.0896 6716 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:16:05.0898 6716 kbdhid - ok
19:16:05.0903 6716 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:16:05.0904 6716 KeyIso - ok
19:16:05.0931 6716 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:16:05.0932 6716 KSecDD - ok
19:16:05.0941 6716 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:16:05.0944 6716 KSecPkg - ok
19:16:05.0968 6716 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:16:05.0969 6716 ksthunk - ok
19:16:05.0994 6716 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:16:05.0999 6716 KtmRm - ok
19:16:06.0026 6716 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:16:06.0030 6716 LanmanServer - ok
19:16:06.0062 6716 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:16:06.0065 6716 LanmanWorkstation - ok
19:16:06.0105 6716 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
19:16:06.0107 6716 LGBusEnum - ok
19:16:06.0128 6716 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
19:16:06.0130 6716 LGVirHid - ok
19:16:06.0165 6716 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:16:06.0167 6716 lltdio - ok
19:16:06.0190 6716 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:16:06.0194 6716 lltdsvc - ok
19:16:06.0209 6716 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:16:06.0211 6716 lmhosts - ok
19:16:06.0251 6716 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:16:06.0252 6716 LSI_FC - ok
19:16:06.0267 6716 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:16:06.0269 6716 LSI_SAS - ok
19:16:06.0284 6716 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:16:06.0286 6716 LSI_SAS2 - ok
19:16:06.0301 6716 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:16:06.0303 6716 LSI_SCSI - ok
19:16:06.0320 6716 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:16:06.0322 6716 luafv - ok
19:16:06.0366 6716 [ 07389F6925E490D2DB7882110E99921C ] lvpepf64 C:\Windows\system32\DRIVERS\lv302a64.sys
19:16:06.0367 6716 lvpepf64 - ok
19:16:06.0386 6716 [ 7F0BA3A6E8996F15693C6B7D81DA049E ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
19:16:06.0394 6716 LVRS64 - ok
19:16:06.0426 6716 [ 5C3FF68267A5D242EE79EE01B993D6CE ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys
19:16:06.0428 6716 LVUSBS64 - ok
19:16:06.0448 6716 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:16:06.0450 6716 Mcx2Svc - ok
19:16:06.0511 6716 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:16:06.0512 6716 megasas - ok
19:16:06.0529 6716 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:16:06.0532 6716 MegaSR - ok
19:16:06.0577 6716 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:16:06.0579 6716 MMCSS - ok
19:16:06.0591 6716 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:16:06.0593 6716 Modem - ok
19:16:06.0624 6716 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:16:06.0625 6716 monitor - ok
19:16:06.0654 6716 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:16:06.0656 6716 mouclass - ok
19:16:06.0705 6716 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:16:06.0706 6716 mouhid - ok
19:16:06.0721 6716 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:16:06.0722 6716 mountmgr - ok
19:16:06.0804 6716 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:16:06.0806 6716 MozillaMaintenance - ok
19:16:06.0825 6716 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:16:06.0827 6716 mpio - ok
19:16:06.0842 6716 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:16:06.0843 6716 mpsdrv - ok
19:16:06.0872 6716 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:16:06.0880 6716 MpsSvc - ok
19:16:06.0898 6716 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:16:06.0900 6716 MRxDAV - ok
19:16:06.0933 6716 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:16:06.0935 6716 mrxsmb - ok
19:16:06.0964 6716 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:16:06.0968 6716 mrxsmb10 - ok
19:16:06.0977 6716 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:16:06.0979 6716 mrxsmb20 - ok
19:16:06.0998 6716 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:16:06.0999 6716 msahci - ok
19:16:07.0015 6716 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:16:07.0018 6716 msdsm - ok
19:16:07.0033 6716 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:16:07.0036 6716 MSDTC - ok
19:16:07.0049 6716 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:16:07.0051 6716 Msfs - ok
19:16:07.0081 6716 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:16:07.0082 6716 mshidkmdf - ok
19:16:07.0089 6716 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:16:07.0091 6716 msisadrv - ok
19:16:07.0113 6716 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:16:07.0123 6716 MSiSCSI - ok
19:16:07.0127 6716 msiserver - ok
19:16:07.0155 6716 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:16:07.0156 6716 MSKSSRV - ok
19:16:07.0173 6716 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:16:07.0174 6716 MSPCLOCK - ok
19:16:07.0178 6716 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:16:07.0179 6716 MSPQM - ok

 

[andrew ellis]

19:16:07.0196 6716 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:16:07.0201 6716 MsRPC - ok
19:16:07.0212 6716 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:16:07.0212 6716 mssmbios - ok
19:16:07.0220 6716 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:16:07.0221 6716 MSTEE - ok
19:16:07.0230 6716 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:16:07.0231 6716 MTConfig - ok
19:16:07.0281 6716 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
19:16:07.0282 6716 MTsensor - ok
19:16:07.0294 6716 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:16:07.0296 6716 Mup - ok
19:16:07.0356 6716 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\ccSvcHst.exe
19:16:07.0357 6716 N360 - ok
19:16:07.0383 6716 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:16:07.0388 6716 napagent - ok
19:16:07.0436 6716 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:16:07.0440 6716 NativeWifiP - ok
19:16:07.0501 6716 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120919.023\ENG64.SYS
19:16:07.0535 6716 NAVENG - ok
19:16:07.0612 6716 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120919.023\EX64.SYS
19:16:07.0631 6716 NAVEX15 - ok
19:16:07.0745 6716 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:16:07.0753 6716 NDIS - ok
19:16:07.0802 6716 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:16:07.0804 6716 NdisCap - ok
19:16:07.0832 6716 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:16:07.0834 6716 NdisTapi - ok
19:16:07.0860 6716 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:16:07.0862 6716 Ndisuio - ok
19:16:07.0873 6716 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:16:07.0876 6716 NdisWan - ok
19:16:07.0890 6716 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:16:07.0892 6716 NDProxy - ok
19:16:07.0904 6716 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:16:07.0905 6716 NetBIOS - ok
19:16:07.0914 6716 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:16:07.0917 6716 NetBT - ok
19:16:07.0928 6716 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:16:07.0929 6716 Netlogon - ok
19:16:07.0966 6716 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:16:07.0971 6716 Netman - ok
19:16:07.0985 6716 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:16:07.0990 6716 netprofm - ok
19:16:08.0012 6716 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:16:08.0014 6716 NetTcpPortSharing - ok
19:16:08.0036 6716 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:16:08.0038 6716 nfrd960 - ok
19:16:08.0054 6716 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:16:08.0057 6716 NlaSvc - ok
19:16:08.0066 6716 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:16:08.0068 6716 Npfs - ok
19:16:08.0088 6716 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:16:08.0089 6716 nsi - ok
19:16:08.0102 6716 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:16:08.0103 6716 nsiproxy - ok
19:16:08.0159 6716 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:16:08.0174 6716 Ntfs - ok
19:16:08.0185 6716 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:16:08.0187 6716 Null - ok
19:16:08.0226 6716 [ 8EBCB9165EE7F1571842F4D9D624A74C ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
19:16:08.0228 6716 nusb3hub - ok
19:16:08.0265 6716 [ 5D54DBB12BBFE07CC283FD39F2CD6D63 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:16:08.0268 6716 nusb3xhc - ok
19:16:08.0283 6716 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:16:08.0286 6716 nvraid - ok
19:16:08.0300 6716 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:16:08.0303 6716 nvstor - ok
19:16:08.0320 6716 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:16:08.0322 6716 nv_agp - ok
19:16:08.0422 6716 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:16:08.0428 6716 odserv - ok
19:16:08.0452 6716 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:16:08.0454 6716 ohci1394 - ok
19:16:08.0518 6716 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:16:08.0521 6716 ose - ok
19:16:08.0552 6716 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:16:08.0556 6716 p2pimsvc - ok
19:16:08.0568 6716 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:16:08.0574 6716 p2psvc - ok
19:16:08.0588 6716 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
19:16:08.0590 6716 Parport - ok
19:16:08.0621 6716 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:16:08.0623 6716 partmgr - ok
19:16:08.0637 6716 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:16:08.0640 6716 PcaSvc - ok
19:16:08.0662 6716 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:16:08.0664 6716 pci - ok
19:16:08.0675 6716 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:16:08.0687 6716 pciide - ok
19:16:08.0705 6716 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:16:08.0708 6716 pcmcia - ok
19:16:08.0734 6716 [ A87932FF09593BA8D197667A13E2A628 ] PCTBD C:\Windows\system32\Drivers\PCTBD64.sys
19:16:08.0735 6716 PCTBD - ok
19:16:08.0783 6716 [ 876FD95B7A3B7FE6179FBD16E7A6486C ] PCTCore C:\Windows\system32\drivers\PCTCore64.sys
19:16:08.0787 6716 PCTCore - ok
19:16:08.0803 6716 [ BA1F42A42F405F62CEFF6B69A2797F7C ] pctDS C:\Windows\system32\drivers\pctDS64.sys
19:16:08.0809 6716 pctDS - ok
19:16:08.0833 6716 [ 146CC91C93CED13E7FE40E8D8615BE39 ] pctEFA C:\Windows\system32\drivers\pctEFA64.sys
19:16:08.0844 6716 pctEFA - ok
19:16:08.0898 6716 [ 2734C67950C2ECCF46D2709DB6CFFC20 ] pctgntdi C:\Windows\System32\drivers\pctgntdi64.sys
19:16:08.0902 6716 pctgntdi - ok
19:16:08.0912 6716 [ 8131A2C7B6D39A995DC73E20C31BC177 ] pctplsg C:\Windows\System32\drivers\pctplsg64.sys
19:16:08.0914 6716 pctplsg - ok
19:16:08.0941 6716 [ C4775E7F54F3CC6307B73462B1B802C6 ] PCTSD C:\Windows\system32\Drivers\PCTSD64.sys
19:16:08.0944 6716 PCTSD - ok
19:16:08.0974 6716 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:16:08.0978 6716 pcw - ok
19:16:08.0996 6716 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:16:09.0002 6716 PEAUTH - ok
19:16:09.0073 6716 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:16:09.0074 6716 PerfHost - ok
19:16:09.0166 6716 [ 087A343DFC337F37723DD7912DE6B6CD ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS
19:16:09.0189 6716 PID_PEPI - ok
19:16:09.0232 6716 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:16:09.0245 6716 pla - ok
19:16:09.0298 6716 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:16:09.0303 6716 PlugPlay - ok
19:16:09.0324 6716 PnkBstrA - ok
19:16:09.0328 6716 PnkBstrB - ok
19:16:09.0349 6716 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:16:09.0351 6716 PNRPAutoReg - ok
19:16:09.0360 6716 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:16:09.0363 6716 PNRPsvc - ok
19:16:09.0386 6716 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:16:09.0391 6716 PolicyAgent - ok
19:16:09.0420 6716 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:16:09.0423 6716 Power - ok
19:16:09.0442 6716 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:16:09.0445 6716 PptpMiniport - ok
19:16:09.0488 6716 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:16:09.0493 6716 Processor - ok
19:16:09.0560 6716 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:16:09.0563 6716 ProfSvc - ok
19:16:09.0578 6716 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:16:09.0579 6716 ProtectedStorage - ok
19:16:09.0627 6716 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:16:09.0629 6716 Psched - ok
19:16:09.0668 6716 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:16:09.0683 6716 ql2300 - ok
19:16:09.0711 6716 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:16:09.0713 6716 ql40xx - ok
19:16:09.0772 6716 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:16:09.0811 6716 QWAVE - ok
19:16:09.0833 6716 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:16:09.0834 6716 QWAVEdrv - ok
19:16:09.0848 6716 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:16:09.0849 6716 RasAcd - ok
19:16:09.0876 6716 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:16:09.0877 6716 RasAgileVpn - ok
19:16:09.0891 6716 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:16:09.0902 6716 RasAuto - ok
19:16:09.0917 6716 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:16:09.0920 6716 Rasl2tp - ok
19:16:09.0930 6716 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:16:09.0935 6716 RasMan - ok
19:16:09.0942 6716 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:16:09.0944 6716 RasPppoe - ok
19:16:09.0956 6716 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:16:09.0958 6716 RasSstp - ok
19:16:09.0973 6716 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:16:09.0977 6716 rdbss - ok
19:16:09.0997 6716 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:16:09.0999 6716 rdpbus - ok
19:16:10.0007 6716 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:16:10.0007 6716 RDPCDD - ok
19:16:10.0038 6716 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:16:10.0038 6716 RDPENCDD - ok
19:16:10.0052 6716 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:16:10.0053 6716 RDPREFMP - ok
19:16:10.0076 6716 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:16:10.0078 6716 RDPWD - ok
19:16:10.0112 6716 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:16:10.0115 6716 rdyboost - ok
19:16:10.0134 6716 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:16:10.0136 6716 RemoteAccess - ok
19:16:10.0151 6716 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:16:10.0154 6716 RemoteRegistry - ok
19:16:10.0164 6716 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:16:10.0166 6716 RpcEptMapper - ok
19:16:10.0177 6716 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:16:10.0179 6716 RpcLocator - ok
19:16:10.0198 6716 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:16:10.0202 6716 RpcSs - ok
19:16:10.0209 6716 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:16:10.0211 6716 rspndr - ok
19:16:10.0284 6716 [ 2E887E52E45BBA3C47CCD0E75FC5266F ] RTCore64 C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
19:16:10.0285 6716 RTCore64 - ok
19:16:10.0333 6716 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:16:10.0339 6716 RTL8167 - ok
19:16:10.0385 6716 [ B674400273552406F11A02387222CD0F ] rzjoystk C:\Windows\system32\DRIVERS\rzjoystk.sys
19:16:10.0386 6716 rzjoystk - ok
19:16:10.0436 6716 [ 95CBC73E98F4A5EF4366DBB4B4E5D436 ] RzSynapse C:\Windows\system32\DRIVERS\RzSynapse.sys
19:16:10.0437 6716 RzSynapse - ok
19:16:10.0453 6716 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:16:10.0454 6716 SamSs - ok
19:16:10.0467 6716 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:16:10.0469 6716 sbp2port - ok
19:16:10.0578 6716 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
19:16:10.0596 6716 SBSDWSCService - ok
19:16:10.0632 6716 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:16:10.0660 6716 SCardSvr - ok
19:16:10.0687 6716 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:16:10.0688 6716 scfilter - ok
19:16:10.0711 6716 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:16:10.0722 6716 Schedule - ok
19:16:10.0755 6716 [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
19:16:10.0757 6716 SCMNdisP - ok
19:16:10.0782 6716 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:16:10.0783 6716 SCPolicySvc - ok
19:16:10.0873 6716 [ CFEB26A26452D5337C2F3AADD8218FC3 ] sdAuxService C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
19:16:10.0876 6716 sdAuxService - ok
19:16:10.0908 6716 [ B906C04F469060F2DD7FCB84706B4493 ] sdCoreService C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
19:16:10.0914 6716 sdCoreService - ok
19:16:10.0943 6716 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:16:10.0947 6716 SDRSVC - ok
19:16:10.0994 6716 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:16:10.0996 6716 secdrv - ok
19:16:11.0003 6716 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:16:11.0005 6716 seclogon - ok
19:16:11.0018 6716 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
19:16:11.0020 6716 SENS - ok
19:16:11.0027 6716 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:16:11.0029 6716 SensrSvc - ok
19:16:11.0040 6716 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:16:11.0041 6716 Serenum - ok
19:16:11.0056 6716 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:16:11.0058 6716 Serial - ok
19:16:11.0090 6716 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:16:11.0092 6716 sermouse - ok
19:16:11.0107 6716 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:16:11.0110 6716 SessionEnv - ok
19:16:11.0124 6716 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:16:11.0125 6716 sffdisk - ok
19:16:11.0132 6716 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:16:11.0133 6716 sffp_mmc - ok
19:16:11.0142 6716 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:16:11.0143 6716 sffp_sd - ok
19:16:11.0151 6716 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:16:11.0152 6716 sfloppy - ok
19:16:11.0174 6716 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:16:11.0178 6716 SharedAccess - ok
19:16:11.0210 6716 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:16:11.0244 6716 ShellHWDetection - ok
19:16:11.0302 6716 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:16:11.0325 6716 SiSRaid2 - ok
19:16:11.0386 6716 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:16:11.0409 6716 SiSRaid4 - ok
19:16:11.0480 6716 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:16:11.0482 6716 SkypeUpdate - ok
19:16:11.0524 6716 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:16:11.0527 6716 Smb - ok
19:16:11.0598 6716 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:16:11.0600 6716 SNMPTRAP - ok
19:16:11.0622 6716 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:16:11.0623 6716 spldr - ok
19:16:11.0667 6716 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:16:11.0673 6716 Spooler - ok
19:16:11.0763 6716 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:16:11.0789 6716 sppsvc - ok
19:16:11.0818 6716 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:16:11.0840 6716 sppuinotify - ok
19:16:11.0940 6716 [ 2ED464C8CBC399E69FBF776A8EBC3302 ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
19:16:11.0949 6716 SpyHunter 4 Service - ok
19:16:12.0016 6716 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\N360x64\0603000.00E\SRTSP64.SYS
19:16:12.0023 6716 SRTSP - ok
19:16:12.0033 6716 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\N360x64\0603000.00E\SRTSPX64.SYS
19:16:12.0034 6716 SRTSPX - ok
19:16:12.0068 6716 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:16:12.0073 6716 srv - ok
19:16:12.0088 6716 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:16:12.0093 6716 srv2 - ok
19:16:12.0107 6716 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:16:12.0110 6716 srvnet - ok
19:16:12.0149 6716 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:16:12.0152 6716 SSDPSRV - ok
19:16:12.0159 6716 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:16:12.0161 6716 SstpSvc - ok
19:16:12.0190 6716 Steam Client Service - ok
19:16:12.0218 6716 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:16:12.0219 6716 stexstor - ok
19:16:12.0266 6716 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:16:12.0279 6716 stisvc - ok
19:16:12.0321 6716 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:16:12.0342 6716 swenum - ok
19:16:12.0393 6716 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:16:12.0412 6716 swprv - ok
19:16:12.0461 6716 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS
19:16:12.0488 6716 SymDS - ok
19:16:12.0561 6716 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS
19:16:12.0573 6716 SymEFA - ok
19:16:12.0833 6716 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:16:12.0854 6716 SymEvent - ok
19:16:12.0867 6716 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS
19:16:12.0870 6716 SymIRON - ok
19:16:12.0892 6716 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\N360x64\0603000.00E\SYMNETS.SYS
19:16:12.0899 6716 SymNetS - ok
19:16:13.0023 6716 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:16:13.0054 6716 SysMain - ok
19:16:13.0162 6716 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:16:13.0194 6716 TabletInputService - ok
19:16:13.0225 6716 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:16:13.0229 6716 TapiSrv - ok
19:16:13.0251 6716 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:16:13.0253 6716 TBS - ok
19:16:13.0345 6716 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:16:13.0362 6716 Tcpip - ok
19:16:13.0540 6716 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:16:13.0549 6716 TCPIP6 - ok
19:16:13.0593 6716 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:16:13.0600 6716 tcpipreg - ok
19:16:13.0618 6716 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:16:13.0620 6716 TDPIPE - ok
19:16:13.0682 6716 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:16:13.0684 6716 TDTCP - ok
19:16:13.0736 6716 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:16:13.0739 6716 tdx - ok
19:16:13.0764 6716 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:16:13.0766 6716 TermDD - ok
19:16:13.0969 6716 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:16:13.0997 6716 TermService - ok
19:16:14.0045 6716 [ 9CD5C339754E2310790CA27DBBD31F88 ] TfFsMon C:\Windows\system32\drivers\TfFsMon.sys
19:16:14.0047 6716 TfFsMon - ok
19:16:14.0067 6716 [ 00809507FAFA1BE93DBBACE5029F27BB ] TfNetMon C:\Windows\system32\drivers\TfNetMon.sys
19:16:14.0069 6716 TfNetMon - ok
19:16:14.0103 6716 [ 3593A7B1264FBA24FE9E097A99B3E848 ] TFSysMon C:\Windows\system32\drivers\TfSysMon.sys
19:16:14.0121 6716 TFSysMon - ok
19:16:14.0133 6716 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:16:14.0135 6716 Themes - ok
19:16:14.0160 6716 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:16:14.0161 6716 THREADORDER - ok
19:16:14.0192 6716 ThreatFire - ok
19:16:14.0268 6716 [ E9CA6ED72EA9F56BD6E98C7042092A1C ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
19:16:14.0269 6716 TomTomHOMEService - ok
19:16:14.0319 6716 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:16:14.0322 6716 TrkWks - ok
19:16:14.0354 6716 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:16:14.0355 6716 TrustedInstaller - ok
19:16:14.0376 6716 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:16:14.0378 6716 tssecsrv - ok
19:16:14.0408 6716 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:16:14.0409 6716 TsUsbFlt - ok
19:16:14.0422 6716 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:16:14.0424 6716 TsUsbGD - ok
19:16:14.0435 6716 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:16:14.0438 6716 tunnel - ok
19:16:14.0453 6716 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:16:14.0455 6716 uagp35 - ok
19:16:14.0466 6716 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:16:14.0470 6716 udfs - ok
19:16:14.0488 6716 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:16:14.0491 6716 UI0Detect - ok
19:16:14.0505 6716 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:16:14.0506 6716 uliagpkx - ok
19:16:14.0536 6716 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:16:14.0537 6716 umbus - ok
19:16:14.0551 6716 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:16:14.0552 6716 UmPass - ok
19:16:14.0570 6716 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:16:14.0573 6716 upnphost - ok
19:16:14.0618 6716 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:16:14.0620 6716 USBAAPL64 - ok
19:16:14.0660 6716 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:16:14.0662 6716 usbaudio - ok
19:16:14.0685 6716 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:16:14.0687 6716 usbccgp - ok
19:16:14.0709 6716 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:16:14.0711 6716 usbcir - ok
19:16:14.0722 6716 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:16:14.0724 6716 usbehci - ok
19:16:14.0762 6716 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:16:14.0766 6716 usbhub - ok
19:16:14.0773 6716 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:16:14.0774 6716 usbohci - ok
19:16:14.0783 6716 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:16:14.0785 6716 usbprint - ok
19:16:14.0817 6716 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:16:14.0819 6716 usbscan - ok
19:16:14.0828 6716 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:16:14.0834 6716 USBSTOR - ok
19:16:14.0856 6716 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:16:14.0857 6716 usbuhci - ok
19:16:14.0877 6716 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:16:14.0879 6716 UxSms - ok
19:16:14.0894 6716 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:16:14.0895 6716 VaultSvc - ok
19:16:14.0930 6716 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:16:14.0931 6716 vdrvroot - ok
19:16:14.0944 6716 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:16:14.0950 6716 vds - ok
19:16:14.0962 6716 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:16:14.0963 6716 vga - ok
19:16:14.0973 6716 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:16:14.0974 6716 VgaSave - ok
19:16:14.0989 6716 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:16:14.0992 6716 vhdmp - ok
19:16:15.0010 6716 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:16:15.0011 6716 viaide - ok
19:16:15.0023 6716 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:16:15.0025 6716 volmgr - ok
19:16:15.0043 6716 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:16:15.0047 6716 volmgrx - ok
19:16:15.0063 6716 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:16:15.0066 6716 volsnap - ok
19:16:15.0078 6716 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:16:15.0081 6716 vsmraid - ok
19:16:15.0115 6716 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:16:15.0124 6716 VSS - ok
19:16:15.0135 6716 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:16:15.0137 6716 vwifibus - ok
19:16:15.0152 6716 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:16:15.0161 6716 vwififlt - ok
19:16:15.0186 6716 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:16:15.0189 6716 W32Time - ok
19:16:15.0204 6716 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:16:15.0206 6716 WacomPen - ok
19:16:15.0240 6716 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:16:15.0250 6716 WANARP - ok
19:16:15.0262 6716 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:16:15.0263 6716 Wanarpv6 - ok
19:16:15.0322 6716 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:16:15.0334 6716 WatAdminSvc - ok
19:16:15.0376 6716 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:16:15.0391 6716 wbengine - ok
19:16:15.0404 6716 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:16:15.0408 6716 WbioSrvc - ok
19:16:15.0434 6716 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:16:15.0460 6716 wcncsvc - ok
19:16:15.0481 6716 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:16:15.0485 6716 WcsPlugInService - ok
19:16:15.0505 6716 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:16:15.0506 6716 Wd - ok
19:16:15.0530 6716 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:16:15.0537 6716 Wdf01000 - ok
19:16:15.0584 6716 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:16:15.0586 6716 WdiServiceHost - ok
19:16:15.0589 6716 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:16:15.0591 6716 WdiSystemHost - ok
19:16:15.0620 6716 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:16:15.0624 6716 WebClient - ok
19:16:15.0663 6716 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:16:15.0667 6716 Wecsvc - ok
19:16:15.0683 6716 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:16:15.0684 6716 wercplsupport - ok
19:16:15.0718 6716 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:16:15.0721 6716 WerSvc - ok
19:16:15.0758 6716 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:16:15.0760 6716 WfpLwf - ok
19:16:15.0772 6716 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:16:15.0773 6716 WIMMount - ok
19:16:15.0787 6716 WinDefend - ok
19:16:15.0792 6716 WinHttpAutoProxySvc - ok
19:16:15.0826 6716 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:16:15.0829 6716 Winmgmt - ok
19:16:15.0876 6716 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:16:15.0896 6716 WinRM - ok
19:16:15.0935 6716 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:16:15.0936 6716 WinUsb - ok
19:16:15.0955 6716 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:16:15.0965 6716 Wlansvc - ok
19:16:16.0013 6716 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:16:16.0015 6716 wlcrasvc - ok
19:16:16.0112 6716 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:16:16.0128 6716 wlidsvc - ok
19:16:16.0175 6716 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:16:16.0176 6716 WmiAcpi - ok
19:16:16.0195 6716 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:16:16.0197 6716 wmiApSrv - ok
19:16:16.0214 6716 WMPNetworkSvc - ok
19:16:16.0226 6716 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:16:16.0228 6716 WPCSvc - ok
19:16:16.0245 6716 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:16:16.0248 6716 WPDBusEnum - ok
19:16:16.0264 6716 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:16:16.0266 6716 ws2ifsl - ok
19:16:16.0277 6716 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
19:16:16.0279 6716 wscsvc - ok
19:16:16.0284 6716 WSearch - ok
19:16:16.0335 6716 [ A2C4DC335656FB7A5A3AC076282534CB ] WSWNDA3100 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
19:16:16.0336 6716 WSWNDA3100 - ok
19:16:16.0398 6716 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:16:16.0420 6716 wuauserv - ok
19:16:16.0432 6716 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:16:16.0434 6716 WudfPf - ok
19:16:16.0474 6716 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:16:16.0477 6716 WUDFRd - ok
19:16:16.0491 6716 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:16:16.0493 6716 wudfsvc - ok
19:16:16.0509 6716 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:16:16.0513 6716 WwanSvc - ok
19:16:16.0577 6716 X6va005 - ok
19:16:16.0615 6716 [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
19:16:16.0616 6716 xusb21 - ok
19:16:16.0647 6716 ================ Scan global ===============================
19:16:16.0679 6716 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:16:16.0706 6716 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:16:16.0713 6716 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:16:16.0734 6716 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:16:16.0761 6716 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:16:16.0765 6716 [Global] - ok
19:16:16.0766 6716 ================ Scan MBR ==================================
19:16:16.0775 6716 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:16:16.0776 6716 Suspicious mbr (Forged): \Device\Harddisk0\DR0
19:16:16.0817 6716 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
19:16:16.0817 6716 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
19:16:16.0817 6716 ================ Scan VBR ==================================
19:16:16.0820 6716 [ F88F69E699C80695E38699AA7A6DED05 ] \Device\Harddisk0\DR0\Partition1
19:16:16.0821 6716 \Device\Harddisk0\DR0\Partition1 - ok
19:16:16.0846 6716 [ 636C55A8670B4C60A5C0500254CA7077 ] \Device\Harddisk0\DR0\Partition2
19:16:16.0847 6716 \Device\Harddisk0\DR0\Partition2 - ok
19:16:16.0848 6716 ============================================================
19:16:16.0848 6716 Scan finished
19:16:16.0848 6716 ============================================================
19:16:16.0857 13124 Detected object count: 1
19:16:16.0857 13124 Actual detected object count: 1
19:16:38.0993 13124 \Device\Harddisk0\DR0\# - copied to quarantine
19:16:38.0996 13124 \Device\Harddisk0\DR0 - copied to quarantine
19:16:39.0040 13124 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
19:16:39.0043 13124 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
19:16:39.0059 13124 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:16:39.0068 13124 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:16:39.0070 13124 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
19:16:39.0072 13124 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:16:39.0074 13124 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
19:16:39.0077 13124 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:16:39.0080 13124 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:16:39.0082 13124 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
19:16:39.0084 13124 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
19:16:39.0085 13124 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
19:16:39.0135 13124 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
19:16:39.0168 13124 \Device\Harddisk0\DR0 - ok
19:16:39.0177 13124 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
19:16:57.0983 10304 Deinitialize success

 

[Broni]

Good

Re-run MBAM and post new log.

 

[andrew ellis]

I have a feeling 0's are good lol....

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.21.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
andrew :: ANDREW-PC [administrator]

9/21/2012 7:38:02 PM
mbam-log-2012-09-21 (19-38-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218621
Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[Broni]

Looks good

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

 

[andrew ellis]

The looks of that program would make me not want to run it unless someone like you told me to lol. Here you go:

RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : andrew [Admin rights]
Mode : Remove -- Date : 09/21/2012 19:49:57

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{9163fd51-9d11-aa1b-0d60-1aaaee5082a6}\L --> REMOVED
[ZeroAccess][FILE] @ : C:\Users\andrew\AppData\Local\{9163fd51-9d11-aa1b-0d60-1aaaee5082a6}\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\andrew\AppData\Local\{9163fd51-9d11-aa1b-0d60-1aaaee5082a6}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\andrew\AppData\Local\{9163fd51-9d11-aa1b-0d60-1aaaee5082a6}\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721010CLA332 ATA Device +++++
--- User ---
[MBR] 88ff5be8d15f1a043a321293085d361b
[BSP] f2c8e128bf5e8be1896e7181e4ec8527 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Multi Flash Reader USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

 

[andrew ellis]

There was a second report...didn't see it until I looked at my desktop:

RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : andrew [Admin rights]
Mode : Scan -- Date : 09/21/2012 19:49:05

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{9163fd51-9d11-aa1b-0d60-1aaaee5082a6}\L --> FOUND
[ZeroAccess][FILE] @ : C:\Users\andrew\AppData\Local\{9163fd51-9d11-aa1b-0d60-1aaaee5082a6}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\andrew\AppData\Local\{9163fd51-9d11-aa1b-0d60-1aaaee5082a6}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Users\andrew\AppData\Local\{9163fd51-9d11-aa1b-0d60-1aaaee5082a6}\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721010CLA332 ATA Device +++++
--- User ---
[MBR] 88ff5be8d15f1a043a321293085d361b
[BSP] f2c8e128bf5e8be1896e7181e4ec8527 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

 

[andrew ellis]

Also I have a second "Computer" icon on my desktop, a user folder, and the RK Quaranteen folder....was that supposed to happen?

These were not there before the scan.

 

[Broni]

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt

 

[andrew ellis]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2012
Ran by SYSTEM at 21-09-2012 20:27:34
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [6868280 2012-05-21] (Logitech Inc.)
HKLM\...\Run: [DLCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLCCtime.dll,RunDLLEntry [28672 2006-02-24] ()
HKLM\...\Run: [combofix] C:\ComboFix\CF5567.3XE /c C:\ComboFix\Combobatch.bat [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKU\Admin\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex [351904 2012-06-05] (Adobe Systems Incorporated)
HKU\andrew\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
HKU\andrew\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)

==================== Services (Whitelisted) ===================

2 ADVService; "C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe" [25704 2011-11-23] (Amazon.com)
2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136616 2011-10-13] ()
2 Bigfoot Networks Killer Service; "C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe" [490496 2011-12-22] ()
2 Browser Defender Update Service; "C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" [575448 2012-06-22] (Threat Expert Ltd.)
2 dlcc_device; C:\Windows\system32\dlcccoms.exe -service [566768 2007-01-30] ( )
2 dlcc_device; C:\Windows\SysWow64\dlcccoms.exe -service [538096 2007-01-30] ( )
2 Dyyno Launcher; C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [417408 2012-04-12] ()
2 N360; "C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-12-22] ()
2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [189248 2011-12-22] ()
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
3 sdAuxService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [402368 2012-06-22] (PC Tools)
3 sdCoreService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [1118680 2012-06-22] (PC Tools)
2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1019328 2012-08-21] (Enigma Software Group USA, LLC.)
3 ThreatFire; C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [71008 2012-06-22] (PC Tools)
2 TomTomHOMEService; "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" [92632 2012-06-21] (TomTom)
2 WSWNDA3100; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [272864 2010-08-19] ()
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

==================== Drivers (Whitelisted) =====================

2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
3 BfEdge7x64; C:\Windows\System32\DRIVERS\Edge7x64.sys [31336 2011-11-08] (Bigfoot Networks, Inc.)
3 BFN7x64; C:\Windows\System32\DRIVERS\Xeno7x64.sys [157288 2011-11-08] (Bigfoot Networks, Inc.)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120905.001\BHDrvx64.sys [1385120 2012-08-31] (Symantec Corporation)
1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-13] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-11] (Symantec Corporation)
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120919.001\IDSvia64.sys [513184 2012-09-06] (Symantec Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120919.023\ENG64.SYS [126112 2012-09-19] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120919.023\EX64.SYS [2084000 2012-09-19] (Symantec Corporation)
3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [85224 2012-06-22] (PC Tools)
0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [426616 2012-04-23] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [453896 2012-02-28] (PC Tools)
0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [1096176 2012-02-28] (PC Tools)
1 pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi64.sys [341200 2012-06-22] (PC Tools)
3 pctplsg; \??\C:\Windows\System32\drivers\pctplsg64.sys [92928 2012-06-22] (PC Tools)
1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [251560 2012-06-22] (PC Tools)
3 RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-05-26] ()
3 rzjoystk; C:\Windows\System32\Drivers\rzjoystk.sys [19968 2011-03-24] (Razer USA Ltd)
3 RzSynapse; C:\Windows\System32\Drivers\RzSynapse.sys [157184 2011-07-14] (Razer USA Ltd)
1 SRTSP; C:\Windows\System32\Drivers\N360x64\0603000.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360x64\0603000.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\0603000.00E\SYMDS64.SYS [451192 2011-08-15] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-08-11] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
0 TfFsMon; C:\Windows\System32\Drivers\TfFsMon.sys [65664 2012-06-22] (PC Tools)
3 TfNetMon; C:\Windows\System32\Drivers\TfNetMon.sys [41968 2012-06-22] (PC Tools)
0 TFSysMon; C:\Windows\System32\Drivers\TFSysMon.sys [706776 2012-06-22] (PC Tools)
3 ALSysIO; \??\C:\Users\andrew\AppData\Local\Temp\ALSysIO64.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 cpuz134; \??\C:\Users\andrew\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
3 X6va005; \??\C:\Users\andrew\AppData\Local\Temp\0052E51.tmp [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-09-21 19:17 - 2012-09-21 19:17 - 01454509 ____A (Farbar) C:\Users\andrew\Downloads\FRST64.exe
2012-09-21 18:49 - 2012-09-21 18:49 - 00002122 ____A C:\Users\andrew\Desktop\RKreport[1].txt
2012-09-21 18:49 - 2012-09-21 18:49 - 00002105 ____A C:\Users\andrew\Desktop\RKreport[2].txt
2012-09-21 18:48 - 2012-09-21 18:49 - 00000000 ____D C:\Users\andrew\Desktop\RK_Quarantine
2012-09-21 18:48 - 2012-09-21 18:48 - 01388032 ____A C:\Users\andrew\Downloads\RogueKiller.exe
2012-09-21 18:16 - 2012-09-21 18:16 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-09-21 18:05 - 2012-09-21 18:05 - 00000958 ____A C:\Users\Public\Desktop\jZip.lnk
2012-09-21 18:05 - 2012-09-21 18:05 - 00000000 ____D C:\Users\andrew\AppData\Local\jZip
2012-09-21 18:05 - 2012-09-17 18:25 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\andrew\Desktop\TDSSKiller.exe
2012-09-21 18:05 - 2011-01-01 00:14 - 00002254 ___RA C:\Users\andrew\Desktop\eula.txt
2012-09-21 18:04 - 2012-09-21 18:05 - 00000000 ____D C:\Program Files (x86)\jZip
2012-09-21 18:04 - 2012-09-21 18:04 - 07334464 ____A (Bandoo Media Inc.) C:\Users\andrew\Downloads\jZipV1.exe
2012-09-21 18:01 - 2012-09-21 18:02 - 02193278 ____A C:\Users\andrew\Downloads\tdsskiller.zip
2012-09-21 12:03 - 2012-09-21 12:06 - 00000000 ____D C:\Users\andrew\AppData\Roaming\ts3overlay
2012-09-21 12:02 - 2012-09-21 12:27 - 00000000 ____D C:\Users\andrew\AppData\Roaming\TS3Client
2012-09-21 12:01 - 2012-09-21 12:01 - 00000974 ____A C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2012-09-21 12:01 - 2012-09-21 12:01 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2012-09-21 12:00 - 2012-09-21 12:01 - 32179616 ____A (TeamSpeak Systems GmbH) C:\Users\andrew\Downloads\TeamSpeak3-Client-win64-3.0.8.1.exe
2012-09-21 11:29 - 2012-09-21 11:29 - 00016086 ____A C:\Users\andrew\Desktop\Attach.txt
2012-09-21 11:28 - 2012-09-21 11:28 - 00029153 ____A C:\Users\andrew\Desktop\DDS.txt
2012-09-21 11:24 - 2012-09-21 11:24 - 00607260 ____R (Swearware) C:\Users\andrew\Desktop\dds.com
2012-09-21 10:59 - 2012-09-21 10:59 - 00302592 ____A C:\Users\andrew\Desktop\ngrc845q.exe
2012-09-21 10:25 - 2012-09-21 10:25 - 00000757 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-21 10:25 - 2012-09-21 10:25 - 00000000 ____D C:\Users\andrew\Desktop\Malwarebytes' Anti-Malware
2012-09-21 10:25 - 2012-09-21 10:25 - 00000000 ____D C:\Users\andrew\AppData\Roaming\Malwarebytes
2012-09-21 10:25 - 2012-09-21 10:25 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-21 10:25 - 2012-09-07 16:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-21 10:24 - 2012-09-21 10:24 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\andrew\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-21 09:28 - 2012-09-21 09:47 - 00000000 ____D C:\ComboFix
2012-09-21 09:28 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-21 09:28 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-21 09:28 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-21 09:28 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-21 09:28 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-21 09:28 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-21 09:28 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-21 09:28 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-21 09:27 - 2012-09-21 09:28 - 04754290 ____A (Swearware) C:\Users\andrew\Downloads\ComboFix(1).exe
2012-09-21 08:50 - 2012-09-21 09:44 - 00000000 ____D C:\Windows\erdnt
2012-09-21 08:50 - 2012-09-21 09:28 - 00000000 ____D C:\Qoobox
2012-09-21 08:49 - 2012-09-21 09:23 - 04754290 ____R (Swearware) C:\Users\andrew\Downloads\ComboFix.exe
2012-09-21 00:53 - 2012-09-21 00:54 - 00000000 ____D C:\sh4ldr
2012-09-21 00:53 - 2012-09-21 00:53 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-09-21 00:52 - 2012-09-21 00:56 - 00000000 ____D C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-21 00:51 - 2012-09-21 00:51 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\andrew\Downloads\SpyHunter-Installer.exe
2012-09-20 21:25 - 2012-09-20 21:25 - 00000085 ____A C:\Windows\wininit.ini
2012-09-20 10:02 - 2011-11-17 08:41 - 00000000 ____A C:\Windows\System32\Drivers\etc\hosts.20120920-110218.backup
2012-09-20 09:47 - 2012-09-20 09:50 - 00018890 ____A C:\Windows\DirectX.log
2012-09-20 09:39 - 2012-09-20 21:25 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-09-20 09:39 - 2012-09-20 09:41 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-09-20 09:38 - 2012-09-20 09:38 - 16409960 ____A (Safer Networking Limited ) C:\Users\andrew\Downloads\spybotsd162.exe
2012-09-20 09:26 - 2012-09-21 18:18 - 00000616 ____A C:\Windows\setupact.log
2012-09-20 09:26 - 2012-09-20 09:26 - 00000000 ____A C:\Windows\setuperr.log
2012-09-19 21:13 - 2012-09-21 10:31 - 00003438 ____A C:\Windows\PFRO.log
2012-09-19 21:04 - 2012-09-19 21:04 - 00002208 ____A C:\{33D9039A-2387-4282-BEF0-98C2E142553B}
2012-09-19 20:13 - 2012-09-19 20:13 - 00000000 ____D C:\Users\andrew\AppData\Roaming\Windows Live Writer
2012-09-19 20:13 - 2012-09-19 20:13 - 00000000 ____D C:\Users\andrew\AppData\Local\Windows Live Writer
2012-09-19 20:13 - 2012-09-19 20:13 - 00000000 ____D C:\Users\andrew\AppData\Local\{DDEC9E07-FCEE-4EFA-99B6-56060B198DF6}
2012-09-19 20:09 - 2012-09-19 20:37 - 00000000 ____D C:\Users\andrew\AppData\Roaming\Wise Registry Cleaner
2012-09-19 20:09 - 2012-09-19 20:09 - 00000000 ____D C:\Program Files (x86)\Wise
2012-09-19 20:08 - 2012-09-19 20:08 - 02254920 ____A (WiseCleaner.com ) C:\Users\andrew\Downloads\WRCFree(2).exe
2012-09-19 19:58 - 2012-09-19 19:58 - 03927560 ____A (Piriform Ltd) C:\Users\andrew\Downloads\ccsetup322.exe
2012-09-19 15:51 - 2012-09-19 15:51 - 00000222 ____A C:\Users\andrew\Desktop\Torchlight II.url
2012-09-19 15:51 - 2012-09-19 15:51 - 00000221 ____A C:\Users\andrew\Desktop\Torchlight.url
2012-09-19 15:25 - 2012-09-19 15:25 - 00000000 ____D C:\Users\andrew\Desktop\Unemployment
2012-09-17 14:32 - 2012-09-17 14:33 - 00001790 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-17 14:32 - 2012-09-17 14:32 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-17 14:32 - 2012-09-17 14:32 - 00000000 ____D C:\Program Files\iTunes
2012-09-17 14:32 - 2012-09-17 14:32 - 00000000 ____D C:\Program Files\iPod
2012-09-17 14:32 - 2012-09-17 14:32 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-09-17 14:32 - 2012-08-21 12:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-09-16 19:16 - 2012-09-16 19:16 - 00000000 ____D C:\Program Files (x86)\GUM1BA6.tmp
2012-09-14 19:30 - 2012-09-18 13:04 - 00009908 ____A C:\Users\andrew\Desktop\Diablo 3 IP Tracker.xlsx
2012-09-14 14:59 - 2012-06-22 13:21 - 00706776 ____S (PC Tools) C:\Windows\System32\Drivers\TfSysMon.sys
2012-09-14 14:59 - 2012-06-22 13:21 - 00065664 ____S (PC Tools) C:\Windows\System32\Drivers\TfFsMon.sys
2012-09-14 14:59 - 2012-06-22 13:21 - 00041968 ____S (PC Tools) C:\Windows\System32\Drivers\TfNetMon.sys
2012-09-14 14:43 - 2012-06-22 14:35 - 00092928 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
2012-09-14 14:43 - 2012-06-22 14:33 - 00014808 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
2012-09-14 14:43 - 2012-06-22 14:29 - 00341200 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
2012-09-14 14:43 - 2012-06-22 14:29 - 00145464 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
2012-09-14 14:43 - 2012-06-22 10:39 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-09-14 14:43 - 2012-06-22 10:39 - 01689560 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-09-14 14:43 - 2012-06-22 10:39 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-09-14 14:43 - 2012-06-22 10:39 - 00085224 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys
2012-09-14 14:43 - 2012-06-22 10:38 - 00767960 ____A C:\Windows\BDTSupport.dll
2012-09-14 14:43 - 2012-06-22 09:43 - 00003488 ____A C:\Windows\UDB.zip
2012-09-14 14:43 - 2012-06-22 09:43 - 00000882 ____A C:\Windows\RegSDImport.xml
2012-09-14 14:43 - 2012-06-22 09:43 - 00000879 ____A C:\Windows\RegISSImport.xml
2012-09-14 14:43 - 2012-06-22 09:43 - 00000131 ____A C:\Windows\IDB.zip
2012-09-14 14:41 - 2012-09-21 08:55 - 01718103 ____A C:\Windows\System32\Drivers\Cat.DB
2012-09-14 14:41 - 2012-09-14 14:42 - 00000000 ____D C:\Program Files (x86)\PC Tools
2012-09-14 14:41 - 2012-06-22 14:35 - 00251560 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-09-14 14:41 - 2012-04-23 11:36 - 00426616 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
2012-09-14 14:41 - 2012-02-28 10:43 - 01096176 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA64.sys
2012-09-14 14:41 - 2012-02-28 10:43 - 00453896 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS64.sys
2012-09-14 14:40 - 2012-09-14 14:59 - 00000000 ____D C:\Users\All Users\PC Tools
2012-09-14 14:40 - 2012-09-14 14:40 - 04165584 ____A (PC Tools) C:\Users\andrew\Downloads\SD_Online_aff_GenericRevenueWire_207.exe
2012-09-14 14:40 - 2012-09-14 14:40 - 00000000 ____D C:\Users\andrew\AppData\Roaming\TestApp
2012-09-13 21:33 - 2012-09-13 21:33 - 00024407 ____A C:\AdwCleaner[S1].txt
2012-09-13 21:32 - 2012-09-13 21:32 - 00512399 ____A C:\Users\andrew\Downloads\adwcleaner.exe
2012-09-13 21:32 - 2012-09-13 21:32 - 00023259 ____A C:\AdwCleaner[R1].txt
2012-09-13 21:23 - 2012-09-13 21:23 - 00000246 ____A C:\Users\andrew\Downloads\defogger_enable.log
2012-09-13 21:22 - 2012-09-13 21:22 - 00000474 ____A C:\Users\andrew\Downloads\defogger_disable.log
2012-09-13 21:21 - 2012-09-13 21:21 - 00050477 ____A C:\Users\andrew\Downloads\Defogger.exe
2012-09-13 21:20 - 2012-09-13 21:20 - 00001659 ____A C:\Users\andrew\Desktop\bleepingcomputer.txt
2012-09-12 22:07 - 2012-09-12 22:07 - 00000047 ____A C:\Users\andrew\Desktop\IP.txt
2012-09-11 18:55 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-11 18:55 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-11 18:55 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-11 18:55 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-11 18:55 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-11 18:55 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-11 18:55 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-07 09:20 - 2012-09-07 09:20 - 00176130 ____A C:\Users\andrew\Desktop\Unemployment.xps
2012-09-06 15:05 - 2012-09-07 00:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-09-04 13:35 - 2012-09-04 13:35 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs
2012-09-01 12:34 - 2012-09-01 12:40 - 00200177 ____A C:\Users\andrew\Desktop\Fantasy Football.xlsx
2012-08-31 23:39 - 2012-08-31 23:39 - 00001972 ____A C:\Users\Public\Desktop\Amazon Unbox.lnk
2012-08-31 23:39 - 2012-08-31 23:39 - 00000000 ____D C:\Users\All Users\Amazon
2012-08-31 23:38 - 2012-08-31 23:38 - 04507952 ____A (Amazon.com ) C:\Users\andrew\Downloads\AmazonUnboxVideo.exe
2012-08-31 23:38 - 2012-08-31 23:38 - 00000000 ____D C:\Windows\Downloaded Installations
2012-08-31 23:13 - 2012-08-31 23:13 - 00001014 ____A C:\Users\Public\Desktop\SMPlayer.lnk
2012-08-31 23:13 - 2012-08-31 23:13 - 00000000 ____D C:\Program Files (x86)\SMPlayer
2012-08-31 02:54 - 2012-09-01 04:41 - 00000443 ____A C:\Users\andrew\Desktop\Daiblo 3 Gear list.txt
2012-08-26 18:23 - 2012-08-26 18:23 - 00008521 ____A C:\Users\andrew\Desktop\gold.xlsx


==================== 3 Months Modified Files ==================

2012-09-21 19:21 - 2012-08-11 18:02 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-819357944-3763746119-3816540375-1000UA.job
2012-09-21 19:21 - 2012-08-11 18:02 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-819357944-3763746119-3816540375-1000Core.job
2012-09-21 19:21 - 2011-04-13 11:34 - 01882536 ____A C:\Windows\WindowsUpdate.log
2012-09-21 19:20 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-21 19:17 - 2012-09-21 19:17 - 01454509 ____A (Farbar) C:\Users\andrew\Downloads\FRST64.exe
2012-09-21 18:49 - 2012-09-21 18:49 - 00002122 ____A C:\Users\andrew\Desktop\RKreport[1].txt
2012-09-21 18:49 - 2012-09-21 18:49 - 00002105 ____A C:\Users\andrew\Desktop\RKreport[2].txt
2012-09-21 18:48 - 2012-09-21 18:48 - 01388032 ____A C:\Users\andrew\Downloads\RogueKiller.exe
2012-09-21 18:26 - 2009-07-13 20:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-21 18:26 - 2009-07-13 20:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-21 18:18 - 2012-09-20 09:26 - 00000616 ____A C:\Windows\setupact.log
2012-09-21 18:18 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-21 18:05 - 2012-09-21 18:05 - 00000958 ____A C:\Users\Public\Desktop\jZip.lnk
2012-09-21 18:04 - 2012-09-21 18:04 - 07334464 ____A (Bandoo Media Inc.) C:\Users\andrew\Downloads\jZipV1.exe
2012-09-21 18:02 - 2012-09-21 18:01 - 02193278 ____A C:\Users\andrew\Downloads\tdsskiller.zip
2012-09-21 12:01 - 2012-09-21 12:01 - 00000974 ____A C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2012-09-21 12:01 - 2012-09-21 12:00 - 32179616 ____A (TeamSpeak Systems GmbH) C:\Users\andrew\Downloads\TeamSpeak3-Client-win64-3.0.8.1.exe
2012-09-21 11:29 - 2012-09-21 11:29 - 00016086 ____A C:\Users\andrew\Desktop\Attach.txt
2012-09-21 11:28 - 2012-09-21 11:28 - 00029153 ____A C:\Users\andrew\Desktop\DDS.txt
2012-09-21 11:24 - 2012-09-21 11:24 - 00607260 ____R (Swearware) C:\Users\andrew\Desktop\dds.com
2012-09-21 10:59 - 2012-09-21 10:59 - 00302592 ____A C:\Users\andrew\Desktop\ngrc845q.exe
2012-09-21 10:31 - 2012-09-19 21:13 - 00003438 ____A C:\Windows\PFRO.log
2012-09-21 10:25 - 2012-09-21 10:25 - 00000757 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-21 10:24 - 2012-09-21 10:24 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\andrew\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-21 09:41 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-21 09:39 - 2009-07-13 18:34 - 69206016 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-09-21 09:39 - 2009-07-13 18:34 - 22544384 ____A C:\Windows\System32\config\SYSTEM.bak
2012-09-21 09:39 - 2009-07-13 18:34 - 04980736 ____A C:\Windows\System32\config\DEFAULT.bak
2012-09-21 09:39 - 2009-07-13 18:34 - 00057344 ____A C:\Windows\System32\config\SAM.bak
2012-09-21 09:39 - 2009-07-13 18:34 - 00020480 ____A C:\Windows\System32\config\SECURITY.bak
2012-09-21 09:28 - 2012-09-21 09:27 - 04754290 ____A (Swearware) C:\Users\andrew\Downloads\ComboFix(1).exe
2012-09-21 09:23 - 2012-09-21 08:49 - 04754290 ____R (Swearware) C:\Users\andrew\Downloads\ComboFix.exe
2012-09-21 08:55 - 2012-09-14 14:41 - 01718103 ____A C:\Windows\System32\Drivers\Cat.DB
2012-09-21 00:51 - 2012-09-21 00:51 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\andrew\Downloads\SpyHunter-Installer.exe
2012-09-20 21:25 - 2012-09-20 21:25 - 00000085 ____A C:\Windows\wininit.ini
2012-09-20 09:50 - 2012-09-20 09:47 - 00018890 ____A C:\Windows\DirectX.log
2012-09-20 09:38 - 2012-09-20 09:38 - 16409960 ____A (Safer Networking Limited ) C:\Users\andrew\Downloads\spybotsd162.exe
2012-09-20 09:26 - 2012-09-20 09:26 - 00000000 ____A C:\Windows\setuperr.log
2012-09-19 21:04 - 2012-09-19 21:04 - 00002208 ____A C:\{33D9039A-2387-4282-BEF0-98C2E142553B}
2012-09-19 20:08 - 2012-09-19 20:08 - 02254920 ____A (WiseCleaner.com ) C:\Users\andrew\Downloads\WRCFree(2).exe
2012-09-19 19:58 - 2012-09-19 19:58 - 03927560 ____A (Piriform Ltd) C:\Users\andrew\Downloads\ccsetup322.exe
2012-09-19 15:51 - 2012-09-19 15:51 - 00000222 ____A C:\Users\andrew\Desktop\Torchlight II.url
2012-09-19 15:51 - 2012-09-19 15:51 - 00000221 ____A C:\Users\andrew\Desktop\Torchlight.url
2012-09-18 13:04 - 2012-09-14 19:30 - 00009908 ____A C:\Users\andrew\Desktop\Diablo 3 IP Tracker.xlsx
2012-09-17 18:25 - 2012-09-21 18:05 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\andrew\Desktop\TDSSKiller.exe
2012-09-17 14:33 - 2012-09-17 14:32 - 00001790 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-14 14:40 - 2012-09-14 14:40 - 04165584 ____A (PC Tools) C:\Users\andrew\Downloads\SD_Online_aff_GenericRevenueWire_207.exe
2012-09-13 21:33 - 2012-09-13 21:33 - 00024407 ____A C:\AdwCleaner[S1].txt
2012-09-13 21:32 - 2012-09-13 21:32 - 00512399 ____A C:\Users\andrew\Downloads\adwcleaner.exe
2012-09-13 21:32 - 2012-09-13 21:32 - 00023259 ____A C:\AdwCleaner[R1].txt
2012-09-13 21:23 - 2012-09-13 21:23 - 00000246 ____A C:\Users\andrew\Downloads\defogger_enable.log
2012-09-13 21:22 - 2012-09-13 21:22 - 00000474 ____A C:\Users\andrew\Downloads\defogger_disable.log
2012-09-13 21:21 - 2012-09-13 21:21 - 00050477 ____A C:\Users\andrew\Downloads\Defogger.exe
2012-09-13 21:20 - 2012-09-13 21:20 - 00001659 ____A C:\Users\andrew\Desktop\bleepingcomputer.txt
2012-09-12 22:07 - 2012-09-12 22:07 - 00000047 ____A C:\Users\andrew\Desktop\IP.txt
2012-09-11 22:37 - 2011-04-26 17:35 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-07 16:04 - 2012-09-21 10:25 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-07 09:20 - 2012-09-07 09:20 - 00176130 ____A C:\Users\andrew\Desktop\Unemployment.xps
2012-09-01 12:40 - 2012-09-01 12:34 - 00200177 ____A C:\Users\andrew\Desktop\Fantasy Football.xlsx
2012-09-01 04:41 - 2012-08-31 02:54 - 00000443 ____A C:\Users\andrew\Desktop\Daiblo 3 Gear list.txt
2012-08-31 23:39 - 2012-08-31 23:39 - 00001972 ____A C:\Users\Public\Desktop\Amazon Unbox.lnk
2012-08-31 23:38 - 2012-08-31 23:38 - 04507952 ____A (Amazon.com ) C:\Users\andrew\Downloads\AmazonUnboxVideo.exe
2012-08-31 23:13 - 2012-08-31 23:13 - 00001014 ____A C:\Users\Public\Desktop\SMPlayer.lnk
2012-08-29 14:37 - 2009-07-13 21:08 - 00032556 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-27 08:53 - 2012-03-30 13:52 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-27 08:53 - 2011-06-16 19:24 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-26 18:23 - 2012-08-26 18:23 - 00008521 ____A C:\Users\andrew\Desktop\gold.xlsx
2012-08-22 10:12 - 2012-09-11 18:55 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-11 18:55 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-11 18:55 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-11 18:55 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 12:01 - 2012-09-17 14:32 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 12:01 - 2011-11-17 09:41 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-08-21 12:01 - 2011-11-17 09:41 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-08-20 18:00 - 2012-08-20 18:00 - 00002001 ____A C:\Users\andrew\Desktop\Kindle.lnk
2012-08-20 17:59 - 2012-08-20 17:59 - 29441168 ____A (Amazon.com) C:\Users\andrew\Downloads\KindleForPC-installer.exe
2012-08-20 11:04 - 2012-08-20 11:04 - 03911840 ____A (Piriform Ltd) C:\Users\andrew\Downloads\ccsetup321pro.exe
2012-08-15 14:21 - 2012-08-15 14:21 - 00048128 ____A C:\Users\andrew\Desktop\daiblo3 item stats2.xls
2012-08-14 12:47 - 2009-07-13 20:45 - 00310184 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-12 14:12 - 2011-04-26 16:38 - 00067392 ____A C:\Users\andrew\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-11 17:58 - 2012-08-11 17:58 - 00739832 ____A (Google Inc.) C:\Users\andrew\Downloads\GoogleVoiceAndVideoSetup(1).exe
2012-08-11 16:48 - 2012-08-11 16:48 - 00739832 ____A (Google Inc.) C:\Users\andrew\Downloads\GoogleVoiceAndVideoSetup.exe
2012-08-11 10:44 - 2012-08-11 10:44 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-08-11 10:44 - 2012-08-11 10:44 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-08-11 10:44 - 2012-01-17 16:09 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-11 10:36 - 2012-08-11 10:36 - 18242592 ____A (White Sky, Inc.) C:\Users\andrew\Downloads\constantguard.exe
2012-08-09 20:31 - 2012-08-09 20:31 - 03216375 ____A (Blizzard Entertainment) C:\Users\andrew\Downloads\StarCraft_2_NA_en-US.exe
2012-08-07 20:59 - 2012-08-07 20:59 - 00338800 ____A (MurGee.com ) C:\Users\andrew\Downloads\setup(3).exe
2012-08-04 00:16 - 2012-08-04 00:16 - 00356320 ____A C:\Users\andrew\Downloads\WinZip165.exe
2012-08-03 21:10 - 2012-08-03 21:10 - 59049216 ____A (Logitech Inc.) C:\Users\andrew\Downloads\lgs830_x64(1).exe
2012-08-03 20:49 - 2012-08-03 20:49 - 59049216 ____A (Logitech Inc.) C:\Users\andrew\Downloads\lgs830_x64.exe
2012-08-03 20:00 - 2012-08-03 20:00 - 00402280 ____A () C:\Users\andrew\Downloads\setup(2).exe
2012-08-03 19:56 - 2012-08-03 19:56 - 00647680 ____A C:\Users\andrew\Downloads\Setup_wowuimgr_0_2_10.msi
2012-08-02 09:58 - 2012-09-11 18:55 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-11 18:55 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-18 23:03 - 2011-11-27 02:02 - 00000032 ____A C:\Users\andrew\jagex_cl_runescape_LIVE.dat
2012-07-18 10:15 - 2012-08-14 09:40 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 23:04 - 2012-07-11 23:04 - 02237184 ____A (WiseCleaner.com ) C:\Users\andrew\Downloads\WRCFree(1).exe
2012-07-11 23:02 - 2012-07-11 23:02 - 03889704 ____A (Piriform Ltd) C:\Users\andrew\Downloads\ccsetup320.exe
2012-07-07 09:35 - 2012-06-28 20:43 - 00000033 ____A C:\Users\andrew\Desktop\todolist.txt
2012-07-04 14:16 - 2012-08-14 09:40 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-14 09:40 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-14 09:40 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-14 09:40 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-14 09:40 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-04 12:26 - 2012-09-11 18:55 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-07-02 13:50 - 2011-05-12 17:17 - 00018045 ____A C:\Windows\System32\lvcoinst.log
2012-06-28 20:55 - 2012-08-14 10:57 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-14 10:57 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-14 10:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-14 10:57 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-14 10:57 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-14 10:57 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-14 10:57 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-14 10:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-14 10:57 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-14 10:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-14 10:57 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-14 10:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-14 10:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-14 10:57 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-14 10:57 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-14 10:57 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-14 10:57 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-14 10:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-14 10:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-14 10:57 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-14 10:57 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-14 10:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-14 10:57 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-14 10:57 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-14 10:57 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-14 10:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-14 10:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-14 10:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-27 20:40 - 2012-06-27 20:40 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2012-06-27 20:39 - 2012-06-27 20:39 - 07878008 ____A (Microsoft Corporation) C:\Users\andrew\Downloads\Xbox360_64Eng.exe


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-11 18:54:51
Restore point made on: 2012-09-11 22:35:37
Restore point made on: 2012-09-18 18:53:30
Restore point made on: 2012-09-20 09:47:23
Restore point made on: 2012-09-20 09:49:24
Restore point made on: 2012-09-21 00:52:36
Restore point made on: 2012-09-21 09:04:06

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8190.18 MB
Available physical RAM: 7365.51 MB
Total Pagefile: 8188.38 MB
Available Pagefile: 7353.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:431.27 GB) NTFS
2 Drive e: (Win7HP_SP1_64b) (CDROM) (Total:3.11 GB) (Free:0 GB) CDFS
3 Drive f: (ELLIS) (Removable) (Total:3.79 GB) (Free:1.38 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 3888 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Windows NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3887 MB 24 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F ELLIS FAT32 Removable 3887 MB Healthy

=========================================================

Last Boot: 2012-06-23 21:24

==================== End Of Log =============================

 

[andrew ellis]

Farbar Recovery Scan Tool (x64) Version: 20-09-2012
Ran by SYSTEM at 2012-09-21 20:33:48
Running from F:\

================== Search: "services.exe" ===================

C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows.old\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-09-21 09:44] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

 

[Broni]

That looks good.

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

===========================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If restarting doesn't help use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[andrew ellis]

Ok before I can continue with Combofix I need to get Norton under control. Since I started having issues I have not been able to access Norton Security Suite. The icon is no longer on the bar at the bottom showing that it is running, when I double click the icon to start Norton it just acts like it is loading but does not show up, Symantec Service Framework is running twice in my task manager, and lastly when I try to uninstall Norton it just hangs at initializing. I need to disable it to use Combofix unless I can continue without doing that but I have no way it seems to get it turned off.

 

[Broni]

Uninstall Norton for now using this tool: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html
You can reinstall when you're done with Combo.

 

[andrew ellis]

I always have issues with Nortons....need to stop going back to it. I will have combofix log up in a bit. Thanks

 

[andrew ellis]

ComboFix 12-09-21.01 - andrew 09/21/2012 21:23:30.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.6805 [GMT -7:00]
Running from: c:\users\andrew\Desktop\ComboFix.exe
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\andrew\AppData\Roaming\Dyyno\dgcsrv.xml
c:\users\andrew\AppData\Roaming\Dyyno\dyyno.xml
c:\users\andrew\AppData\Roaming\Ozgyu\atadz.rag
c:\windows\svchost.exe
c:\windows\SysWow64\FlashPlayerInstaller.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-08-22 to 2012-09-22 )))))))))))))))))))))))))))))))
.
.
2012-09-22 04:36 . 2012-09-22 04:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-22 04:36 . 2012-09-22 04:36 -------- d-----w- c:\users\Admin\AppData\Local\temp
2012-09-22 04:27 . 2012-09-22 04:27 -------- d-----w- C:\FRST
2012-09-22 04:21 . 2012-09-22 04:21 -------- d-----w- c:\users\andrew\AppData\Local\Threat Expert
2012-09-22 02:16 . 2012-09-22 02:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-22 02:05 . 2012-09-22 02:05 -------- d-----w- c:\users\andrew\AppData\Local\jZip
2012-09-22 02:04 . 2012-09-22 02:05 -------- d-----w- c:\program files (x86)\jZip
2012-09-21 20:03 . 2012-09-21 20:06 -------- d-----w- c:\users\andrew\AppData\Roaming\ts3overlay
2012-09-21 20:02 . 2012-09-21 20:27 -------- d-----w- c:\users\andrew\AppData\Roaming\TS3Client
2012-09-21 20:01 . 2012-09-21 20:01 -------- d-----w- c:\program files\TeamSpeak 3 Client
2012-09-21 18:25 . 2012-09-21 18:25 -------- d-----w- c:\users\andrew\AppData\Roaming\Malwarebytes
2012-09-21 18:25 . 2012-09-21 18:25 -------- d-----w- c:\programdata\Malwarebytes
2012-09-21 18:25 . 2012-09-08 00:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-21 08:53 . 2012-09-21 08:53 110080 ----a-r- c:\users\andrew\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconF7A21AF7.exe
2012-09-21 08:53 . 2012-09-21 08:53 110080 ----a-r- c:\users\andrew\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconD7F16134.exe
2012-09-21 08:53 . 2012-09-21 08:53 110080 ----a-r- c:\users\andrew\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\Icon1226A4C5.exe
2012-09-21 08:53 . 2012-09-21 08:54 -------- d-----w- C:\sh4ldr
2012-09-21 08:53 . 2012-09-21 08:53 -------- d-----w- c:\program files\Enigma Software Group
2012-09-21 08:52 . 2012-09-21 08:56 -------- d-----w- c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-20 17:39 . 2012-09-21 05:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-20 17:39 . 2012-09-20 17:41 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-09-20 04:13 . 2012-09-20 04:13 -------- d-----w- c:\users\andrew\AppData\Local\Windows Live Writer
2012-09-20 04:13 . 2012-09-20 04:13 -------- d-----w- c:\users\andrew\AppData\Roaming\Windows Live Writer
2012-09-20 04:09 . 2012-09-20 04:37 -------- d-----w- c:\users\andrew\AppData\Roaming\Wise Registry Cleaner
2012-09-20 04:09 . 2012-09-20 04:09 -------- d-----w- c:\program files (x86)\Wise
2012-09-17 22:32 . 2012-08-21 20:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-17 22:32 . 2012-09-17 22:32 -------- d-----w- c:\program files\iPod
2012-09-17 22:32 . 2012-09-17 22:32 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-17 22:32 . 2012-09-17 22:32 -------- d-----w- c:\program files\iTunes
2012-09-17 22:32 . 2012-09-17 22:32 -------- d-----w- c:\program files (x86)\iTunes
2012-09-17 03:16 . 2012-09-17 03:16 -------- d-----w- c:\program files (x86)\GUM1BA6.tmp
2012-09-14 22:59 . 2012-06-22 21:21 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-09-14 22:59 . 2012-06-22 21:21 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-09-14 22:59 . 2012-06-22 21:21 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-09-14 22:43 . 2012-06-22 18:39 85224 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-09-14 22:43 . 2012-06-22 18:38 767960 ----a-w- c:\windows\BDTSupport.dll
2012-09-14 22:43 . 2012-06-22 18:39 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-09-14 22:43 . 2012-06-22 18:39 2267096 ----a-w- c:\windows\PCTBDCore.dll
2012-09-14 22:43 . 2012-06-22 18:39 1689560 ----a-w- c:\windows\PCTBDRes.dll
2012-09-14 22:43 . 2012-06-22 22:29 145464 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-09-14 22:43 . 2012-06-22 22:29 341200 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-09-14 22:43 . 2012-06-22 22:33 14808 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-09-14 22:43 . 2012-06-22 22:35 92928 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-09-14 22:41 . 2012-02-28 18:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-09-14 22:41 . 2012-02-28 18:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-09-14 22:41 . 2012-04-23 19:36 426616 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-09-14 22:41 . 2012-09-20 05:14 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-09-14 22:41 . 2012-09-14 22:42 -------- d-----w- c:\program files (x86)\PC Tools
2012-09-14 22:41 . 2012-06-22 22:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-09-14 22:40 . 2012-09-14 22:59 -------- d-----w- c:\programdata\PC Tools
2012-09-14 22:40 . 2012-09-14 22:40 -------- d-----w- c:\users\andrew\AppData\Roaming\TestApp
2012-09-12 02:55 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 02:55 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 02:55 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 02:55 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 02:55 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 02:55 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 02:55 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 02:55 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B548B39-A207-495F-ABCA-F25B76D4896F}\mpengine.dll
2012-09-04 21:35 . 2012-09-04 21:35 -------- d-----w- c:\program files (x86)\SplitMediaLabs
2012-09-01 07:39 . 2012-09-01 07:39 -------- d-----w- c:\programdata\Amazon
2012-09-01 07:38 . 2012-09-01 07:38 -------- d-----w- c:\windows\Downloaded Installations
2012-09-01 07:13 . 2012-09-01 07:13 -------- d-----w- c:\program files (x86)\SMPlayer
2012-08-23 19:23 . 2012-09-22 04:18 -------- d-----w- c:\windows\system32\drivers\N360x64\0603000.00E
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 06:37 . 2011-04-27 01:35 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-27 16:53 . 2012-03-30 21:52 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-27 16:53 . 2011-06-17 03:24 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-21 20:01 . 2011-11-17 17:41 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 20:01 . 2011-11-17 17:41 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-18 18:15 . 2012-08-14 17:40 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-14 17:40 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-14 17:40 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-14 17:40 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-14 17:40 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-14 18:57 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-14 18:57 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-14 18:57 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-14 18:57 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-14 18:57 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-14 18:57 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-14 18:57 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-14 18:57 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-14 18:57 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-14 18:57 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-14 18:57 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-14 18:57 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-14 18:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-14 18:57 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-14 18:57 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-14 18:57 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-14 18:57 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-14 18:57 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-14 18:57 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-22 11:06 . 2011-10-22 11:06 68272 ----a-w- c:\program files (x86)\fraps64.dat
2011-10-22 11:06 . 2011-10-22 11:06 231600 ----a-w- c:\program files (x86)\fraps32.dll
2011-10-22 11:06 . 2011-10-22 11:06 185520 ----a-w- c:\program files (x86)\fraps64.dll
2011-10-22 11:06 . 2011-10-22 11:06 2533040 ----a-w- c:\program files (x86)\fraps.exe
2011-10-22 11:04 . 2011-10-22 11:04 140288 ----a-w- c:\program files (x86)\frapslcd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-04 3077528]
"Dyyno Launcher"="c:\program files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" [2012-04-12 2154112]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-06-21 247768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-5-9 1014112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Amazon Unbox.lnk - c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2011-11-23 97384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-08-19 272864]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136]
R3 cpuz134;cpuz134;c:\users\andrew\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-03 13088]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-07-17 16008]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2008-07-26 15768]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2008-07-26 790424]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-06-22 92928]
R3 rzjoystk;Razer VJoystick;c:\windows\system32\DRIVERS\rzjoystk.sys [2011-03-24 19968]
R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-07-15 157184]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-06-22 402368]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-06-22 41968]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-30 1255736]
R3 X6va005;X6va005;c:\users\andrew\AppData\Local\Temp\0052E51.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-20 25312]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-06-22 65664]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-06-22 706776]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-06-22 341200]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-06-22 251560]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-14 136616]
S2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2011-12-23 490496]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-22 575448]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2012-04-12 417408]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-06-21 92632]
S3 ALSysIO;ALSysIO;c:\users\andrew\AppData\Local\Temp\ALSysIO64.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;c:\windows\system32\DRIVERS\Edge7x64.sys [2011-11-08 31336]
S3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\DRIVERS\Xeno7x64.sys [2011-11-08 157288]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-22 85224]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-819357944-3763746119-3816540375-1000Core.job
- c:\users\andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-12 02:02]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-819357944-3763746119-3816540375-1000UA.job
- c:\users\andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-12 02:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-05-21 6868280]
"DLCCCATS"="c:\windows\system32\spool\DRIVERS\x64\3\DLCCtime.dll" [2006-02-24 28672]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\BfLLR.dll
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\piwh3j3b.default\
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-58822287.sys
HKLM-Run-combofix - c:\combofix\CF5567.3XE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\andrew\AppData\Local\Temp\0052E51.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{472734EA-242A-422B-ADF8-83D1E48CC825}"=hex:51,66,7a,6c,4c,1d,38,12,84,37,34,
43,18,6a,45,07,d2,ee,c0,91,e1,d2,8c,31
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}"=hex:51,66,7a,6c,4c,1d,38,12,75,3e,1c,
2e,3b,47,9a,0a,cd,64,23,dc,cb,3e,10,f3
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}"=hex:51,66,7a,6c,4c,1d,38,12,c0,08,7b,
68,6e,2b,53,0b,f0,d2,a5,e5,25,9d,9d,3c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:97,c6,89,29,60,97,cd,01
.
[HKEY_USERS\S-1-5-21-819357944-3763746119-3816540375-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-819357944-3763746119-3816540375-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-21 21:56:44
ComboFix-quarantined-files.txt 2012-09-22 04:56
.
Pre-Run: 464,317,517,824 bytes free
Post-Run: 463,895,511,040 bytes free
.
- - End Of File - - 827BABFE051A3B57A5B4B2D2D887BBBC

 

[andrew ellis]

Just an update on computer status....I am still getting redirected when doing a search in google. But you may already know that.

 

[Broni]

Looks good.

Which browser is affected?
What about other browser(s)?

===================================

Uninstall Wise Registry Cleaner.
Registry cleaners/optimizers are not recommended for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
  
  The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  
• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  
• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  
• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  
• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

• Ed Bott's Webog: Why I don't use registry cleaners
• Do I need a Registry Cleaner?

====================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Broni]

BTW....if you don't want to go back to Norton...
Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

 

[andrew ellis]

So the rerouting seems to only happen in Firefox and not IE. I used to have Chrome but had issues with it. So for example I did a search in Firefox for Shoreline Community College and the link for the school actually took me to the Phoenix online school. The same search in IE takes me to SCC page where I wanted to go.

Running OTL now and will post logs in a min.

 

[andrew ellis]

Just did another search and this address was the middle man it seems to the rerouting....

http://searcherdesktop.com/?id=9oxd...LtlRYSFviA_PljCJAk0rgZ4CT8xOPTUOOq2A5zY5Fz_0,

Sometimes it is also gethotresults.com.....or some other things.

 

[andrew ellis]

OTL.Txt

OTL logfile created on: 9/22/2012 9:20:19 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\andrew\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.96 Gb Available Physical Memory | 74.50% Memory free
15.99 Gb Paging File | 13.81 Gb Available in Paging File | 86.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 431.28 Gb Free Space | 46.30% Space Free | Partition Type: NTFS
Drive F: | 3.79 Gb Total Space | 1.38 Gb Free Space | 36.47% Space Free | Partition Type: FAT32

Computer Name: ANDREW-PC | User Name: andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/22 09:16:47 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\andrew\Desktop\OTL.exe
PRC - [2012/09/06 16:05:09 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/27 21:32:54 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/08/27 09:53:56 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2012/08/24 13:23:02 | 000,079,384 | ---- | M] (Google) -- C:\Users\andrew\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/08/21 02:12:30 | 006,516,280 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\Setup\avast01.setup
PRC - [2012/08/21 02:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 02:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/22 11:38:46 | 000,575,448 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/06/21 05:01:58 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/06/21 05:01:56 | 000,247,768 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012/05/09 09:47:54 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/04/12 16:44:26 | 002,154,112 | ---- | M] () -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe
PRC - [2012/04/12 16:44:16 | 000,417,408 | ---- | M] () -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011/12/22 02:29:50 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011/12/22 02:29:42 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/11/23 21:21:24 | 000,097,384 | R--- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
PRC - [2011/11/23 21:21:24 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2011/10/14 00:52:36 | 000,136,616 | ---- | M] () -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
PRC - [2011/09/03 18:18:30 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011/02/15 04:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2010/11/20 20:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/06 16:05:09 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/08/27 09:53:56 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012/06/12 13:46:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/12 13:46:36 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/10 09:39:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 09:39:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 09:39:35 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/04/12 16:44:26 | 002,154,112 | ---- | M] () -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe
MOD - [2012/03/16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012/03/16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/03 18:18:30 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2011/02/15 04:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2011/02/15 04:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2011/02/15 04:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2011/02/15 04:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2011/02/15 04:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2011/02/15 04:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2010/07/26 21:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/08/21 15:33:16 | 001,019,328 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2012/08/21 02:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/04/05 19:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/12/22 18:27:46 | 000,490,496 | ---- | M] () [Auto | Running] -- C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe -- (Bigfoot Networks Killer Service)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/01/30 02:34:38 | 000,566,768 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlcccoms.exe -- (dlcc_device)
SRV - [2012/09/06 16:05:09 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/12 12:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/06/22 15:34:12 | 001,118,680 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/06/22 14:21:50 | 000,402,368 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/06/22 14:21:46 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2012/06/22 11:38:46 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/06/21 05:01:58 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/12 16:44:16 | 000,417,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe -- (Dyyno Launcher)
SRV - [2011/12/22 02:29:50 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/12/22 02:29:42 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/11/23 21:21:24 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2011/11/15 18:47:45 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/14 00:52:36 | 000,136,616 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010/08/19 15:25:00 | 000,272,864 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/01/30 02:34:30 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\dlcccoms.exe -- (dlcc_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/21 02:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/08/21 02:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/08/21 02:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/08/21 02:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 02:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/21 02:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/06/22 15:35:22 | 000,092,928 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2012/06/22 15:35:00 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2012/06/22 15:29:48 | 000,341,200 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2012/06/22 14:21:48 | 000,706,776 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TFSysMon)
DRV:64bit: - [2012/06/22 14:21:48 | 000,065,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2012/06/22 14:21:48 | 000,041,968 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2012/06/22 11:39:20 | 000,085,224 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2012/04/23 12:36:50 | 000,426,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2012/04/05 22:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 18:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 11:43:18 | 001,096,176 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2012/02/28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2012/02/23 05:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/11/08 05:37:42 | 000,157,288 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Xeno7x64.sys -- (BFN7x64)
DRV:64bit: - [2011/11/08 05:37:42 | 000,031,336 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Edge7x64.sys -- (BfEdge7x64)
DRV:64bit: - [2011/09/21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/07/17 16:19:40 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011/07/14 17:18:52 | 000,157,184 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/24 14:35:36 | 000,019,968 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzjoystk.sys -- (rzjoystk)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/02 18:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/07/26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 15:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008/07/26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2008/07/26 15:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2007/01/19 18:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010/05/26 17:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ad...tByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=208664281
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.p...tByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=208664281
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.p...tByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=208664281
IE - HKLM\..\SearchScopes\{32F2DCA3-3B60-4A0D-BD6F-832A379F04F5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-819357944-3763746119-3816540375-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.com/
IE - HKU\S-1-5-21-819357944-3763746119-3816540375-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-819357944-3763746119-3816540375-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-819357944-3763746119-3816540375-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 E8 F7 21 BE 9C CC 01 [binary data]
IE - HKU\S-1-5-21-819357944-3763746119-3816540375-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-819357944-3763746119-3816540375-1000\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-819357944-3763746119-3816540375-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-819357944-3763746119-3816540375-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.p...tByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=208664281
IE - HKU\S-1-5-21-819357944-3763746119-3816540375-1000\..\SearchScopes\{69F0DE43-ACDE-0031-36C1-19D81051F864}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=a0079d0f-08c4-11e1-b93d-bcaec538f50d&q={searchTerms}
IE - HKU\S-1-5-21-819357944-3763746119-3816540375-1000\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q...dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1606
IE - HKU\S-1-5-21-819357944-3763746119-3816540375-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-819357944-3763746119-3816540375-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://start.funmoods.com/?f=1&a=ad...tByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=208664281"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.defaultenginename: "Search"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\andrew\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\andrew\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\andrew\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\andrew\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012/09/14 15:43:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/22 09:17:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/06 16:05:09 | 000,000,000 | ---D | M]

 

[andrew ellis]

[2011/09/03 18:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andrew\AppData\Roaming\Mozilla\Extensions
[2011/09/03 18:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andrew\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/09/07 01:09:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\lmvcb3bl.default\extensions
[2012/09/01 00:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\lmvcb3bl.default\extensions\staged
[2012/09/12 08:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\piwh3j3b.default\extensions
[2012/09/01 00:12:24 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\piwh3j3b.default\extensions\plugin@vfd.com
[2012/09/01 00:12:36 | 000,000,783 | ---- | M] () -- C:\Users\andrew\AppData\Roaming\Mozilla\Firefox\Profiles\lmvcb3bl.default\searchplugins\Search.xml
[2012/09/06 16:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/06 16:05:09 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/30 10:54:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/30 10:54:19 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/21 10:41:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-819357944-3763746119-3816540375-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [DLCCCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\DLCCtime.DLL ()
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-819357944-3763746119-3816540375-1000..\Run: [Dyyno Launcher] C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe ()
O4 - HKU\S-1-5-21-819357944-3763746119-3816540375-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-819357944-3763746119-3816540375-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-819357944-3763746119-3816540375-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-819357944-3763746119-3816540375-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-819357944-3763746119-3816540375-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-819357944-3763746119-3816540375-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-819357944-3763746119-3816540375-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-819357944-3763746119-3816540375-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000022 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F2DAEC8-978E-44C1-9489-A0F6F82A5F94}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/11 13:35:34 | 000,000,109 | ---- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/22 09:17:30 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/09/22 09:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/09/22 09:17:29 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/09/22 09:17:25 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/09/22 09:17:24 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/09/22 09:17:21 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/09/22 09:17:18 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/09/22 09:17:17 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/09/22 09:17:05 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/09/22 09:17:03 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/09/22 09:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/09/22 09:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/22 09:16:45 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\andrew\Desktop\OTL.exe
[2012/09/22 09:08:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/21 21:27:12 | 000,000,000 | ---D | C] -- C:\FRST
[2012/09/21 21:22:32 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/21 21:21:57 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\Threat Expert
[2012/09/21 20:59:37 | 004,754,243 | R--- | C] (Swearware) -- C:\Users\andrew\Desktop\ComboFix.exe
[2012/09/21 19:48:40 | 000,000,000 | ---D | C] -- C:\Users\andrew\Desktop\RK_Quarantine
[2012/09/21 19:16:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/21 19:05:31 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\jZip
[2012/09/21 19:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
[2012/09/21 19:04:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip
[2012/09/21 13:03:10 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\ts3overlay
[2012/09/21 13:02:08 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\TS3Client
[2012/09/21 13:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012/09/21 13:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2012/09/21 12:24:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\andrew\Desktop\dds.com
[2012/09/21 11:25:36 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\Malwarebytes
[2012/09/21 11:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/21 11:25:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/21 11:25:28 | 000,000,000 | ---D | C] -- C:\Users\andrew\Desktop\Malwarebytes' Anti-Malware
[2012/09/21 11:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/21 10:38:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/21 10:28:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/21 10:28:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/21 10:28:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/21 09:50:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/21 09:50:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/21 01:53:39 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012/09/21 01:53:38 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/09/21 01:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/09/20 10:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/09/20 10:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/09/20 10:39:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/09/19 21:13:44 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\{DDEC9E07-FCEE-4EFA-99B6-56060B198DF6}
[2012/09/19 21:13:30 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\Windows Live Writer
[2012/09/19 21:13:30 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\Windows Live Writer
[2012/09/19 21:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise
[2012/09/19 16:25:46 | 000,000,000 | ---D | C] -- C:\Users\andrew\Desktop\Unemployment
[2012/09/17 15:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/17 15:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/17 15:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/17 15:32:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/09/17 15:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/09/14 15:59:34 | 000,706,776 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys
[2012/09/14 15:59:34 | 000,065,664 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys
[2012/09/14 15:59:34 | 000,041,968 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys
[2012/09/14 15:43:54 | 000,085,224 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2012/09/14 15:43:53 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/09/14 15:43:53 | 001,689,560 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/09/14 15:43:53 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/09/14 15:43:08 | 000,341,200 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012/09/14 15:43:08 | 000,145,464 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012/09/14 15:43:04 | 000,014,808 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012/09/14 15:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/09/14 15:43:02 | 000,092,928 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012/09/14 15:41:07 | 001,096,176 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/09/14 15:41:07 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/09/14 15:41:05 | 000,426,616 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012/09/14 15:41:03 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/09/14 15:41:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/09/14 15:41:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/09/14 15:40:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/09/14 15:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/09/14 15:40:50 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\TestApp
[2012/09/06 16:05:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/04 14:35:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2012/09/04 14:35:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs
[2012/09/01 00:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Amazon
[2012/09/01 00:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012/09/01 00:38:27 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012/09/01 00:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMPlayer
[2012/09/01 00:13:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SMPlayer
[2011/10/22 04:06:32 | 000,231,600 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps32.dll
[2011/10/22 04:06:32 | 000,185,520 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps64.dll
[2011/10/22 04:06:32 | 000,068,272 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps64.dat
[2011/10/22 04:06:30 | 002,533,040 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps.exe
[2011/10/22 04:04:34 | 000,140,288 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\frapslcd.dll
[3 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/22 09:21:04 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-819357944-3763746119-3816540375-1000UA.job
[2012/09/22 09:20:01 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/22 09:20:01 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/22 09:17:30 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/22 09:17:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/09/22 09:16:47 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\andrew\Desktop\OTL.exe
[2012/09/22 09:12:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/22 09:12:04 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/22 09:10:32 | 001,725,467 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/09/21 20:59:43 | 004,754,243 | R--- | M] (Swearware) -- C:\Users\andrew\Desktop\ComboFix.exe
[2012/09/21 20:21:19 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-819357944-3763746119-3816540375-1000Core.job
[2012/09/21 20:20:58 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/21 20:20:58 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/21 20:20:58 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/21 19:05:04 | 000,000,958 | ---- | M] () -- C:\Users\Public\Desktop\jZip.lnk
[2012/09/21 13:01:56 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012/09/21 12:24:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\andrew\Desktop\dds.com
[2012/09/21 10:41:15 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/20 22:25:29 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2012/09/19 22:04:29 | 000,002,208 | ---- | M] () -- C:\{33D9039A-2387-4282-BEF0-98C2E142553B}
[2012/09/19 16:51:27 | 000,000,221 | ---- | M] () -- C:\Users\andrew\Desktop\Torchlight.url
[2012/09/19 16:51:15 | 000,000,222 | ---- | M] () -- C:\Users\andrew\Desktop\Torchlight II.url
[2012/09/18 09:01:04 | 001,519,212 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\Cat.DB
[2012/09/17 15:33:00 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/07 10:20:24 | 000,176,130 | ---- | M] () -- C:\Users\andrew\Desktop\Unemployment.xps
[2012/09/01 00:39:01 | 000,002,026 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
[2012/09/01 00:39:01 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Unbox.lnk
[2012/09/01 00:13:03 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\SMPlayer.lnk
[2012/08/24 09:57:07 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\VT20120731.038
[3 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/22 09:17:30 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/22 09:17:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/09/21 19:05:04 | 000,000,958 | ---- | C] () -- C:\Users\Public\Desktop\jZip.lnk
[2012/09/21 13:01:55 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012/09/21 10:28:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/21 10:28:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/21 10:28:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/21 10:28:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/21 10:28:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/20 22:25:29 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2012/09/19 22:04:28 | 000,002,208 | ---- | C] () -- C:\{33D9039A-2387-4282-BEF0-98C2E142553B}
[2012/09/19 16:51:27 | 000,000,221 | ---- | C] () -- C:\Users\andrew\Desktop\Torchlight.url
[2012/09/19 16:51:15 | 000,000,222 | ---- | C] () -- C:\Users\andrew\Desktop\Torchlight II.url
[2012/09/17 15:32:59 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/14 15:43:54 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/09/14 15:43:54 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/09/14 15:43:53 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012/09/14 15:43:53 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/09/14 15:43:53 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/09/14 15:41:10 | 001,725,467 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/09/07 10:20:20 | 000,176,130 | ---- | C] () -- C:\Users\andrew\Desktop\Unemployment.xps
[2012/09/01 00:39:01 | 000,002,026 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
[2012/09/01 00:39:01 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Unbox.lnk
[2012/09/01 00:13:02 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\SMPlayer.lnk
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/14 19:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 19:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/18 11:59:51 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/01/17 17:09:38 | 000,743,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/28 12:53:03 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/11/27 03:02:15 | 000,000,032 | ---- | C] () -- C:\Users\andrew\jagex_cl_runescape_LIVE.dat
[2011/11/17 10:58:02 | 000,126,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/10/22 03:48:54 | 000,001,905 | ---- | C] () -- C:\Program Files (x86)\README.HTM
[2011/09/30 18:59:44 | 000,000,129 | ---- | C] () -- C:\Users\andrew\jagex_runescape_preferences2.dat
[2011/09/30 18:57:53 | 000,000,035 | ---- | C] () -- C:\Users\andrew\jagex_runescape_preferences.dat
[2011/09/19 08:15:58 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/09/16 12:54:55 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/16 12:54:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/12 17:58:18 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\dlccserv.dll
[2011/05/12 17:58:18 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\dlccusb1.dll
[2011/05/12 17:58:18 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dlccpmui.dll
[2011/05/12 17:58:18 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcclmpm.dll
[2011/05/12 17:58:18 | 000,434,176 | ---- | C] () -- C:\Windows\SysWow64\dlccutil.dll
[2011/05/12 17:58:18 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dlccinpa.dll
[2011/05/12 17:58:18 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcciesc.dll
[2011/05/12 17:58:18 | 000,386,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dlccih.exe
[2011/05/12 17:58:18 | 000,323,584 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcchcp.dll
[2011/05/12 17:58:18 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\dlccinst.dll
[2011/05/12 17:58:18 | 000,181,744 | ---- | C] ( ) -- C:\Windows\SysWow64\dlccppls.exe
[2011/05/12 17:58:18 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlccinsb.dll
[2011/05/12 17:58:18 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\dlccprox.dll
[2011/05/12 17:58:18 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\dlccins.dll
[2011/05/12 17:58:18 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\dlccjswr.dll
[2011/05/12 17:58:18 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dlccinsr.dll
[2011/05/12 17:58:18 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\dlccpplc.dll
[2011/05/12 17:58:18 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dlcccub.dll
[2011/05/12 17:58:18 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\dlcccu.dll
[2011/05/12 17:58:18 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dlcccur.dll
[2011/05/12 17:58:17 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcchbn3.dll
[2011/05/12 17:58:17 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcccomc.dll
[2011/05/12 17:58:17 | 000,538,096 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcccoms.exe
[2011/05/12 17:58:17 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcccomm.dll
[2011/05/12 17:58:17 | 000,382,448 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcccfg.exe
[2011/05/12 17:58:17 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\dlcccfg.dll
[2011/04/26 18:37:43 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/04/13 19:44:02 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/04/13 17:11:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2012/05/14 11:25:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LolClient
[2011/04/28 18:15:21 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Acreon
[2011/12/18 18:09:01 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Advanced Combat Tracker
[2011/09/24 16:31:30 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Electronic Arts
[2012/08/20 11:58:18 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\ID Vault
[2012/08/03 21:51:29 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Leadertech
[2011/11/06 22:08:58 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\LolClient
[2012/06/01 12:50:04 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\LolClient2
[2012/09/08 17:43:07 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Mumble
[2012/03/01 23:11:24 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Need for Speed World
[2011/11/07 22:46:40 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Origin
[2012/05/09 19:05:18 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\RIFT
[2011/08/10 21:18:14 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\runic games
[2012/06/11 14:57:25 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\SplitMediaLabs
[2011/11/06 12:55:08 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\StreamTorrent
[2012/08/11 02:44:15 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Tahic
[2012/03/30 09:30:38 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\TeraCopy
[2012/09/14 15:40:50 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\TestApp
[2011/09/03 18:13:47 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\TomTom
[2012/09/21 13:27:18 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\TS3Client
[2012/09/21 13:06:50 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\ts3overlay
[2012/08/11 11:25:43 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Waopku
[2012/09/19 21:13:30 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Windows Live Writer
[2012/08/29 15:37:23 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >