Solved Infected svchost.exe

[Broni]

Will CTRL+ALT+DEL bring Task Manager?

 

[Ryan O'Brien]

Nope, no response

 

[Broni]

Restart in safe mode.
Combofix created restore point at around 15:12 (3:12PM) today.
Use it.

When the process is complete start in normal mode and let me know how things are.

 

[Ryan O'Brien]

Is it suppose to be in the system restore thingy?

 

[Broni]

Yes.

 

[Ryan O'Brien]

I only have one from 7/19, which is 2 days ago? Sorry if I'm taking too long, I'm kinda noob with this.

 

[Broni]

Go ahead and use it.
We'll have to re-run some scans though.

 

[Ryan O'Brien]

Running it right now.

 

[Ryan O'Brien]

ok the black screen is fixed, now what scans do we need to run again?

 

[Broni]

Cool

Update and re-run MBAM first.

 

[Ryan O'Brien]

Ran this in normal mode btw

MBAM log:


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.21.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nub :: RYAN-PC [administrator]

Protection: Enabled

7/21/2012 6:47:06 PM
mbam-log-2012-07-21 (18-57-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235308
Time elapsed: 10 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[Ryan O'Brien]

Part 1

19:07:14.0254 4092 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
19:07:14.0814 4092 ============================================================
19:07:14.0814 4092 Current date / time: 2012/07/21 19:07:14.0814
19:07:14.0814 4092 SystemInfo:
19:07:14.0814 4092
19:07:14.0814 4092 OS Version: 6.1.7601 ServicePack: 1.0
19:07:14.0814 4092 Product type: Workstation
19:07:14.0814 4092 ComputerName: RYAN-PC
19:07:14.0814 4092 UserName: Nub
19:07:14.0814 4092 Windows directory: C:\Windows
19:07:14.0814 4092 System windows directory: C:\Windows
19:07:14.0814 4092 Running under WOW64
19:07:14.0814 4092 Processor architecture: Intel x64
19:07:14.0814 4092 Number of processors: 4
19:07:14.0814 4092 Page size: 0x1000
19:07:14.0814 4092 Boot type: Normal boot
19:07:14.0814 4092 ============================================================
19:07:15.0841 4092 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:07:15.0854 4092 ============================================================
19:07:15.0854 4092 \Device\Harddisk0\DR0:
19:07:15.0854 4092 MBR partitions:
19:07:15.0854 4092 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C5E800, BlocksNum 0x2E935000
19:07:15.0854 4092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30593800, BlocksNum 0x44172800
19:07:15.0854 4092 ============================================================
19:07:15.0872 4092 C: <-> \Device\Harddisk0\DR0\Partition0
19:07:15.0908 4092 D: <-> \Device\Harddisk0\DR0\Partition1
19:07:15.0908 4092 ============================================================
19:07:15.0908 4092 Initialize success
19:07:15.0908 4092 ============================================================
19:07:22.0459 4980 ============================================================
19:07:22.0459 4980 Scan started
19:07:22.0459 4980 Mode: Manual;
19:07:22.0459 4980 ============================================================
19:07:24.0688 4980 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:07:24.0701 4980 1394ohci - ok
19:07:24.0742 4980 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:07:24.0761 4980 ACPI - ok
19:07:24.0802 4980 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:07:24.0809 4980 AcpiPmi - ok
19:07:24.0913 4980 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:07:24.0929 4980 AdobeFlashPlayerUpdateSvc - ok
19:07:24.0991 4980 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:07:25.0010 4980 adp94xx - ok
19:07:25.0051 4980 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:07:25.0073 4980 adpahci - ok
19:07:25.0091 4980 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:07:25.0105 4980 adpu320 - ok
19:07:25.0138 4980 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:07:25.0146 4980 AeLookupSvc - ok
19:07:25.0212 4980 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:07:25.0233 4980 AFD - ok
19:07:25.0261 4980 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:07:25.0272 4980 agp440 - ok
19:07:25.0286 4980 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:07:25.0299 4980 ALG - ok
19:07:25.0307 4980 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:07:25.0315 4980 aliide - ok
19:07:25.0353 4980 AMD External Events Utility (9c616ba191b80f5cd1a1b9553e107100) C:\Windows\system32\atiesrxx.exe
19:07:25.0365 4980 AMD External Events Utility - ok
19:07:25.0435 4980 AMD FUEL Service - ok
19:07:25.0472 4980 amdhub30 (30bfeee0dffd5bd79d29157cf080deed) C:\Windows\system32\drivers\amdhub30.sys
19:07:25.0482 4980 amdhub30 - ok
19:07:25.0494 4980 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:07:25.0503 4980 amdide - ok
19:07:25.0513 4980 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
19:07:25.0522 4980 amdiox64 - ok
19:07:25.0555 4980 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:07:25.0565 4980 AmdK8 - ok
19:07:25.0943 4980 amdkmdag (5165e83751b8ff40e5e4925996fcc506) C:\Windows\system32\DRIVERS\atikmdag.sys
19:07:26.0218 4980 amdkmdag - ok
19:07:26.0346 4980 amdkmdap (86ab3cf484260c4318f3a6e8b035f422) C:\Windows\system32\DRIVERS\atikmpag.sys
19:07:26.0366 4980 amdkmdap - ok
19:07:26.0406 4980 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:07:26.0414 4980 AmdPPM - ok
19:07:26.0443 4980 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:07:26.0453 4980 amdsata - ok
19:07:26.0489 4980 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:07:26.0500 4980 amdsbs - ok
19:07:26.0509 4980 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:07:26.0517 4980 amdxata - ok
19:07:26.0555 4980 amdxhc (321533578132c811ec834a1b741c994c) C:\Windows\system32\drivers\amdxhc.sys
19:07:26.0567 4980 amdxhc - ok
19:07:26.0665 4980 AMD_RAIDXpert (0d0c13dd91f0c49814f314b78e21c6b9) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
19:07:26.0679 4980 AMD_RAIDXpert - ok
19:07:26.0818 4980 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
19:07:26.0829 4980 Amsp - ok
19:07:26.0896 4980 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:07:26.0904 4980 AODDriver4.1 - ok
19:07:26.0937 4980 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:07:26.0948 4980 AppID - ok
19:07:26.0970 4980 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:07:26.0977 4980 AppIDSvc - ok
19:07:27.0007 4980 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:07:27.0014 4980 Appinfo - ok
19:07:27.0045 4980 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:07:27.0055 4980 arc - ok
19:07:27.0061 4980 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:07:27.0072 4980 arcsas - ok
19:07:27.0158 4980 asComSvc (6e3f4538b33bc19259e99be1826286a3) C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
19:07:27.0213 4980 asComSvc - ok
19:07:27.0304 4980 asHmComSvc (a63173897ea1a73a75d0e65036de5b15) C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
19:07:27.0326 4980 asHmComSvc - ok
19:07:27.0401 4980 ASInsHelp (edaa17ce771c696655b6585f7cad2100) C:\Windows\SysWow64\drivers\AsInsHelp64.sys
19:07:27.0409 4980 ASInsHelp - ok
19:07:27.0421 4980 AsIO (fef9dd9ea587f8886ade43c1befbdafe) C:\Windows\syswow64\drivers\AsIO.sys
19:07:27.0429 4980 AsIO - ok
19:07:27.0541 4980 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:07:27.0558 4980 aspnet_state - ok
19:07:27.0628 4980 AsSysCtrlService (5c31dfb196cb3a488a041881634d86d2) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
19:07:27.0641 4980 AsSysCtrlService - ok
19:07:27.0647 4980 AsUpIO (1392b92179b07b672720763d9b1028a5) C:\Windows\syswow64\drivers\AsUpIO.sys
19:07:27.0656 4980 AsUpIO - ok
19:07:27.0765 4980 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:07:27.0776 4980 AsyncMac - ok
19:07:27.0785 4980 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:07:27.0786 4980 atapi - ok
19:07:27.0838 4980 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
19:07:27.0848 4980 AtiHDAudioService - ok
19:07:27.0909 4980 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:07:27.0921 4980 AudioEndpointBuilder - ok
19:07:27.0927 4980 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:07:27.0931 4980 AudioSrv - ok
19:07:27.0980 4980 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:07:27.0990 4980 AxInstSV - ok
19:07:28.0048 4980 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:07:28.0067 4980 b06bdrv - ok
19:07:28.0088 4980 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:07:28.0104 4980 b57nd60a - ok
19:07:28.0181 4980 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:07:28.0201 4980 BBSvc - ok
19:07:28.0220 4980 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:07:28.0229 4980 BDESVC - ok
19:07:28.0268 4980 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:07:28.0276 4980 Beep - ok
19:07:28.0340 4980 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:07:28.0352 4980 BFE - ok
19:07:28.0403 4980 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:07:28.0416 4980 BITS - ok
19:07:28.0453 4980 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
19:07:28.0464 4980 blbdrive - ok
19:07:28.0476 4980 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:07:28.0488 4980 bowser - ok
19:07:28.0502 4980 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:07:28.0511 4980 BrFiltLo - ok
19:07:28.0520 4980 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:07:28.0529 4980 BrFiltUp - ok
19:07:28.0547 4980 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:07:28.0556 4980 Browser - ok
19:07:28.0677 4980 Browser Defender Update Service (ce37210c345f6c8b019625a1fbc8a011) C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
19:07:28.0707 4980 Browser Defender Update Service - ok
19:07:28.0733 4980 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:07:28.0751 4980 Brserid - ok
19:07:28.0781 4980 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:07:28.0793 4980 BrSerWdm - ok
19:07:28.0802 4980 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:07:28.0810 4980 BrUsbMdm - ok
19:07:28.0817 4980 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:07:28.0826 4980 BrUsbSer - ok
19:07:28.0839 4980 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:07:28.0851 4980 BTHMODEM - ok
19:07:28.0858 4980 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:07:28.0868 4980 bthserv - ok
19:07:28.0893 4980 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:07:28.0905 4980 cdfs - ok
19:07:28.0948 4980 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:07:28.0959 4980 cdrom - ok
19:07:29.0000 4980 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:07:29.0008 4980 CertPropSvc - ok
19:07:29.0018 4980 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:07:29.0027 4980 circlass - ok
19:07:29.0057 4980 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:07:29.0079 4980 CLFS - ok
19:07:29.0155 4980 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:07:29.0168 4980 clr_optimization_v2.0.50727_32 - ok
19:07:29.0215 4980 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:07:29.0228 4980 clr_optimization_v2.0.50727_64 - ok
19:07:29.0285 4980 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:07:29.0302 4980 clr_optimization_v4.0.30319_32 - ok
19:07:29.0322 4980 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:07:29.0361 4980 clr_optimization_v4.0.30319_64 - ok
19:07:29.0399 4980 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:07:29.0407 4980 CmBatt - ok
19:07:29.0420 4980 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:07:29.0428 4980 cmdide - ok
19:07:29.0475 4980 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
19:07:29.0494 4980 CNG - ok
19:07:29.0502 4980 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:07:29.0510 4980 Compbatt - ok
19:07:29.0554 4980 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:07:29.0563 4980 CompositeBus - ok
19:07:29.0579 4980 COMSysApp - ok
19:07:29.0584 4980 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:07:29.0592 4980 crcdisk - ok
19:07:29.0715 4980 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:07:29.0784 4980 CryptSvc - ok
19:07:29.0921 4980 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:07:29.0943 4980 cvhsvc - ok
19:07:29.0985 4980 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
19:07:29.0995 4980 dc3d - ok
19:07:30.0026 4980 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:07:30.0030 4980 DcomLaunch - ok
19:07:30.0064 4980 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:07:30.0078 4980 defragsvc - ok
19:07:30.0151 4980 Device Handle Service (0a403702cb00432ac818523cd416bf67) C:\Windows\SysWOW64\AsHookDevice.exe
19:07:30.0170 4980 Device Handle Service - ok
19:07:30.0201 4980 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:07:30.0214 4980 DfsC - ok
19:07:30.0253 4980 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:07:30.0265 4980 Dhcp - ok
19:07:30.0276 4980 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:07:30.0287 4980 discache - ok
19:07:30.0318 4980 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:07:30.0329 4980 Disk - ok
19:07:30.0343 4980 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:07:30.0352 4980 Dnscache - ok
19:07:30.0372 4980 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:07:30.0384 4980 dot3svc - ok
19:07:30.0401 4980 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:07:30.0409 4980 DPS - ok
19:07:30.0436 4980 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:07:30.0444 4980 drmkaud - ok
19:07:30.0531 4980 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
19:07:30.0539 4980 DrvAgent64 - ok
19:07:30.0588 4980 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:07:30.0619 4980 DXGKrnl - ok
19:07:30.0637 4980 EagleX64 - ok
19:07:30.0656 4980 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:07:30.0664 4980 EapHost - ok
19:07:30.0827 4980 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:07:30.0988 4980 ebdrv - ok
19:07:31.0048 4980 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:07:31.0057 4980 EFS - ok
19:07:31.0136 4980 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:07:31.0167 4980 ehRecvr - ok
19:07:31.0203 4980 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:07:31.0216 4980 ehSched - ok
19:07:31.0287 4980 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:07:31.0313 4980 elxstor - ok
19:07:31.0325 4980 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:07:31.0333 4980 ErrDev - ok
19:07:31.0373 4980 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:07:31.0376 4980 EventSystem - ok
19:07:31.0434 4980 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:07:31.0449 4980 exfat - ok
19:07:31.0465 4980 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:07:31.0480 4980 fastfat - ok
19:07:31.0546 4980 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:07:31.0550 4980 Fax - ok
19:07:31.0569 4980 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:07:31.0579 4980 fdc - ok
19:07:31.0587 4980 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:07:31.0594 4980 fdPHost - ok
19:07:31.0608 4980 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:07:31.0616 4980 FDResPub - ok
19:07:31.0627 4980 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:07:31.0638 4980 FileInfo - ok
19:07:31.0643 4980 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:07:31.0653 4980 Filetrace - ok
19:07:31.0657 4980 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:07:31.0667 4980 flpydisk - ok
19:07:31.0687 4980 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:07:31.0702 4980 FltMgr - ok
19:07:31.0765 4980 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:07:31.0780 4980 FontCache - ok
19:07:31.0900 4980 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:07:31.0910 4980 FontCache3.0.0.0 - ok
19:07:32.0036 4980 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:07:32.0050 4980 FsDepends - ok
19:07:32.0070 4980 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
19:07:32.0080 4980 fssfltr - ok
19:07:32.0404 4980 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:07:32.0482 4980 fsssvc - ok
19:07:32.0602 4980 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:07:32.0610 4980 Fs_Rec - ok
19:07:32.0660 4980 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:07:32.0678 4980 fvevol - ok
19:07:32.0687 4980 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:07:32.0698 4980 gagp30kx - ok
19:07:32.0747 4980 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:07:32.0807 4980 gpsvc - ok
19:07:32.0925 4980 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:07:32.0926 4980 gupdate - ok
19:07:32.0929 4980 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:07:32.0930 4980 gupdatem - ok
19:07:32.0973 4980 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
19:07:32.0983 4980 hamachi - ok
19:07:32.0992 4980 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:07:33.0000 4980 hcw85cir - ok
19:07:33.0049 4980 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:07:33.0074 4980 HdAudAddService - ok
19:07:33.0103 4980 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:07:33.0113 4980 HDAudBus - ok
19:07:33.0123 4980 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:07:33.0133 4980 HidBatt - ok
19:07:33.0147 4980 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:07:33.0160 4980 HidBth - ok
19:07:33.0164 4980 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:07:33.0176 4980 HidIr - ok
19:07:33.0186 4980 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:07:33.0194 4980 hidserv - ok
19:07:33.0227 4980 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:07:33.0236 4980 HidUsb - ok
19:07:33.0252 4980 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:07:33.0260 4980 hkmsvc - ok
19:07:33.0284 4980 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:07:33.0296 4980 HomeGroupListener - ok
19:07:33.0324 4980 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:07:33.0326 4980 HomeGroupProvider - ok
19:07:33.0332 4980 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:07:33.0341 4980 HpSAMD - ok
19:07:33.0397 4980 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:07:33.0429 4980 HTTP - ok
19:07:33.0442 4980 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:07:33.0450 4980 hwpolicy - ok
19:07:33.0469 4980 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:07:33.0483 4980 i8042prt - ok
19:07:33.0520 4980 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:07:33.0537 4980 iaStorV - ok
19:07:33.0664 4980 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:07:33.0693 4980 idsvc - ok
19:07:33.0703 4980 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:07:33.0712 4980 iirsp - ok
19:07:33.0781 4980 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:07:33.0793 4980 IKEEXT - ok
19:07:33.0830 4980 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:07:33.0838 4980 intelide - ok
19:07:33.0866 4980 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
19:07:33.0875 4980 intelppm - ok
19:07:33.0893 4980 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:07:33.0903 4980 IPBusEnum - ok
19:07:33.0915 4980 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:07:33.0928 4980 IpFilterDriver - ok
19:07:33.0965 4980 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:07:33.0976 4980 iphlpsvc - ok
19:07:33.0993 4980 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:07:34.0007 4980 IPMIDRV - ok
19:07:34.0013 4980 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:07:34.0026 4980 IPNAT - ok
19:07:34.0060 4980 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:07:34.0069 4980 IRENUM - ok
19:07:34.0081 4980 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:07:34.0091 4980 isapnp - ok
19:07:34.0114 4980 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:07:34.0128 4980 iScsiPrt - ok
19:07:34.0162 4980 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:07:34.0173 4980 kbdclass - ok
19:07:34.0196 4980 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:07:34.0207 4980 kbdhid - ok
19:07:34.0220 4980 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:07:34.0222 4980 KeyIso - ok
19:07:34.0258 4980 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
19:07:34.0268 4980 KSecDD - ok
19:07:34.0281 4980 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
19:07:34.0293 4980 KSecPkg - ok
19:07:34.0305 4980 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:07:34.0314 4980 ksthunk - ok
19:07:34.0349 4980 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:07:34.0363 4980 KtmRm - ok
19:07:34.0392 4980 L1C (173666119d217e3739205c169e2bf0e5) C:\Windows\system32\DRIVERS\L1C62x64.sys
19:07:34.0402 4980 L1C - ok
19:07:34.0422 4980 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:07:34.0431 4980 LanmanServer - ok
19:07:34.0454 4980 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:07:34.0463 4980 LanmanWorkstation - ok
19:07:34.0496 4980 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:07:34.0508 4980 lltdio - ok
19:07:34.0531 4980 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:07:34.0552 4980 lltdsvc - ok
19:07:34.0562 4980 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:07:34.0570 4980 lmhosts - ok
19:07:34.0608 4980 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:07:34.0620 4980 LSI_FC - ok
19:07:34.0638 4980 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:07:34.0648 4980 LSI_SAS - ok
19:07:34.0663 4980 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:07:34.0673 4980 LSI_SAS2 - ok
19:07:34.0687 4980 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:07:34.0697 4980 LSI_SCSI - ok
19:07:34.0728 4980 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:07:34.0741 4980 luafv - ok
19:07:34.0775 4980 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
19:07:34.0783 4980 MBAMProtector - ok
19:07:34.0949 4980 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:07:35.0013 4980 MBAMService - ok
19:07:35.0085 4980 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
19:07:35.0124 4980 McComponentHostService - ok
19:07:35.0147 4980 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:07:35.0157 4980 Mcx2Svc - ok
19:07:35.0165 4980 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:07:35.0174 4980 megasas - ok
19:07:35.0198 4980 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:07:35.0213 4980 MegaSR - ok
19:07:35.0248 4980 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:07:35.0250 4980 MMCSS - ok
19:07:35.0259 4980 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:07:35.0271 4980 Modem - ok
19:07:35.0301 4980 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:07:35.0309 4980 monitor - ok
19:07:35.0337 4980 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:07:35.0348 4980 mouclass - ok
19:07:35.0370 4980 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:07:35.0381 4980 mouhid - ok
19:07:35.0391 4980 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:07:35.0401 4980 mountmgr - ok
19:07:35.0481 4980 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:07:35.0498 4980 MozillaMaintenance - ok
19:07:35.0513 4980 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:07:35.0529 4980 mpio - ok
19:07:35.0546 4980 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:07:35.0558 4980 mpsdrv - ok
19:07:35.0613 4980 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:07:35.0626 4980 MpsSvc - ok
19:07:35.0683 4980 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:07:35.0697 4980 MRxDAV - ok
19:07:35.0717 4980 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:07:35.0731 4980 mrxsmb - ok
19:07:35.0776 4980 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:07:35.0792 4980 mrxsmb10 - ok
19:07:35.0803 4980 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:07:35.0816 4980 mrxsmb20 - ok
19:07:35.0828 4980 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:07:35.0836 4980 msahci - ok
19:07:35.0854 4980 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:07:35.0864 4980 msdsm - ok
19:07:35.0882 4980 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:07:35.0895 4980 MSDTC - ok
19:07:35.0930 4980 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:07:35.0940 4980 Msfs - ok
19:07:35.0951 4980 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:07:35.0960 4980 mshidkmdf - ok
19:07:35.0968 4980 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:07:35.0975 4980 msisadrv - ok
19:07:36.0018 4980 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

 

[Ryan O'Brien]

19:07:36.0028 4980 MSiSCSI - ok
19:07:36.0031 4980 msiserver - ok
19:07:36.0063 4980 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:07:36.0071 4980 MSKSSRV - ok
19:07:36.0094 4980 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:07:36.0102 4980 MSPCLOCK - ok
19:07:36.0112 4980 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:07:36.0120 4980 MSPQM - ok
19:07:36.0147 4980 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:07:36.0168 4980 MsRPC - ok
19:07:36.0183 4980 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:07:36.0192 4980 mssmbios - ok
19:07:36.0205 4980 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:07:36.0213 4980 MSTEE - ok
19:07:36.0221 4980 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:07:36.0229 4980 MTConfig - ok
19:07:36.0233 4980 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:07:36.0242 4980 Mup - ok
19:07:36.0284 4980 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:07:36.0298 4980 napagent - ok
19:07:36.0337 4980 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:07:36.0363 4980 NativeWifiP - ok
19:07:36.0690 4980 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:07:36.0709 4980 NDIS - ok
19:07:36.0742 4980 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:07:36.0754 4980 NdisCap - ok
19:07:36.0786 4980 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:07:36.0797 4980 NdisTapi - ok
19:07:36.0829 4980 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:07:36.0841 4980 Ndisuio - ok
19:07:36.0862 4980 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:07:36.0876 4980 NdisWan - ok
19:07:36.0911 4980 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:07:36.0921 4980 NDProxy - ok
19:07:36.0984 4980 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
19:07:36.0993 4980 Net Driver HPZ12 - ok
19:07:37.0015 4980 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:07:37.0026 4980 NetBIOS - ok
19:07:37.0047 4980 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:07:37.0062 4980 NetBT - ok
19:07:37.0078 4980 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:07:37.0080 4980 Netlogon - ok
19:07:37.0135 4980 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:07:37.0145 4980 Netman - ok
19:07:37.0233 4980 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:07:37.0246 4980 NetMsmqActivator - ok
19:07:37.0249 4980 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:07:37.0251 4980 NetPipeActivator - ok
19:07:37.0279 4980 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:07:37.0283 4980 netprofm - ok
19:07:37.0286 4980 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:07:37.0288 4980 NetTcpActivator - ok
19:07:37.0291 4980 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:07:37.0292 4980 NetTcpPortSharing - ok
19:07:37.0315 4980 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:07:37.0324 4980 nfrd960 - ok
19:07:37.0359 4980 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:07:37.0369 4980 NlaSvc - ok
19:07:37.0378 4980 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:07:37.0390 4980 Npfs - ok
19:07:37.0393 4980 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:07:37.0400 4980 nsi - ok
19:07:37.0411 4980 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:07:37.0422 4980 nsiproxy - ok
19:07:37.0500 4980 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:07:37.0543 4980 Ntfs - ok
19:07:37.0605 4980 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:07:37.0613 4980 Null - ok
19:07:37.0634 4980 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:07:37.0649 4980 nvraid - ok
19:07:37.0667 4980 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:07:37.0679 4980 nvstor - ok
19:07:37.0694 4980 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:07:37.0707 4980 nv_agp - ok
19:07:37.0720 4980 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:07:37.0733 4980 ohci1394 - ok
19:07:37.0816 4980 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:07:37.0834 4980 ose - ok
19:07:38.0220 4980 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:07:38.0374 4980 osppsvc - ok
19:07:38.0451 4980 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:07:38.0461 4980 p2pimsvc - ok
19:07:38.0490 4980 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:07:38.0508 4980 p2psvc - ok
19:07:38.0539 4980 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:07:38.0552 4980 Parport - ok
19:07:38.0578 4980 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:07:38.0589 4980 partmgr - ok
19:07:38.0608 4980 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:07:38.0617 4980 PcaSvc - ok
19:07:38.0637 4980 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:07:38.0638 4980 pci - ok
19:07:38.0648 4980 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:07:38.0656 4980 pciide - ok
19:07:38.0680 4980 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:07:38.0695 4980 pcmcia - ok
19:07:38.0710 4980 PCTBD (bb0d5cc3474367a918f463366742afe9) C:\Windows\system32\Drivers\PCTBD64.sys
19:07:38.0721 4980 PCTBD - ok
19:07:38.0783 4980 PCTCore (876fd95b7a3b7fe6179fbd16e7a6486c) C:\Windows\system32\drivers\PCTCore64.sys
19:07:38.0805 4980 PCTCore - ok
19:07:38.0855 4980 pctDS (ba1f42a42f405f62ceff6b69a2797f7c) C:\Windows\system32\drivers\pctDS64.sys
19:07:38.0874 4980 pctDS - ok
19:07:38.0939 4980 pctEFA (146cc91c93ced13e7fe40e8d8615be39) C:\Windows\system32\drivers\pctEFA64.sys
19:07:38.0969 4980 pctEFA - ok
19:07:39.0008 4980 PCTSD (577f20ebf1e42bebb238e2412b99c7ee) C:\Windows\system32\Drivers\PCTSD64.sys
19:07:39.0024 4980 PCTSD - ok
19:07:39.0040 4980 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:07:39.0051 4980 pcw - ok
19:07:39.0090 4980 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:07:39.0114 4980 PEAUTH - ok
19:07:39.0173 4980 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:07:39.0188 4980 PerfHost - ok
19:07:39.0310 4980 PinnacleUpdateSvc (0015113a604b94769ab5159e8dcfc6e6) C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe
19:07:39.0357 4980 PinnacleUpdateSvc - ok
19:07:39.0476 4980 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:07:39.0509 4980 pla - ok
19:07:39.0570 4980 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:07:39.0588 4980 PlugPlay - ok
19:07:39.0668 4980 PMBDeviceInfoProvider (ae6c778717de2f6b0c0b5335036d3363) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
19:07:39.0720 4980 PMBDeviceInfoProvider - ok
19:07:39.0771 4980 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
19:07:39.0780 4980 Pml Driver HPZ12 - ok
19:07:39.0801 4980 PnkBstrA - ok
19:07:39.0806 4980 PnkBstrB - ok
19:07:39.0828 4980 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:07:39.0836 4980 PNRPAutoReg - ok
19:07:39.0851 4980 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:07:39.0854 4980 PNRPsvc - ok
19:07:40.0008 4980 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
19:07:40.0038 4980 Point64 - ok
19:07:40.0079 4980 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:07:40.0094 4980 PolicyAgent - ok
19:07:40.0127 4980 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:07:40.0136 4980 Power - ok
19:07:40.0172 4980 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:07:40.0185 4980 PptpMiniport - ok
19:07:40.0208 4980 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:07:40.0218 4980 Processor - ok
19:07:40.0260 4980 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:07:40.0269 4980 ProfSvc - ok
19:07:40.0286 4980 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:07:40.0288 4980 ProtectedStorage - ok
19:07:40.0323 4980 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:07:40.0339 4980 Psched - ok
19:07:40.0451 4980 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:07:40.0489 4980 ql2300 - ok
19:07:40.0584 4980 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:07:40.0593 4980 ql40xx - ok
19:07:40.0624 4980 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:07:40.0636 4980 QWAVE - ok
19:07:40.0647 4980 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:07:40.0659 4980 QWAVEdrv - ok
19:07:40.0673 4980 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:07:40.0682 4980 RasAcd - ok
19:07:40.0717 4980 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:07:40.0729 4980 RasAgileVpn - ok
19:07:40.0735 4980 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:07:40.0746 4980 RasAuto - ok
19:07:40.0762 4980 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:07:40.0775 4980 Rasl2tp - ok
19:07:40.0803 4980 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:07:40.0824 4980 RasMan - ok
19:07:40.0851 4980 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:07:40.0864 4980 RasPppoe - ok
19:07:40.0893 4980 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:07:40.0905 4980 RasSstp - ok
19:07:40.0925 4980 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:07:40.0950 4980 rdbss - ok
19:07:40.0968 4980 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
19:07:40.0978 4980 rdpbus - ok
19:07:40.0991 4980 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:07:40.0999 4980 RDPCDD - ok
19:07:41.0036 4980 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:07:41.0043 4980 RDPENCDD - ok
19:07:41.0050 4980 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:07:41.0058 4980 RDPREFMP - ok
19:07:41.0095 4980 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

 

[Ryan O'Brien]

19:07:41.0110 4980 RDPWD - ok
19:07:41.0133 4980 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:07:41.0150 4980 rdyboost - ok
19:07:41.0166 4980 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:07:41.0176 4980 RemoteAccess - ok
19:07:41.0193 4980 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:07:41.0204 4980 RemoteRegistry - ok
19:07:41.0264 4980 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
19:07:41.0273 4980 Revoflt - ok
19:07:41.0303 4980 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:07:41.0311 4980 RpcEptMapper - ok
19:07:41.0330 4980 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:07:41.0339 4980 RpcLocator - ok
19:07:41.0368 4980 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:07:41.0372 4980 RpcSs - ok
19:07:41.0378 4980 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:07:41.0391 4980 rspndr - ok
19:07:41.0419 4980 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:07:41.0421 4980 SamSs - ok
19:07:41.0437 4980 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:07:41.0447 4980 sbp2port - ok
19:07:41.0466 4980 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:07:41.0478 4980 SCardSvr - ok
19:07:41.0510 4980 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:07:41.0519 4980 scfilter - ok
19:07:41.0574 4980 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:07:41.0616 4980 Schedule - ok
19:07:41.0633 4980 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:07:41.0635 4980 SCPolicySvc - ok
19:07:41.0752 4980 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
19:07:41.0771 4980 sdAuxService - ok
19:07:41.0832 4980 sdCoreService (44323c0bcbffa66a7a90e93f5d027999) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
19:07:41.0855 4980 sdCoreService - ok
19:07:41.0924 4980 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:07:41.0936 4980 SDRSVC - ok
19:07:41.0971 4980 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:07:41.0990 4980 SeaPort - ok
19:07:42.0034 4980 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:07:42.0043 4980 secdrv - ok
19:07:42.0050 4980 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:07:42.0058 4980 seclogon - ok
19:07:42.0072 4980 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:07:42.0081 4980 SENS - ok
19:07:42.0110 4980 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:07:42.0118 4980 SensrSvc - ok
19:07:42.0130 4980 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
19:07:42.0140 4980 Serenum - ok
19:07:42.0146 4980 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
19:07:42.0159 4980 Serial - ok
19:07:42.0163 4980 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:07:42.0174 4980 sermouse - ok
19:07:42.0194 4980 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:07:42.0204 4980 SessionEnv - ok
19:07:42.0207 4980 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:07:42.0215 4980 sffdisk - ok
19:07:42.0218 4980 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:07:42.0226 4980 sffp_mmc - ok
19:07:42.0229 4980 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:07:42.0238 4980 sffp_sd - ok
19:07:42.0241 4980 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:07:42.0249 4980 sfloppy - ok
19:07:42.0312 4980 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
19:07:42.0339 4980 Sftfs - ok
19:07:42.0422 4980 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:07:42.0460 4980 sftlist - ok
19:07:42.0478 4980 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:07:42.0490 4980 Sftplay - ok
19:07:42.0497 4980 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:07:42.0505 4980 Sftredir - ok
19:07:42.0519 4980 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
19:07:42.0527 4980 Sftvol - ok
19:07:42.0548 4980 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:07:42.0577 4980 sftvsa - ok
19:07:42.0614 4980 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:07:42.0633 4980 SharedAccess - ok
19:07:42.0662 4980 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:07:42.0680 4980 ShellHWDetection - ok
19:07:42.0700 4980 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:07:42.0709 4980 SiSRaid2 - ok
19:07:42.0715 4980 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:07:42.0724 4980 SiSRaid4 - ok
19:07:42.0975 4980 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:07:43.0270 4980 Skype C2C Service - ok
19:07:43.0344 4980 SkypeUpdate (8c5477eb1c03ca76cd8eb66a610a9e90) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:07:43.0625 4980 SkypeUpdate - ok
19:07:43.0711 4980 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:07:43.0724 4980 Smb - ok
19:07:43.0759 4980 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:07:43.0768 4980 SNMPTRAP - ok
19:07:43.0775 4980 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:07:43.0783 4980 spldr - ok
19:07:43.0815 4980 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:07:43.0831 4980 Spooler - ok
19:07:43.0980 4980 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:07:44.0118 4980 sppsvc - ok
19:07:44.0152 4980 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:07:44.0161 4980 sppuinotify - ok
19:07:44.0201 4980 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:07:44.0223 4980 srv - ok
19:07:44.0249 4980 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:07:44.0274 4980 srv2 - ok
19:07:44.0290 4980 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:07:44.0302 4980 srvnet - ok
19:07:44.0337 4980 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:07:44.0349 4980 SSDPSRV - ok
19:07:44.0361 4980 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:07:44.0371 4980 SstpSvc - ok
19:07:44.0448 4980 Steam Client Service - ok
19:07:44.0476 4980 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:07:44.0484 4980 stexstor - ok
19:07:44.0539 4980 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:07:44.0571 4980 stisvc - ok
19:07:44.0576 4980 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:07:44.0584 4980 swenum - ok
19:07:44.0612 4980 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:07:44.0628 4980 swprv - ok
19:07:44.0709 4980 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:07:44.0731 4980 SysMain - ok
19:07:44.0800 4980 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:07:44.0810 4980 TabletInputService - ok
19:07:44.0837 4980 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:07:44.0858 4980 TapiSrv - ok
19:07:44.0872 4980 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:07:44.0881 4980 TBS - ok
19:07:45.0014 4980 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:07:45.0131 4980 Tcpip - ok
19:07:45.0260 4980 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:07:45.0270 4980 TCPIP6 - ok
19:07:45.0327 4980 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:07:45.0339 4980 tcpipreg - ok
19:07:45.0348 4980 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:07:45.0357 4980 TDPIPE - ok
19:07:45.0390 4980 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:07:45.0401 4980 TDTCP - ok
19:07:45.0434 4980 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:07:45.0446 4980 tdx - ok
19:07:45.0457 4980 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:07:45.0466 4980 TermDD - ok
19:07:45.0509 4980 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:07:45.0521 4980 TermService - ok
19:07:45.0535 4980 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:07:45.0543 4980 Themes - ok
19:07:45.0556 4980 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:07:45.0557 4980 THREADORDER - ok
19:07:45.0606 4980 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys
19:07:45.0616 4980 tmactmon - ok
19:07:45.0638 4980 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys
19:07:45.0652 4980 tmcomm - ok
19:07:45.0671 4980 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys
19:07:45.0680 4980 tmevtmgr - ok
19:07:45.0715 4980 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
19:07:45.0726 4980 tmtdi - ok
19:07:45.0741 4980 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:07:45.0749 4980 TrkWks - ok
19:07:45.0788 4980 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:07:45.0801 4980 TrustedInstaller - ok
19:07:45.0809 4980 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:07:45.0822 4980 tssecsrv - ok
19:07:45.0846 4980 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:07:45.0856 4980 TsUsbFlt - ok
19:07:45.0860 4980 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:07:45.0869 4980 TsUsbGD - ok
19:07:45.0904 4980 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:07:45.0919 4980 tunnel - ok
19:07:45.0924 4980 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:07:45.0935 4980 uagp35 - ok
19:07:45.0958 4980 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:07:45.0973 4980 udfs - ok
19:07:45.0981 4980 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:07:45.0992 4980 UI0Detect - ok
19:07:45.0997 4980 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:07:46.0007 4980 uliagpkx - ok
19:07:46.0023 4980 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:07:46.0032 4980 umbus - ok
19:07:46.0035 4980 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:07:46.0043 4980 UmPass - ok
19:07:46.0076 4980 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:07:46.0097 4980 upnphost - ok
19:07:46.0146 4980 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:07:46.0158 4980 usbaudio - ok
19:07:46.0177 4980 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:07:46.0189 4980 usbccgp - ok
19:07:46.0208 4980 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:07:46.0219 4980 usbcir - ok
19:07:46.0243 4980 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:07:46.0254 4980 usbehci - ok
19:07:46.0290 4980 UsbFltr (68bad03835873d4bbbde95cbb135a395) C:\Windows\system32\Drivers\UsbFltr.sys
19:07:46.0297 4980 UsbFltr - ok
19:07:46.0325 4980 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:07:46.0344 4980 usbhub - ok
19:07:46.0358 4980 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:07:46.0368 4980 usbohci - ok
19:07:46.0381 4980 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
19:07:46.0392 4980 usbprint - ok
19:07:46.0404 4980 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:07:46.0417 4980 USBSTOR - ok
19:07:46.0426 4980 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:07:46.0436 4980 usbuhci - ok
19:07:46.0477 4980 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
19:07:46.0492 4980 usbvideo - ok
19:07:46.0502 4980 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:07:46.0510 4980 UxSms - ok
19:07:46.0527 4980 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:07:46.0529 4980 VaultSvc - ok
19:07:46.0559 4980 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:07:46.0568 4980 vdrvroot - ok
19:07:46.0601 4980 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:07:46.0629 4980 vds - ok
19:07:46.0633 4980 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:07:46.0644 4980 vga - ok
19:07:46.0658 4980 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:07:46.0669 4980 VgaSave - ok
19:07:46.0680 4980 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:07:46.0694 4980 vhdmp - ok
19:07:46.0816 4980 VIAHdAudAddService (84ffc3cca60a1b52a021bc894d529735) C:\Windows\system32\drivers\viahduaa.sys
19:07:46.0897 4980 VIAHdAudAddService - ok
19:07:46.0961 4980 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:07:46.0970 4980 viaide - ok
19:07:46.0977 4980 VIAKaraokeService (f4310278e6ce1c507b5555b662369e26) C:\Windows\system32\viakaraokesrv.exe
19:07:46.0986 4980 VIAKaraokeService - ok
19:07:46.0994 4980 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:07:47.0004 4980 volmgr - ok
19:07:47.0029 4980 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:07:47.0052 4980 volmgrx - ok
19:07:47.0079 4980 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
19:07:47.0098 4980 volsnap - ok
19:07:47.0115 4980 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:07:47.0126 4980 vsmraid - ok
19:07:47.0201 4980 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:07:47.0240 4980 VSS - ok
19:07:47.0299 4980 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:07:47.0308 4980 vwifibus - ok
19:07:47.0335 4980 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:07:47.0345 4980 W32Time - ok
19:07:47.0351 4980 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

 

[Ryan O'Brien]

19:07:47.0362 4980 WacomPen - ok
19:07:47.0402 4980 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:07:47.0414 4980 WANARP - ok
19:07:47.0430 4980 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:07:47.0431 4980 Wanarpv6 - ok
19:07:47.0521 4980 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:07:47.0553 4980 WatAdminSvc - ok
19:07:47.0628 4980 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:07:47.0662 4980 wbengine - ok
19:07:47.0724 4980 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:07:47.0736 4980 WbioSrvc - ok
19:07:47.0760 4980 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:07:47.0780 4980 wcncsvc - ok
19:07:47.0795 4980 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:07:47.0804 4980 WcsPlugInService - ok
19:07:47.0839 4980 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:07:47.0847 4980 Wd - ok
19:07:47.0884 4980 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:07:47.0907 4980 Wdf01000 - ok
19:07:47.0917 4980 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:07:47.0927 4980 WdiServiceHost - ok
19:07:47.0930 4980 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:07:47.0932 4980 WdiSystemHost - ok
19:07:47.0949 4980 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:07:47.0961 4980 WebClient - ok
19:07:47.0976 4980 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:07:47.0988 4980 Wecsvc - ok
19:07:47.0998 4980 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:07:48.0001 4980 wercplsupport - ok
19:07:48.0036 4980 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:07:48.0038 4980 WerSvc - ok
19:07:48.0070 4980 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:07:48.0079 4980 WfpLwf - ok
19:07:48.0083 4980 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:07:48.0092 4980 WIMMount - ok
19:07:48.0131 4980 WinDefend - ok
19:07:48.0192 4980 WindowBlinds (97c7f30787a30cfa760b0247631a5463) C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
19:07:48.0205 4980 WindowBlinds - ok
19:07:48.0212 4980 WinHttpAutoProxySvc - ok
19:07:48.0263 4980 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:07:48.0272 4980 Winmgmt - ok
19:07:48.0378 4980 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:07:48.0428 4980 WinRM - ok
19:07:48.0579 4980 winusb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\winusb.sys
19:07:48.0589 4980 winusb - ok
19:07:48.0639 4980 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:07:48.0668 4980 Wlansvc - ok
19:07:48.0708 4980 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:07:48.0719 4980 wlcrasvc - ok
19:07:48.0889 4980 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:07:48.0913 4980 wlidsvc - ok
19:07:48.0989 4980 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
19:07:48.0998 4980 WmBEnum - ok
19:07:49.0036 4980 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
19:07:49.0046 4980 WmFilter - ok
19:07:49.0081 4980 WmHidLo (ac4331af118a720f13c9c5cabbfe27bd) C:\Windows\system32\drivers\WmHidLo.sys
19:07:49.0090 4980 WmHidLo - ok
19:07:49.0122 4980 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:07:49.0130 4980 WmiAcpi - ok
19:07:49.0177 4980 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:07:49.0194 4980 wmiApSrv - ok
19:07:49.0256 4980 WMPNetworkSvc - ok
19:07:49.0270 4980 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
19:07:49.0279 4980 WmVirHid - ok
19:07:49.0290 4980 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
19:07:49.0301 4980 WmXlCore - ok
19:07:49.0361 4980 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe
19:07:49.0377 4980 WMZuneComm - ok
19:07:49.0425 4980 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:07:49.0434 4980 WPCSvc - ok
19:07:49.0450 4980 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:07:49.0460 4980 WPDBusEnum - ok
19:07:49.0464 4980 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:07:49.0473 4980 ws2ifsl - ok
19:07:49.0486 4980 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
19:07:49.0495 4980 wscsvc - ok
19:07:49.0497 4980 WSearch - ok
19:07:49.0637 4980 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:07:49.0696 4980 wuauserv - ok
19:07:49.0771 4980 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:07:49.0784 4980 WudfPf - ok
19:07:49.0826 4980 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:07:49.0840 4980 WUDFRd - ok
19:07:49.0857 4980 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:07:49.0866 4980 wudfsvc - ok
19:07:49.0892 4980 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:07:49.0904 4980 WwanSvc - ok
19:07:50.0059 4980 ytpUpdater (88596ac939a4bcd347c5d360dfd0846e) C:\Program Files (x86)\updater\updater.exe
19:07:50.0133 4980 ytpUpdater - ok
19:07:50.0665 4980 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe
19:07:50.0822 4980 ZuneNetworkSvc - ok
19:07:50.0883 4980 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
19:07:50.0904 4980 ZuneWlanCfgSvc - ok
19:07:50.0915 4980 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:07:51.0116 4980 \Device\Harddisk0\DR0 - ok
19:07:51.0119 4980 Boot (0x1200) (6efb70c07cd1ba1edca2b603cc988eec) \Device\Harddisk0\DR0\Partition0
19:07:51.0120 4980 \Device\Harddisk0\DR0\Partition0 - ok
19:07:51.0139 4980 Boot (0x1200) (60ac426d1eba97774f052e637196341a) \Device\Harddisk0\DR0\Partition1
19:07:51.0141 4980 \Device\Harddisk0\DR0\Partition1 - ok
19:07:51.0141 4980 ============================================================
19:07:51.0141 4980 Scan finished
19:07:51.0141 4980 ============================================================
19:07:51.0150 1744 Detected object count: 0
19:07:51.0150 1744 Actual detected object count: 0

 

[Broni]

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[Ryan O'Brien]

RogueKiller log info


RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Nub [Admin rights]
Mode: Scan -- Date: 07/21/2012 19:18:14

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 13 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : 2K Games (rundll32.exe "C:\Users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\.DEFAULT[...]\Run : 2K Games (rundll32.exe "C:\Users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : 2K Games (rundll32.exe "C:\Users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : 2K Games (rundll32.exe "C:\Users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-2463314201-2541101053-2832014611-1006[...]\Run : 2K Games (rundll32.exe "C:\Users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-18[...]\Run : 2K Games (rundll32.exe "C:\Users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll",CreateInstance) -> FOUND
[SUSP PATH] Best Buy pc app.lnk Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[SUSP PATH] Best Buy pc app.lnk Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[SCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Windows\LIVING~1.SCR) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EALX-229BA0 ATA Device +++++
--- User ---
[MBR] 350720ab0f3de94caa18596bfeeda8e6
[BSP] 2fba84096da516bd12cdc8f0abb8703a : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 2048 | Size: 14524 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29747200 | Size: 381546 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 811153408 | Size: 557797 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

 

[Ryan O'Brien]

sorry it took forever to scan. rofl

aswMBR log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-21 14:20:38
-----------------------------
14:20:38.173 OS Version: Windows x64 6.1.7601 Service Pack 1
14:20:38.173 Number of processors: 4 586 0x100
14:20:38.173 ComputerName: RYAN-PC UserName: Nub
14:20:38.973 Initialize success
14:21:23.355 AVAST engine defs: 12072100
14:21:27.831 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:21:27.835 Disk 0 Vendor: WDC_WD10EALX-229BA0 15.01H15 Size: 953869MB BusType: 3
14:21:27.848 Disk 0 MBR read successfully
14:21:27.851 Disk 0 MBR scan
14:21:27.855 Disk 0 Windows 7 default MBR code
14:21:27.858 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 14524 MB offset 2048
14:21:27.867 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 381546 MB offset 29747200
14:21:27.889 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 557797 MB offset 811153408
14:21:27.915 Disk 0 scanning C:\Windows\system32\drivers
14:21:34.329 Service scanning
14:21:51.184 Modules scanning
14:21:51.192 Disk 0 trace - called modules:
14:21:51.206 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:21:51.211 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007471060]
14:21:51.216 3 CLASSPNP.SYS[fffff880019c343f] -> nt!IofCallDriver -> [0xfffffa800705a520]
14:21:51.222 5 ACPI.sys[fffff88000f2d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007095060]
14:21:52.220 AVAST engine scan C:\Windows
14:21:54.297 AVAST engine scan C:\Windows\system32
14:23:59.773 AVAST engine scan C:\Windows\system32\drivers
14:24:06.690 AVAST engine scan C:\Users\Nub
14:31:28.613 AVAST engine scan C:\ProgramData
14:33:56.917 Scan finished successfully
14:34:22.683 Disk 0 MBR has been saved successfully to "C:\Users\Nub\Documents\MBR.dat"
14:34:22.696 The log file has been saved successfully to "C:\Users\Nub\Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-21 19:20:35
-----------------------------
19:20:35.343 OS Version: Windows x64 6.1.7601 Service Pack 1
19:20:35.343 Number of processors: 4 586 0x100
19:20:35.344 ComputerName: RYAN-PC UserName: Nub
19:20:36.578 Initialize success
19:21:12.951 AVAST engine defs: 12072101
19:21:26.517 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:21:26.518 Disk 0 Vendor: WDC_WD10EALX-229BA0 15.01H15 Size: 953869MB BusType: 3
19:21:26.529 Disk 0 MBR read successfully
19:21:26.530 Disk 0 MBR scan
19:21:26.536 Disk 0 Windows 7 default MBR code
19:21:26.539 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 14524 MB offset 2048
19:21:26.555 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 381546 MB offset 29747200
19:21:26.577 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 557797 MB offset 811153408
19:21:26.606 Disk 0 scanning C:\Windows\system32\drivers
19:21:37.228 Service scanning
19:21:58.052 Modules scanning
19:21:58.058 Disk 0 trace - called modules:
19:21:58.076 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:21:58.081 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80074c8060]
19:21:58.085 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8007311860]
19:21:58.088 5 PCTCore64.sys[fffff880010af720] -> nt!IofCallDriver -> [0xfffffa8007231520]
19:21:58.092 7 ACPI.sys[fffff88000f4a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80070eb060]
19:21:59.533 AVAST engine scan C:\Windows
19:22:03.058 AVAST engine scan C:\Windows\system32
19:25:54.598 AVAST engine scan C:\Windows\system32\drivers
19:26:07.564 AVAST engine scan C:\Users\Nub
19:52:56.753 AVAST engine scan C:\ProgramData
20:04:13.967 Scan finished successfully
20:08:26.804 Disk 0 MBR has been saved successfully to "C:\Users\Nub\Documents\MBR.dat"
20:08:26.810 The log file has been saved successfully to "C:\Users\Nub\Documents\aswMBR.txt"

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Ryan O'Brien]

Ran in normal mode
Combofix log:

ComboFix 12-07-21.01 - Nub 07/21/2012 21:18:49.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7675.5593 [GMT -4:00]
Running from: c:\users\Nub\Downloads\ComboFix.exe
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: Titanium *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Titanium *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\intellidownload\gunzip.exe
c:\users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-20 19:27 . 2012-07-20 23:47 -------- d-----w- c:\users\Me
2012-07-19 21:45 . 2012-07-19 21:45 -------- d-----w- c:\program files (x86)\Smart Install Maker
2012-07-17 02:28 . 2012-07-21 22:40 -------- d-----w- c:\program files (x86)\RegistryNuke 2012
2012-07-16 19:58 . 2012-07-16 19:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-16 02:36 . 2012-07-16 02:36 -------- d-----w- c:\users\Nub\AppData\Roaming\Malwarebytes
2012-07-16 02:36 . 2012-07-16 02:36 -------- d-----w- c:\programdata\Malwarebytes
2012-07-16 02:36 . 2012-07-16 02:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-16 02:36 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-16 00:37 . 2012-06-14 16:31 85224 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-07-16 00:37 . 2012-06-14 16:31 767960 ----a-w- c:\windows\BDTSupport.dll
2012-07-16 00:37 . 2012-06-14 16:31 2267096 ----a-w- c:\windows\PCTBDCore.dll
2012-07-16 00:37 . 2012-06-14 16:31 1681368 ----a-w- c:\windows\PCTBDRes.dll
2012-07-16 00:37 . 2012-06-14 16:31 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-07-16 00:36 . 2012-05-11 15:09 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-07-16 00:36 . 2012-05-11 15:08 341168 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-07-16 00:36 . 2012-05-11 15:13 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-07-16 00:36 . 2012-05-11 15:14 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-07-16 00:36 . 2012-07-21 22:40 -------- d-----w- c:\program files (x86)\PC Tools
2012-07-16 00:33 . 2012-02-28 15:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-07-16 00:33 . 2012-02-28 15:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-07-16 00:33 . 2012-04-23 16:36 426616 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-07-16 00:33 . 2012-07-21 22:40 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-07-16 00:33 . 2012-05-11 15:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-07-16 00:33 . 2012-07-21 22:40 -------- d-----w- c:\programdata\PC Tools
2012-07-16 00:33 . 2012-07-16 00:33 -------- d-----w- c:\users\Nub\AppData\Roaming\TestApp
2012-07-15 14:53 . 2012-07-15 18:15 -------- d-----w- c:\program files (x86)\German Truck Simulator
2012-07-15 14:32 . 2012-07-15 14:32 -------- d-----w- c:\users\Nub\AppData\Local\CRE
2012-07-15 14:31 . 2012-07-15 14:31 -------- d-----w- c:\program files (x86)\uTorrentControl3
2012-07-15 14:30 . 2012-07-16 03:24 -------- d-----w- c:\users\Nub\AppData\Roaming\uTorrent
2012-07-13 03:32 . 2012-07-22 01:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\CrashDumps
2012-07-12 18:53 . 2012-07-19 18:21 -------- d-----w- c:\users\Nub\AppData\Local\CrashDumps
2012-07-12 15:08 . 2012-07-12 15:08 -------- d-----w- c:\users\Nub\AppData\Roaming\TechSmith
2012-07-12 15:07 . 2012-07-12 15:07 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
2012-07-12 15:07 . 2012-07-12 15:07 -------- d-----w- c:\programdata\TechSmith
2012-07-12 15:07 . 2012-07-12 15:07 -------- d-----w- c:\program files (x86)\TechSmith
2012-07-12 03:38 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 15:19 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-09 23:35 . 2012-07-10 17:44 -------- d-----w- C:\Adobe Photoshop CS6
2012-07-09 20:26 . 2012-07-22 01:26 -------- d-----w- c:\program files (x86)\intellidownload
2012-07-09 02:10 . 2012-07-21 22:40 -------- d-----w- C:\AdobePhotoshopCS6Portable
2012-07-09 01:35 . 2012-07-09 01:35 -------- d-----w- c:\programdata\ATI
2012-07-09 01:35 . 2012-07-09 01:35 -------- d-----w- c:\program files (x86)\AMD AVT
2012-07-09 01:34 . 2012-07-09 01:34 -------- d-----w- c:\program files\AMD
2012-07-09 01:34 . 2012-07-09 01:34 -------- d-----w- c:\program files (x86)\AMD APP
2012-07-09 01:34 . 2012-07-09 01:34 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-07-09 01:34 . 2012-07-09 01:34 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-07-09 01:33 . 2012-07-09 01:34 -------- d-----w- c:\program files\ATI Technologies
2012-07-08 22:09 . 2012-07-08 22:09 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-07-05 22:46 . 2012-07-05 22:46 172098 ----a-w- C:\torrent.exe
2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-07-03 02:41 . 2012-07-03 02:41 -------- d-----w- c:\users\Nub\AppData\Local\id Software
2012-07-03 02:32 . 2012-07-03 02:32 -------- d-----w- c:\program files (x86)\id Software
2012-07-03 02:29 . 2012-07-03 02:29 -------- d-sh--w- c:\windows\ftpcache
2012-07-02 02:38 . 2012-07-02 02:38 -------- d-----w- c:\windows\en
2012-07-02 02:36 . 2012-07-02 02:36 -------- d-----w- c:\windows\es
2012-07-02 02:36 . 2012-07-02 02:36 -------- d-----w- c:\windows\de
2012-07-02 02:36 . 2012-07-02 02:36 -------- d-----w- c:\windows\fr
2012-07-02 02:36 . 2012-07-02 02:36 -------- d-----w- c:\windows\nl
2012-07-02 02:33 . 2012-03-08 22:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-07-02 02:31 . 2012-07-02 02:31 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cee939541cd57fa02\MeshBetaRemover.exe
2012-07-02 02:31 . 2012-07-02 02:31 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ce705e0f1cd57fa01\DSETUP.dll
2012-07-02 02:31 . 2012-07-02 02:31 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ce705e0f1cd57fa01\DXSETUP.exe
2012-07-02 02:31 . 2012-07-02 02:31 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ce705e0f1cd57fa01\dsetup32.dll
2012-07-01 18:57 . 2012-07-01 18:57 -------- d-----w- c:\users\Nub\AppData\Roaming\Paltalk
2012-07-01 18:57 . 2012-07-01 18:57 -------- d-----w- c:\program files (x86)\Paltalk Messenger
2012-07-01 18:57 . 2012-07-01 18:57 -------- d-----w- c:\windows\Paltalk Messenger
2012-07-01 18:56 . 2012-07-01 18:56 -------- d-----w- c:\users\Nub\AppData\Roaming\OpenCandy
2012-07-01 18:55 . 2012-07-01 18:56 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-07-01 18:55 . 2012-07-01 18:55 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-07-01 18:55 . 2012-07-01 18:56 -------- d-----w- c:\users\Nub\AppData\Roaming\DVDVideoSoft
2012-06-28 21:50 . 2012-06-28 21:50 -------- d-----w- c:\program files (x86)\18 WoS Extreme Trucker 2
2012-06-28 04:05 . 2012-06-28 04:05 -------- d-----w- c:\program files (x86)\Bus Driver
2012-06-26 19:52 . 2012-06-26 19:52 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-23 00:11 . 2012-07-22 01:17 -------- d-----w- c:\program files\NeO IRC 1.7
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-21 22:43 . 2012-04-10 04:14 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2012-07-12 03:34 . 2012-01-23 05:12 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-22 21:00 . 2012-02-22 22:06 134672 ----a-w- c:\windows\RegBootClean64.exe
2012-06-19 20:22 . 2012-06-19 20:23 151552 ----a-w- c:\windows\SysWow64\nvRegDev.dll
2012-06-19 20:22 . 2012-06-19 20:22 61440 ----a-w- c:\windows\SysWow64\nvPhotoshopUtil.dll
2012-06-19 20:22 . 2012-06-19 20:22 40960 ----a-w- c:\windows\SysWow64\nvISWOW64.dll
2012-06-14 15:03 . 2012-07-16 00:37 3488 ----a-w- c:\windows\UDB.zip
2012-06-14 15:03 . 2012-07-16 00:37 131 ----a-w- c:\windows\IDB.zip
2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:50 . 2012-06-11 17:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 17:50 . 2012-06-11 17:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 17:50 . 2012-06-11 17:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 17:50 . 2012-06-11 17:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 17:50 . 2012-06-11 17:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 17:50 . 2012-06-11 17:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 17:49 . 2012-06-11 17:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-11 17:48 . 2012-06-11 17:48 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-11 17:48 . 2012-06-11 17:48 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2011-08-11 01:05 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2011-08-11 01:05 1090560 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2011-08-11 01:05 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2011-08-11 01:05 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2011-08-11 01:05 6914560 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2011-08-11 01:05 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2011-08-11 01:05 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2011-08-11 01:05 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2011-08-11 01:05 6605824 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2011-08-11 01:05 539136 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2011-08-11 01:05 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2011-08-11 01:05 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2011-08-11 01:05 45056 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2011-08-11 01:05 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-02 23:33 . 2012-06-02 23:33 18944 ----a-r- c:\users\Nub\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-06-02 23:33 . 2012-06-02 23:33 11264 ----a-r- c:\users\Nub\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe
2012-06-02 22:19 . 2012-06-21 15:39 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 15:40 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 15:40 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 15:40 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 15:39 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 15:40 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 15:39 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 15:39 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 15:39 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-10 20:35 . 2012-05-10 20:35 43520 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-05-10 20:35 . 2012-05-10 20:35 29184 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-05-04 11:06 . 2012-06-13 17:47 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 17:47 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 17:47 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 17:47 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 17:47 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 17:47 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 17:47 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 17:47 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 17:47 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 17:47 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 17:47 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 17:47 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 17:47 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 17:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-24 03:45 . 2012-04-24 03:45 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-24 03:45 . 2011-08-11 01:19 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{b57a9eb1-0e57-4850-a701-4d169538e6ed}]
2012-05-18 19:45 85288 ----a-w- c:\program files (x86)\blekkotb_032\blekkotb_019X.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BA900CBA-FA92-4DF6-BED1-B683BFB92433}]
2012-04-04 21:58 1737216 ----a-w- c:\program files (x86)\YoutubePlus\YoutubePlus.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{b57a9eb1-0e57-4850-a701-4d169538e6ed}"= "c:\program files (x86)\blekkotb_032\blekkotb_019X.dll" [2012-05-18 85288]
.
[HKEY_CLASSES_ROOT\clsid\{b57a9eb1-0e57-4850-a701-4d169538e6ed}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2K Games"="c:\users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"2K Games"="c:\users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll" [BU]
.
c:\users\Nub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Malwarebytes Anti-Malware.lnk - c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2012-7-15 973488]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-8-29 16032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-12 116648]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 253088]
R3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2011-03-18 87168]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2011-03-18 188544]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-02-28 21712]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-12 116648]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-14 85224]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-23 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-05-11 251528]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2012-03-23 70928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2010-11-28 128904]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-06-13 922240]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-14 575448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-24 430136]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-03-29 27760]
S2 ytpUpdater;ytpUpdater;c:\program files (x86)\updater\updater.exe [2012-03-26 1730048]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-03-23 77936]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 12288]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-03-29 2157680]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 03:45]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-12 22:55]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-12 22:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Nub\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: Interfaces\{9EAD5E01-EBA1-4D42-9349-8BE2F94CCDD5}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Nub\AppData\Roaming\Mozilla\Firefox\Profiles\kil77mcf.default\
FF - prefs.js: browser.search.selectedEngine - YoutubePlus
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2463314201-2541101053-2832014611-1006\Software\SecuROM\License information*]
"datasecu"=hex:7b,13,97,03,64,d4,8b,0f,64,f5,6f,10,9d,d7,bd,9f,71,18,18,1f,b5,
e0,ae,fe,ba,72,62,67,a8,e2,85,fe,19,ac,ea,23,96,b7,55,07,35,5a,ce,e2,85,5d,\
"rkeysecu"=hex:3e,b5,3a,9e,8d,9d,46,73,63,5c,82,8b,f1,70,4b,63
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
.
**************************************************************************
.
Completion time: 2012-07-21 21:38:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-22 01:38
ComboFix2.txt 2012-07-21 19:24
ComboFix3.txt 2012-07-20 21:44
.
Pre-Run: 54,702,419,968 bytes free
Post-Run: 54,990,872,576 bytes free
.
- - End Of File - - B7107FD3DED271A8765A63EBB4F1D255

 

[Ryan O'Brien]

Ran in normal mode
Rkill log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/21/2012 at 21:41:35.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\SysWOW64\rundll32.exe


Rkill completed on 07/21/2012 at 21:41:47.

 

[Broni]

You're running two AV programs, PC Tools Spyware Doctor with AntiVirus and TrendMicro Titanium.
You must uninstall one of them.

=====================================

Uninstall RegistryNuke 2012.
Registry cleaners/optimizers are not recommended for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
  
  The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  
• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  
• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  
• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  
• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

• Ed Bott's Webog: Why I don't use registry cleaners
• Do I need a Registry Cleaner?

==============================

Combofix log looks good.

Any current issues?

============================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

==================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Ryan O'Brien]

Can't seem to uninstall RegistryNuke nor Spyware doctor.

File "C:\Program Files (x86)\RegistryNuke 2012\unins000.dat" does not exist. Cannot uninstall


OTL Log (Part 1)

OTL logfile created on: 7/21/2012 10:06:11 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Nub\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.50 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 82.78% Memory free
14.99 Gb Paging File | 13.72 Gb Available in Paging File | 91.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.60 Gb Total Space | 51.34 Gb Free Space | 13.78% Space Free | Partition Type: NTFS
Drive D: | 544.72 Gb Total Space | 8.23 Gb Free Space | 1.51% Space Free | Partition Type: NTFS
Drive F: | 5.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: RYAN-PC | User Name: Nub | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/21 22:05:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Nub\Downloads\OTL.exe
PRC - [2012/07/19 11:02:01 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/19 11:02:01 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/04/23 23:45:53 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2012/06/11 13:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/06/11 13:12:16 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2011/03/29 06:04:12 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/19 11:02:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/14 12:31:06 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/05/19 22:05:40 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/04/23 23:45:53 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 09:55:20 | 001,730,048 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\updater\updater.exe -- (ytpUpdater)
SRV - [2012/03/02 22:38:15 | 000,189,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012/03/02 22:37:59 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/02/29 09:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011/06/13 04:36:54 | 000,922,240 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe -- (asComSvc)
SRV - [2011/05/09 13:01:06 | 000,430,080 | ---- | M] (PowerUp Software, LLC) [Auto | Stopped] -- C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc)
SRV - [2011/03/02 01:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 14:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/01 22:15:14 | 000,915,584 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010/11/28 16:34:00 | 000,128,904 | ---- | M] (AMD) [Auto | Stopped] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2010/10/21 13:52:26 | 000,586,880 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/23 17:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 16:13:28 | 000,337,144 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe -- (WindowBlinds)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/06/14 12:31:44 | 000,085,224 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2012/06/11 14:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/11 12:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/05/11 11:14:26 | 000,251,528 | ---- | M] (PC Tools) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2012/04/23 12:36:50 | 000,426,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2012/03/22 22:19:45 | 000,167,696 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2012/03/22 22:19:45 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2012/03/22 22:19:45 | 000,091,920 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2012/03/22 22:19:45 | 000,070,928 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 11:43:18 | 001,096,176 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2012/02/28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/10 21:03:14 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/08/10 21:03:14 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/29 06:04:06 | 002,157,680 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2011/03/23 06:20:58 | 000,077,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/17 20:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/03/17 20:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/04/27 19:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 19:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010/04/27 19:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 17:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 17:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/02/18 13:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/04/09 11:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2012/02/28 19:11:24 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/01/04 17:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0877D540-4E36-4DF4-BA60-455B4E34840B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{0877D540-4E36-4DF4-BA60-455B4E34840B}: "URL" = http://50.56.166.40/youtubeplus/search/search.php?q={searchTerms}&sid=divx2k

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0877D540-4E36-4DF4-BA60-455B4E34840B}: "URL" = http://50.56.166.40/youtubeplus/search/search.php?q={searchTerms}&sid=divx2k
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "YoutubePlus"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/07/21 21:55:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/07/21 21:55:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\__Youtube@Plus: C:\Program Files (x86)\YoutubePlus\YoutubePlus.xpi [2012/04/17 22:37:20 | 000,007,323 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012/07/21 18:40:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 11:02:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/30 17:19:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nub\AppData\Roaming\Mozilla\Extensions
[2012/07/16 22:33:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nub\AppData\Roaming\Mozilla\Firefox\Profiles\kil77mcf.default\extensions
[2012/06/14 18:31:26 | 000,000,000 | ---D | M] (blekko search bar) -- C:\Users\Nub\AppData\Roaming\Mozilla\Firefox\Profiles\kil77mcf.default\extensions\{b57a9eb1-0e57-4850-a701-4d169538e6ed}
[2012/06/29 18:40:10 | 000,000,000 | ---D | M] (U2bview Firefox Add-on) -- C:\Users\Nub\AppData\Roaming\Mozilla\Firefox\Profiles\kil77mcf.default\extensions\noreply@u2bviews.com
[2012/04/17 22:37:23 | 000,001,846 | ---- | M] () -- C:\Users\Nub\AppData\Roaming\Mozilla\Firefox\Profiles\kil77mcf.default\searchplugins\ytp.xml
[2012/04/07 19:28:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/17 10:44:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/19 11:02:01 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: YoutubePlus (Enabled)
CHR - default_search_provider: search_url = http://50.56.166.40/youtubeplus/search/search.php?q={searchTerms}&sid=divx2k
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - Extension: Youtube Plus = C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfplnmdbcmooodmaipjfjcepfmfcinpk\1.0_0\
CHR - Extension: uTorrentControl3 = C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcoadpabahabkmdndndlimfikephnoka\2.3.15.10_0\
CHR - Extension: Skype Click to Call = C:\Users\Nub\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\

O1 HOSTS File: ([2012/07/21 21:32:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (blekko search bar) - {b57a9eb1-0e57-4850-a701-4d169538e6ed} - C:\Program Files (x86)\blekkotb_032\blekkotb_019X.dll ()
O2 - BHO: (Youtube Plus) - {BA900CBA-FA92-4DF6-BED1-B683BFB92433} - C:\Program Files (x86)\YoutubePlus\YoutubePlus.dll (Youtube Plus)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (blekko search bar) - {b57a9eb1-0e57-4850-a701-4d169538e6ed} - C:\Program Files (x86)\blekkotb_032\blekkotb_019X.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [2K Games] rundll32.exe "C:\Users\Nub\AppData\Local\Apple\2K Games\bkefddlrv.dll",CreateInstance File not found
O4 - Startup: C:\Users\Nub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Malware.lnk = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EAD5E01-EBA1-4D42-9349-8BE2F94CCDD5}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\WB: DllName - (C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/16 03:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2011/09/16 00:58:13 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*

 

[Ryan O'Brien]

O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/21 21:32:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/21 21:17:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/21 21:17:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/21 21:17:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/21 21:16:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/21 19:07:12 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nub\Desktop\TDSSKiller.exe
[2012/07/21 15:24:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/21 14:17:39 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\RK_Quarantine
[2012/07/20 23:23:25 | 000,000,000 | ---D | C] -- C:\Users\Nub\Documents\LOg
[2012/07/20 17:29:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/19 17:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Install Maker 5.04
[2012/07/19 17:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Install Maker
[2012/07/16 22:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistryNuke 2012
[2012/07/16 22:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegistryNuke 2012
[2012/07/16 15:58:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/15 22:36:45 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\Malwarebytes
[2012/07/15 22:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/15 22:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/15 22:36:30 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/15 22:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/15 20:37:25 | 000,085,224 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2012/07/15 20:37:24 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/07/15 20:37:24 | 001,681,368 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/07/15 20:37:24 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/07/15 20:36:30 | 000,341,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012/07/15 20:36:30 | 000,145,432 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012/07/15 20:36:26 | 000,014,776 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012/07/15 20:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/07/15 20:36:21 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012/07/15 20:36:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/07/15 20:33:58 | 001,096,176 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/07/15 20:33:57 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/07/15 20:33:55 | 000,426,616 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012/07/15 20:33:53 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/07/15 20:33:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/07/15 20:33:31 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\TestApp
[2012/07/15 20:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/07/15 10:57:12 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\German Truck Simulator
[2012/07/15 10:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\German Truck Simulator
[2012/07/15 10:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\German Truck Simulator
[2012/07/15 10:32:04 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\CRE
[2012/07/15 10:31:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentControl3
[2012/07/15 10:30:54 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\uTorrent
[2012/07/15 00:13:34 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\mod
[2012/07/14 20:22:54 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\TR
[2012/07/14 20:03:49 | 000,000,000 | ---D | C] -- C:\Users\Nub\Documents\German Truck Simulator
[2012/07/14 16:05:13 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\MMM1
[2012/07/14 13:48:14 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\Gindinbei System
[2012/07/14 13:46:25 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\base
[2012/07/12 17:07:56 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\Adobe Photoshop CS6
[2012/07/12 14:53:21 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\CrashDumps
[2012/07/12 11:14:26 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\Crack
[2012/07/12 11:08:43 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\TechSmith
[2012/07/12 11:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
[2012/07/12 11:07:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2012/07/12 11:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2012/07/12 11:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2012/07/11 19:51:57 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\Stuffs
[2012/07/09 19:35:38 | 000,000,000 | ---D | C] -- C:\Adobe Photoshop CS6
[2012/07/09 16:26:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\intellidownload
[2012/07/09 13:01:05 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\AdobePhotoshopCS6Portable
[2012/07/08 22:11:24 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\Photoshop_CS6_13.0_Extended_Portable
[2012/07/08 22:10:30 | 000,000,000 | ---D | C] -- C:\AdobePhotoshopCS6Portable
[2012/07/08 21:35:11 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/07/08 21:35:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/07/08 21:35:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/07/08 21:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2012/07/08 21:34:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/07/08 21:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/07/08 21:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/07/08 21:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/07/08 21:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/07/08 18:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/07/08 18:07:04 | 084,347,111 | ---- | C] (PainteR ) -- C:\Users\Nub\Desktop\Photoshop CS6 (Portable).exe
[2012/07/07 12:08:20 | 000,016,384 | ---- | C] (Vagex) -- C:\Users\Nub\Desktop\updater.exe
[2012/07/05 20:51:17 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\poop
[2012/07/04 19:56:37 | 000,000,000 | ---D | C] -- C:\Users\Nub\Documents\Electronic Arts
[2012/07/02 22:41:42 | 000,000,000 | ---D | C] -- C:\Users\Nub\Documents\id Software
[2012/07/02 22:41:20 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\id Software
[2012/07/02 22:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\id Software
[2012/07/02 22:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\id Software
[2012/07/02 22:29:56 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2012/07/01 22:38:05 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/07/01 22:36:50 | 000,000,000 | ---D | C] -- C:\Windows\es
[2012/07/01 22:36:43 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012/07/01 22:36:37 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2012/07/01 22:36:30 | 000,000,000 | ---D | C] -- C:\Windows\nl
[2012/07/01 22:30:51 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{CFDE1CD9-BC53-4CB3-A135-A25853A93AC6}
[2012/07/01 22:30:39 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{D287ACCD-30C6-4120-AB65-D9BBA9DF52AF}
[2012/07/01 22:29:54 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{8092152A-9DD6-467D-BD57-80294A1BFDC8}
[2012/07/01 22:29:37 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{BE30A25A-37BD-41E8-99A1-A37721B1D74A}
[2012/07/01 15:48:50 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{70F6032C-0E89-4C36-9E33-44E9E22CABE1}
[2012/07/01 15:48:38 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{F76952F3-B6D1-48FC-A121-D621CA6D8BFB}
[2012/07/01 15:48:24 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{0B74427D-7262-445B-83E5-25DF43484814}
[2012/07/01 15:48:12 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{004E4185-3A0D-4351-9C32-E6E341A2697B}
[2012/07/01 14:57:33 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
[2012/07/01 14:57:31 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\Paltalk
[2012/07/01 14:57:29 | 000,000,000 | ---D | C] -- C:\Windows\Paltalk Messenger
[2012/07/01 14:57:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paltalk Messenger
[2012/07/01 14:56:10 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\OpenCandy
[2012/07/01 14:56:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012/07/01 14:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012/07/01 14:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012/07/01 14:55:20 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Roaming\DVDVideoSoft
[2012/06/30 20:19:36 | 000,000,000 | ---D | C] -- C:\Users\Nub\Documents\OFX Presets
[2012/06/30 17:15:17 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{8ACA30BE-D70B-482B-A44A-8F5E0B28D23D}
[2012/06/30 17:15:05 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{87806DBA-938A-43DD-9BBE-21EE898978FB}
[2012/06/29 21:37:52 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{CA82AF2B-9C37-4B22-8324-DBCCAC9645CD}
[2012/06/29 21:37:41 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{68461492-C674-451C-BD7D-BC04D038B6C4}
[2012/06/29 18:52:13 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{F170443B-3CED-4627-B4EC-9A33B583B832}
[2012/06/29 18:52:01 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{62D8FDF5-BFC8-4771-8A6D-4F05281E36F1}
[2012/06/29 18:50:40 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\trailer
[2012/06/29 18:45:32 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\Euro Truck Sim Videos
[2012/06/29 18:27:24 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\brushes
[2012/06/29 11:28:23 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\img edit
[2012/06/28 21:36:40 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{285DBC9F-3D5D-4996-B34A-FC5851D9ECDD}
[2012/06/28 21:36:22 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{97A81B65-09C0-4AA2-BB00-B6EB8F73E023}
[2012/06/28 21:36:04 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{DE913867-D4FC-4C7D-92F6-3D0E5433FC81}
[2012/06/28 21:35:52 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{2F2D288D-400F-4A66-ABD8-791A35126EA3}
[2012/06/28 21:35:31 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{841C0526-F7B7-47B7-8CD6-D39D2BBEAC3F}
[2012/06/28 21:35:20 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{787C32E8-1A12-4C70-8033-044FEB4897FB}
[2012/06/28 21:04:05 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\CokeZero Truck
[2012/06/28 20:54:29 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\;kfhwuoiehfoiqhfuowehfiwdoufhqiofdioshfuohofijqoiufhqouifjoq
[2012/06/28 20:32:12 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\truck
[2012/06/28 17:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\18 WoS Extreme Trucker 2
[2012/06/28 17:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\18 WoS Extreme Trucker 2
[2012/06/28 17:35:53 | 000,000,000 | ---D | C] -- C:\Users\Nub\Documents\18 WoS Extreme Trucker 2
[2012/06/28 00:06:20 | 000,000,000 | ---D | C] -- C:\Users\Nub\Documents\Bus Driver
[2012/06/28 00:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bus Driver
[2012/06/28 00:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bus Driver
[2012/06/26 22:35:22 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{AE504E55-626A-4A66-95E8-3E2B17936476}
[2012/06/26 22:35:10 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{BA411AB5-1C8F-49CB-BA09-BABD0A5EA389}
[2012/06/26 22:05:59 | 000,000,000 | ---D | C] -- C:\Users\Nub\Desktop\vehicle
[2012/06/26 15:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2012/06/26 15:52:11 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{2E0ADA97-1AF7-463D-938B-5FC897129762}
[2012/06/26 15:51:48 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{A2514F1C-7C5B-4887-9F9E-E20191C3F2BD}
[2012/06/26 09:24:33 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{2DA1A3FB-F9D7-4DE9-9E05-83A2BF551262}
[2012/06/26 09:24:22 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{377AAE4B-67E1-44EE-B0D9-90B1BCD9A11B}
[2012/06/25 21:52:25 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{0550D5FD-4413-4348-B51B-9D52D194B24B}
[2012/06/25 21:52:13 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{AB85C986-847C-4593-A1DC-DC5E1D68888B}
[2012/06/25 13:29:59 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{5A8B302C-91D6-40D1-B227-1C59383706C6}
[2012/06/25 13:29:41 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{9F386A97-93D3-4D5C-8B49-A00DFAFDACBA}
[2012/06/24 23:48:35 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{B09F9454-4A27-45C7-A7B9-EA96335A54E4}
[2012/06/24 23:48:23 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{A4CDFE8C-7763-4B93-9089-D08B2ACA7CBE}
[2012/06/24 13:50:35 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{EB89407F-D209-4B81-AABE-F8A9E5C39C86}
[2012/06/24 13:50:25 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{F62533E9-86DE-4B73-B5C3-394F6D4FF19C}
[2012/06/24 13:50:12 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{B5E6F3A9-84C4-4740-8C3C-A14436AAEFE2}
[2012/06/24 13:50:00 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{ADEF3284-3215-47FD-9DE6-C8F12D30014B}
[2012/06/22 20:25:39 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{6785C491-2B47-46B0-AF9D-032E87654117}
[2012/06/22 20:25:27 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{92EF7E11-AB94-4415-9F2B-524C6621D450}
[2012/06/22 20:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\NeO IRC 1.7
[2012/06/22 10:46:25 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{DB48324A-34DE-445F-BFC4-887CF5D84BC3}
[2012/06/22 10:46:05 | 000,000,000 | ---D | C] -- C:\Users\Nub\AppData\Local\{2B2218A3-D528-4459-9CA6-307FF2A7409A}

========== Files - Modified Within 30 Days ==========

[2012/07/21 22:03:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/21 22:03:08 | 1741,275,135 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/21 21:57:17 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/21 21:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/21 21:40:41 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 21:40:41 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 21:32:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/21 21:06:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/21 20:08:26 | 000,000,512 | ---- | M] () -- C:\Users\Nub\Documents\MBR.dat
[2012/07/21 18:43:40 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2012/07/21 18:43:20 | 001,666,808 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/07/19 19:18:28 | 355,892,192 | ---- | M] () -- C:\Users\Nub\Desktop\Open this.zip
[2012/07/19 19:15:09 | 000,000,022 | ---- | M] () -- C:\Users\Nub\Desktop\New WinRAR ZIP archive (2).zip
[2012/07/19 18:17:14 | 000,006,776 | ---- | M] () -- C:\Users\Nub\Desktop\austrian edition logo.bmp
[2012/07/19 18:17:14 | 000,000,132 | ---- | M] () -- C:\Users\Nub\AppData\Roaming\Adobe BMP Format CS6 Prefs
[2012/07/19 17:57:50 | 000,006,776 | ---- | M] () -- C:\Users\Nub\Desktop\cgqzfx8b.bmp
[2012/07/19 17:45:56 | 358,310,691 | ---- | M] () -- C:\Users\Nub\Desktop\GTS_1.32_8.0 (2).scs
[2012/07/19 17:45:40 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Smart Install Maker.lnk
[2012/07/19 15:55:53 | 000,006,216 | ---- | M] () -- C:\Users\Nub\Desktop\Austrian edition.m2t.sfk
[2012/07/19 15:55:45 | 000,136,030 | ---- | M] () -- C:\Users\Nub\Desktop\YouTube Logo.jpg
[2012/07/19 15:45:30 | 717,645,444 | ---- | M] () -- C:\Users\Nub\Desktop\German Truck Simulator Austrian edition.m2t
[2012/07/19 15:45:30 | 000,000,214 | ---- | M] () -- C:\Users\Nub\Desktop\German Truck Simulator Austrian edition.m2t.sfl
[2012/07/19 15:31:48 | 009,754,568 | ---- | M] () -- C:\Users\Nub\Desktop\Austrian edition end.m2t
[2012/07/19 15:31:48 | 000,000,206 | ---- | M] () -- C:\Users\Nub\Desktop\Austrian edition end.m2t.sfl
[2012/07/19 13:36:54 | 010,564,472 | ---- | M] () -- C:\Users\Nub\Desktop\Austrian edition.m2t
[2012/07/19 13:36:54 | 000,000,190 | ---- | M] () -- C:\Users\Nub\Desktop\Austrian edition.m2t.sfl
[2012/07/19 13:33:13 | 000,026,749 | ---- | M] () -- C:\Users\Nub\Desktop\MMM.rar
[2012/07/18 18:01:24 | 000,111,296 | ---- | M] () -- C:\Users\Nub\Desktop\sampvlog.veg
[2012/07/18 17:15:33 | 000,154,368 | ---- | M] () -- C:\Users\Nub\Desktop\sampvlog.veg.bak
[2012/07/17 18:06:09 | 1576,871,159 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/16 22:37:55 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/16 22:28:44 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\RegistryNuke 2012.lnk
[2012/07/16 22:11:26 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nub\Desktop\TDSSKiller.exe
[2012/07/15 22:36:34 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/15 22:36:34 | 000,001,117 | ---- | M] () -- C:\Users\Nub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Malware.lnk
[2012/07/15 20:36:26 | 000,002,279 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/07/15 18:19:03 | 087,155,672 | ---- | M] () -- C:\Users\Nub\Desktop\LIVE - KILLING NEO_RAMEN OBAMA! EXECLUSIVE.m2t
[2012/07/15 18:19:03 | 000,000,216 | ---- | M] () -- C:\Users\Nub\Desktop\LIVE - KILLING NEO_RAMEN OBAMA! EXECLUSIVE.m2t.sfl
[2012/07/15 16:55:43 | 000,160,488 | ---- | M] () -- C:\Users\Nub\Desktop\Must Persevere (Full version).mp3.sfk
[2012/07/15 16:55:35 | 004,677,678 | ---- | M] () -- C:\Users\Nub\Desktop\Must Persevere (Full version).mp3
[2012/07/15 16:41:32 | 000,296,544 | ---- | M] () -- C:\Users\Nub\Desktop\Untitled.mp3
[2012/07/15 16:39:09 | 032,084,080 | ---- | M] () -- C:\Users\Nub\Desktop\Untitled.m2t
[2012/07/15 16:39:09 | 000,000,190 | ---- | M] () -- C:\Users\Nub\Desktop\Untitled.m2t.sfl
[2012/07/15 10:57:11 | 000,001,383 | ---- | M] () -- C:\Users\Nub\Desktop\German Truck Simulator.lnk
[2012/07/15 10:54:08 | 000,001,379 | ---- | M] () -- C:\Users\Public\Desktop\German Truck Simulator.lnk
[2012/07/15 00:12:18 | 169,472,222 | ---- | M] () -- C:\Users\Nub\Desktop\POLSKAOpen.zip
[2012/07/15 00:10:56 | 171,498,097 | ---- | M] () -- C:\Users\Nub\Desktop\POLSKAOpen.scs
[2012/07/15 00:08:52 | 000,000,020 | ---- | M] () -- C:\Users\Nub\Desktop\POLSKA.rar
[2012/07/14 20:22:46 | 001,076,480 | R--- | M] () -- C:\Users\Nub\Desktop\Trial_Reset_3.3.rar
[2012/07/14 16:16:12 | 678,168,446 | ---- | M] () -- C:\Users\Nub\Desktop\ETS_1.3_Mega-Mix-Map-5 (2).zip
[2012/07/14 16:14:21 | 000,000,020 | ---- | M] () -- C:\Users\Nub\Desktop\New WinRAR archive.rar
[2012/07/14 16:13:41 | 680,293,139 | ---- | M] () -- C:\Users\Nub\Desktop\ETS_1.3_Mega-Mix-Map-5 (2).scs
[2012/07/14 16:04:55 | 000,000,022 | ---- | M] () -- C:\Users\Nub\Desktop\MMM1.zip
[2012/07/13 13:10:22 | 000,090,838 | ---- | M] () -- C:\Users\Nub\Desktop\before and after to color.jpg
[2012/07/13 12:06:10 | 1601,221,944 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator London Manchester Cheese.m2t
[2012/07/13 12:06:09 | 000,000,220 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator London Manchester Cheese.m2t.sfl
[2012/07/13 10:57:51 | 000,090,838 | ---- | M] () -- C:\Users\Nub\Desktop\before and after color.jpg
[2012/07/13 10:55:37 | 000,369,216 | ---- | M] () -- C:\Users\Nub\Desktop\colored portrait 2.jpg
[2012/07/12 18:08:04 | 000,892,433 | ---- | M] () -- C:\Users\Nub\Desktop\color fixed.jpg
[2012/07/12 17:25:35 | 000,886,121 | ---- | M] () -- C:\Users\Nub\Desktop\colored portrait.jpg
[2012/07/12 17:25:14 | 000,468,121 | ---- | M] () -- C:\Users\Nub\Desktop\restored guy.jpg
[2012/07/12 11:54:36 | 000,112,059 | ---- | M] () -- C:\Users\Nub\Desktop\before and after portrait.jpg
[2012/07/12 11:52:11 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Pro 11.0 (64-bit).lnk
[2012/07/12 11:43:51 | 000,686,055 | ---- | M] () -- C:\Users\Nub\Desktop\restored portrait 1.jpg
[2012/07/12 11:07:38 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk
[2012/07/12 10:47:52 | 000,297,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 22:37:38 | 000,098,953 | ---- | M] () -- C:\Users\Nub\Desktop\slide0023_image204.jpg
[2012/07/11 20:40:56 | 000,090,029 | ---- | M] () -- C:\Users\Nub\Desktop\before and after.jpg
[2012/07/11 20:36:47 | 000,360,094 | ---- | M] () -- C:\Users\Nub\Desktop\restored portrait.jpg
[2012/07/11 19:45:02 | 003,340,268 | ---- | M] () -- C:\Users\Nub\Desktop\Till Tomorrow Underscore.mp3
[2012/07/11 15:35:39 | 000,126,573 | ---- | M] () -- C:\Users\Nub\Desktop\beforeman.jpg
[2012/07/11 14:35:18 | 000,150,351 | ---- | M] () -- C:\Users\Nub\Desktop\Portrait restoration.jpg
[2012/07/11 14:28:58 | 001,124,275 | ---- | M] () -- C:\Users\Nub\Desktop\before.png
[2012/07/11 14:28:52 | 000,000,132 | ---- | M] () -- C:\Users\Nub\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/07/11 14:28:33 | 002,057,427 | ---- | M] () -- C:\Users\Nub\Desktop\after.png
[2012/07/11 14:16:35 | 3955,478,264 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Berne London Yoghurt.m2t
[2012/07/11 14:16:35 | 000,000,216 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Berne London Yoghurt.m2t.sfl
[2012/07/11 12:44:11 | 000,060,589 | ---- | M] () -- C:\Users\Nub\Desktop\Portrait color.jpg
[2012/07/11 12:42:50 | 000,020,500 | ---- | M] () -- C:\Users\Nub\Desktop\Portrait-French.jpg
[2012/07/11 12:06:27 | 000,272,586 | ---- | M] () -- C:\Users\Nub\Desktop\retouch_project4_4_10+004.jpg
[2012/07/11 12:06:21 | 000,721,276 | ---- | M] () -- C:\Users\Nub\Desktop\Family - restored.jpg
[2012/07/10 22:01:24 | 000,078,365 | ---- | M] () -- C:\Users\Nub\Desktop\After.jpg
[2012/07/10 22:01:06 | 000,070,151 | ---- | M] () -- C:\Users\Nub\Desktop\Before.jpg
[2012/07/10 21:17:25 | 000,938,104 | ---- | M] () -- C:\Users\Nub\Desktop\Restored.jpg
[2012/07/10 19:38:17 | 000,229,470 | ---- | M] () -- C:\Users\Nub\Desktop\CincinnatiMen.jpg
[2012/07/10 17:06:15 | 001,324,916 | ---- | M] () -- C:\Users\Nub\Desktop\rocky beach after.jpg
[2012/07/10 17:05:17 | 002,237,967 | ---- | M] () -- C:\Users\Nub\Desktop\colored.png
[2012/07/10 17:05:17 | 000,981,264 | ---- | M] () -- C:\Users\Nub\Desktop\rocky beach before.jpg
[2012/07/10 15:37:26 | 000,002,030 | ---- | M] () -- C:\Users\Nub\Desktop\mercedes_actros_interior_std.sii
[2012/07/10 15:10:27 | 002,170,584 | ---- | M] () -- C:\Users\Nub\Desktop\Color.jpg
[2012/07/10 14:22:42 | 000,350,455 | ---- | M] () -- C:\Users\Nub\Desktop\OldMotorCar.jpg
[2012/07/10 13:57:42 | 000,417,171 | ---- | M] () -- C:\Users\Nub\Desktop\sar1.png
[2012/07/10 13:57:31 | 001,954,670 | ---- | M] () -- C:\Users\Nub\Desktop\sar1.psd
[2012/07/10 13:50:26 | 000,064,657 | ---- | M] () -- C:\Users\Nub\Desktop\sar6.jpg
[2012/07/10 12:53:27 | 000,790,990 | ---- | M] () -- C:\Users\Nub\Desktop\do this later.psd
[2012/07/10 12:51:31 | 000,244,919 | ---- | M] () -- C:\Users\Nub\Desktop\gang.png
[2012/07/09 19:50:34 | 000,000,220 | ---- | M] () -- C:\Users\Nub\Desktop\FlatOut 2.url
[2012/07/09 17:27:05 | 000,807,246 | ---- | M] () -- C:\Users\Nub\Desktop\BLUE CAT.jpg
[2012/07/08 22:15:51 | 002,318,860 | ---- | M] () -- C:\Users\Nub\Desktop\Singapura Cat.psd
[2012/07/08 18:10:44 | 000,160,627 | ---- | M] () -- C:\Users\Nub\Desktop\Singapura Cat.jpg
[2012/07/08 18:09:12 | 000,000,112 | -H-- | M] () -- C:\39BD22373E07
[2012/07/08 18:09:12 | 000,000,040 | -H-- | M] () -- C:\BDAB4FE99C75
[2012/07/08 17:32:56 | 000,878,095 | ---- | M] () -- C:\Users\Nub\Desktop\142853951AP125_The_Raven_Ne.jpg
[2012/07/08 17:29:07 | 001,019,697 | ---- | M] () -- C:\Users\Nub\Desktop\President_Official_Portrait_HiRes.jpg
[2012/07/08 15:15:37 | 2165,417,276 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Barcelona Lyon Apples.m2t
[2012/07/08 15:15:37 | 000,000,218 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Barcelona Lyon Apples.m2t.sfl
[2012/07/06 20:35:07 | 001,572,918 | ---- | M] () -- C:\Users\Nub\Desktop\euroacres.bmp
[2012/07/06 18:19:27 | 2719,026,516 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Bordeaux Barcelona Tommatoes.m2t
[2012/07/06 18:19:27 | 000,000,224 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Bordeaux Barcelona Tommatoes.m2t.sfl
[2012/07/06 18:02:23 | 000,000,198 | ---- | M] () -- C:\Users\Nub\Desktop\First person driving mod.m2t.sfl
[2012/07/06 10:55:32 | 000,013,230 | ---- | M] () -- C:\Users\Nub\Desktop\Shady.PNG
[2012/07/06 10:55:15 | 000,012,726 | ---- | M] () -- C:\Users\Nub\Desktop\Scar.PNG
[2012/07/05 20:54:06 | 000,000,022 | ---- | M] () -- C:\Users\Nub\Desktop\New WinRAR ZIP archive.zip
[2012/07/05 18:46:34 | 000,172,098 | ---- | M] () -- C:\torrent.exe
[2012/07/05 17:54:48 | 001,043,253 | ---- | M] () -- C:\Users\Nub\Desktop\Done.png
[2012/07/05 17:54:43 | 000,000,132 | ---- | M] () -- C:\Users\Nub\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/07/05 17:54:39 | 004,191,177 | ---- | M] () -- C:\Users\Nub\Desktop\Done.psd
[2012/07/05 17:11:27 | 003,970,129 | ---- | M] () -- C:\Users\Nub\Desktop\ALmost done.psd
[2012/07/05 14:47:13 | 000,453,502 | ---- | M] () -- C:\Users\Nub\Desktop\EFOQKC.psd
[2012/07/04 22:04:21 | 000,039,654 | ---- | M] () -- C:\Users\Nub\Desktop\truck up2.png
[2012/07/04 22:02:42 | 000,037,145 | ---- | M] () -- C:\Users\Nub\Desktop\truck up1.png
[2012/07/04 21:33:09 | 001,572,918 | ---- | M] () -- C:\Users\Nub\Desktop\eurogoodies.bmp
[2012/07/04 19:14:30 | 000,699,216 | ---- | M] () -- C:\Users\Nub\Desktop\euroacres.dds
[2012/07/04 19:14:13 | 000,257,769 | ---- | M] () -- C:\Users\Nub\Desktop\euroacres.png
[2012/07/04 15:14:20 | 000,137,822 | ---- | M] () -- C:\Users\Nub\Desktop\agbacon acres trailer mod.scs
[2012/07/04 15:08:09 | 000,013,539 | ---- | M] () -- C:\Users\Nub\Desktop\road-splits-sign-hi.png
[2012/07/04 14:58:46 | 000,012,218 | ---- | M] () -- C:\Users\Nub\Desktop\greentractor.jpg
[2012/07/04 14:39:20 | 000,027,596 | ---- | M] () -- C:\Users\Nub\Desktop\star.jpg
[2012/07/03 15:43:32 | 491,792,447 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Lyon Vienna Acid.m2t
[2012/07/03 15:43:31 | 000,000,212 | ---- | M] () -- C:\Users\Nub\Desktop\Euro Truck Simulator Lyon Vienna Acid.m2t.sfl
[2012/07/03 15:14:08 | 000,006,168 | ---- | M] () -- C:\Users\Nub\Desktop\Trucking with AgentBacon Intro .m2t.sfk
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/03 13:35:40 | 000,008,933 | ---- | M] () -- C:\Users\Nub\Desktop\ping.PNG
[2012/07/02 22:40:49 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Enemy Territory - QUAKE Wars(TM).lnk
[2012/07/02 22:40:43 | 000,000,328 | ---- | M] () -- C:\Windows\game.ini
[2012/07/02 20:20:07 | 010,448,664 | ---- | M] () -- C:\Users\Nub\Desktop\Trucking with AgentBacon Intro .m2t
[2012/07/02 20:20:07 | 000,000,204 | ---- | M] () -- C:\Users\Nub\Desktop\Trucking with AgentBacon Intro .m2t.sfl
[2012/07/02 20:10:23 | 000,033,005 | ---- | M] () -- C:\Users\Nub\Desktop\twab.png
[2012/07/02 19:53:40 | 000,071,959 | ---- | M] () -- C:\Users\Nub\Desktop\truckjpd.jpg
[2012/07/02 19:36:14 | 000,036,264 | ---- | M] () -- C:\Users\Nub\Desktop\truck up.png
[2012/07/02 19:30:52 | 000,035,752 | ---- | M] () -- C:\Users\Nub\Desktop\1254446789518345489tow-truck.svg.hi.png
[2012/07/02 19:27:56 | 000,046,005 | ---- | M] () -- C:\Users\Nub\Desktop\clipart_transport_552.jpg
[2012/07/02 12:38:30 | 000,000,740 | ---- | M] () -- C:\Users\Public\Desktop\iLivid.lnk