Infected with Trojan Dropper BC Miner

Offline · August 14, 2012

Hi,

I have run into a serious problem with this Trojan, i get re-directs and whatnot on my web browser and although Malwarebytes detects it and removes it, it comes back upon restart.

Here's the report from Malwarebytes, the DDS logs follow, would really appreciate it if someone could help, thanks.

======================================Malwarebytes Log=======================================

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.13.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Mo :: MO-PC [administrator]

14/08/2012 00:52:34

mbam-log-2012-08-14 (00-56-15).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 230394

Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\Windows\Installer\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\n (Rootkit.0Access) -> No action taken.

C:\Windows\Installer\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.

C:\Windows\Installer\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\U\000000cb.@ (Rootkit.0Access) -> No action taken.

C:\Windows\Installer\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\U\80000032.@ (Rootkit.0Access) -> No action taken.

(end)

======================================DDS.txt LOG============================================

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by Mo at 17:32:55 on 2012-08-13

Microsoft Windows 7 Enterprise 6.1.7600.1.1252.44.1033.18.8169.6269 [GMT 1:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Users\Mo\Desktop\Stuff\HWMonitor.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\system32\svchost.exe -k defragsvc

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://bl151w.blu151.mail.live.com/default.aspx#!/mail/InboxLight.aspx?n=1326901447

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = 71.10.214.28:3128

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

LSP: mswsock.dll

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{44610BD0-9D6A-4157-BA7C-F1EA3B38373E} : DhcpNameServer = 194.168.4.100 194.168.8.100

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO-X64: IESpeakDoc - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Mo\AppData\Roaming\Mozilla\Firefox\Profiles\f1um2avb.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

.

============= SERVICES / DRIVERS ===============

.

P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-1-11 8704]

R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\system32\Drivers\BtHidBus.sys --> C:\Windows\system32\Drivers\BtHidBus.sys [?]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]

R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

R3 cmudaxp;ASUS Xonar DG Audio Interface;C:\Windows\system32\drivers\cmudaxp.sys --> C:\Windows\system32\drivers\cmudaxp.sys [?]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-14 136176]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]

S3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\system32\Drivers\btnetBus.sys --> C:\Windows\system32\Drivers\btnetBus.sys [?]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;D:\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [2011-8-11 25832]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 GS In-Game Service;GS In-Game Service;C:\Program Files (x86)\GameTracker\GSInGameService.exe [2011-4-29 1677096]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-14 136176]

S3 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]

S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\system32\Drivers\IvtBtBus.sys --> C:\Windows\system32\Drivers\IvtBtBus.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]

S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]

S3 RadeonPro Support Service;RadeonPro Support Service;C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [2011-7-1 12800]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]

S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2011-12-24 751464]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

.

=============== Created Last 30 ================

.

2012-08-07 00:28:31 -------- d--h--w- C:\ProgramData\Common Files

2012-08-07 00:28:31 -------- d-----w- C:\ProgramData\MFAData

2012-08-07 00:20:32 328704 ----a-w- C:\Windows\System32\services.exe.AB232190785A8F2F

2012-08-07 00:17:21 328704 ----a-w- C:\Windows\System32\services.exe.5D022277278D6DA1

2012-08-07 00:10:45 328704 ----a-w- C:\Windows\System32\services.exe.BD196A85A2A068E7

2012-08-07 00:09:55 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C4239B0-2063-4368-9E3D-3D4E35F2B39F}\mpengine.dll

2012-08-07 00:08:53 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-07 00:08:48 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-08-05 17:31:59 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-31 15:43:13 -------- d-----w- C:\Users\Mo\AppData\Roaming\PowerUp Software

2012-07-31 15:43:01 -------- d-----w- C:\ProgramData\PowerUp Software

2012-07-31 15:40:47 724992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll

2012-07-31 15:40:47 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll

2012-07-31 15:40:47 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe

2012-07-31 15:40:47 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll

2012-07-31 15:40:47 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll

2012-07-31 15:40:47 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll

2012-07-31 15:40:47 184452 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll

2012-07-29 00:25:26 73728 ----a-r- C:\Users\Mo\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe

2012-07-29 00:25:26 73728 ----a-r- C:\Users\Mo\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe

2012-07-29 00:25:26 53248 ----a-r- C:\Users\Mo\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe

2012-07-29 00:25:26 49152 ----a-r- C:\Users\Mo\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe

2012-07-29 00:25:26 49152 ----a-r- C:\Users\Mo\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe

2012-07-29 00:25:25 -------- d-----w- C:\Users\Mo\AppData\Local\Nokia

2012-07-29 00:06:21 -------- d-----w- C:\Program Files (x86)\Common Files\PCSuite

2012-07-29 00:06:21 -------- d-----w- C:\Program Files (x86)\Common Files\Nokia

2012-07-29 00:06:13 -------- d-----w- C:\Program Files (x86)\PC Connectivity Solution

2012-07-29 00:05:59 -------- d-----w- C:\Program Files (x86)\Nokia

2012-07-28 23:34:22 -------- d-----w- C:\Program Files (x86)\Microsoft XNA

2012-07-27 14:56:40 -------- d-----w- C:\download

2012-07-27 14:52:37 -------- d-----w- C:\tempvideo

2012-07-25 14:33:02 -------- d-----w- C:\Program Files (x86)\KONAMI

.

==================== Find3M ====================

.

2012-08-13 08:03:23 119296 ----a-w- C:\Windows\SysWow64\zlib.dll

2012-08-07 00:23:28 328704 ----a-w- C:\Windows\System32\services.exe

2012-08-05 17:42:38 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-05 17:42:38 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-27 14:39:10 17408 ----a-w- C:\psapi.dll

2012-07-13 14:19:44 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-07-13 14:19:44 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-07-13 14:14:19 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-06-16 14:29:16 0 ----a-w- C:\Windows\ativpsrm.bin

2012-06-11 10:33:48 2152176 ----a-w- C:\Windows\System32\WUDFUpdate_01009.dll

2012-06-11 10:33:46 759296 ----a-w- C:\Windows\System32\drivers\UMDF\PCCSWpdDriver.dll

2012-06-11 10:33:46 26112 ----a-w- C:\Windows\System32\drivers\pccsmcfdx64.sys

2012-06-04 13:52:20 18432 ------w- C:\Windows\SysWow64\AVC_JPEG.dll

2012-06-04 13:52:10 176128 ------w- C:\Windows\SysWow64\AVC_MPEG4.dll

2012-06-04 13:52:06 176128 ------w- C:\Windows\SysWow64\AVC_H264.dll

2012-06-04 13:30:02 809491 ------w- C:\Windows\SysWow64\avcodec-52.84.800.dll

2012-06-04 13:30:02 70675 ------w- C:\Windows\SysWow64\avutil-50.22.800.dll

2012-06-04 13:30:02 159251 ------w- C:\Windows\SysWow64\swscale-0.11.800.dll

2012-06-04 13:30:00 87040 ------w- C:\Windows\SysWow64\avformat-52.74.800.dll

2012-06-04 13:25:50 65447 ------w- C:\Windows\SysWow64\pthreadGC2.800.dll

2012-05-31 11:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-05-23 14:32:58 286720 ------w- C:\Windows\SysWow64\AVC_PB.dll

2012-05-17 12:53:02 987136 ------w- C:\Windows\SysWow64\AVC_LIVE.dll

2012-05-15 21:31:18 772552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

.

============= FINISH: 17:33:14.24 ===============

======================================Attach.txt Log================================================

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Enterprise

Boot Device: \Device\HarddiskVolume1

Install Date: 21/06/2011 13:23:13

System Uptime: 13/08/2012 17:21:37 (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P8P67 PRO

Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 491.953 GiB free.

D: is FIXED (NTFS) - 932 GiB total, 426.536 GiB free.

Z: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Universal Serial Bus (USB) Controller

Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&DDEC341&0&00E1

Manufacturer:

Name: Universal Serial Bus (USB) Controller

PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&DDEC341&0&00E1

Service:

.

Class GUID:

Description: Universal Serial Bus (USB) Controller

Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&108ABD8A&0&00E4

Manufacturer:

Name: Universal Serial Bus (USB) Controller

PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_04\4&108ABD8A&0&00E4

Service:

.

==== System Restore Points ===================

.

RP468: 02/08/2012 01:23:29 - Scheduled Checkpoint

RP469: 07/08/2012 01:30:56 - Installed AVG 2012

RP470: 07/08/2012 01:31:12 - Installed AVG 2012

RP471: 07/08/2012 04:34:21 - Removed AVG 2012

RP472: 07/08/2012 04:35:19 - Removed AVG 2012

.

==== Installed Programs ======================

.

Activision®

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Photoshop CS5

Adobe Reader X (10.1.1)

Alt.Binz 0.25.0

ANNO 2070

Apple Application Support

Apple Software Update

Application Profiles

Assassin's Creed Revelations

µTorrent

Bang Bang Racing Demo

Bastion

Batman: Arkham Asylum

Battlefield 3™

Battlefield 3™ Open Beta

Battlelog Web Plugins

BioShock

BlackFire's Mod 2

Blur

Blur™

Borderlands

Bulletstorm

Call of Duty® 4 - Modern Warfare™

Call of Duty: Black Ops

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cheat Engine 6.1

CoreAVC Professional Edition (remove only)

Costume Quest © Double Fine Productions version 1

Crysis

Crysis Modification - Mster Config v3.01

Crysis WARHEAD®

Crysis®

Crysis® 2

D3DX10

DAEMON Tools Lite

DarkSiders version 1.0

Data Lifeguard Diagnostic for Windows 1.24

Dead Rising 2

Dead Space™

Dear Esther

Deus Ex Human Revolution

Deus Ex Human Revolution - The Missing Link

DEVIL MAY CRY 4

DiRT 3

DiRT2

Driver San Francisco

Driver Sweeper version 3.1.0

ESN Sonar

Evochron Mercenary

F1 2010

F1 2011

Fallout 3

FIFA 11 Demo

FIFA 12

Flobo Hard Disk Repair 4.1

Fraps (remove only)

Full Spectrum Warrior (remove only)

FXAA Post Process Injector

GameSpy Arcade

GameSpy Comrade

GameTracker Lite

Garry's Mod

Geeks3D.com FurMark 1.10.0

Google Earth

Google Update Helper

Grand Theft Auto

Grand Theft Auto 2

Grand Theft Auto IV

Grand Theft Auto: San Andreas

Grand Theft Auto: Vice City

GRID

Hard Reset

Hi-Rez Studios Authenticate and Update Service

HydraVision

ImgBurn

Intel® Management Engine Components

Jasc Animation Shop 3

Java Auto Updater

Java™ 7 Update 4

JavaFX 2.1.0

JDownloader 0.9

JMicron JMB36X Driver

Kingdoms of Amalur Reckoning

LIMBO

Mafia II DLC Joe's Adventures

marvell 91xx driver

Media Player Classic - Home Cinema v1.5.0.2827

Medieval CUE Splitter

Microsoft Flight Simulator X

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Halo

Microsoft Halo Trial

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 3.1

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mirrors Edge version 1.0

mkv2vob

Morphyre

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSI Afterburner 2.1.0

MSVC90_x86

MSVCRT

MSXML 4.0 SP2 Parser and SDK

MSXML 4.0 SP3 Parser

NBA 2K12

Need for Speed™ Hot Pursuit

Need for Speed: Hot Pursuit

Need for Speed™ The Run

Nitronic Rush (2011-12-25) version 20111225.0

Nokia Connectivity Cable Driver

Nokia PC Suite

Nokia Software Updater

Notepad++

NVIDIA PhysX

OCCT Perestroika 3.1.0

OpenAL

Orcs Must Die!

Origin

OwlboyDemo

Payday The Heist © OVERKILL Software version 1

PAYDAY: The Heist

PC Connectivity Solution

PDF Settings CS5

Pinnacle Game Profiler

Prince of Persia

Pro Evolution Soccer 2011

Pro Evolution Soccer 2013 DEMO

Project CARS

PunkBuster Services

Pure

QuickPar 0.9

QuickTime

Race Injection

RadeonPro 1.0 (Build 1.1.0.6)

Rage

Rapture3D 2.3.22 Game

Red Faction Armageddon

RESIDENT EVIL 5

Rockstar Games Social Club

RollerCoaster Tycoon 3 Demo

RollerCoaster Tycoon 3 Platinum

Saints Row The Third

Sapphire TRIXX

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Serious Sam HD The First Encounter

SHIFT 2 UNLEASHED™

ShiftWindow 1.02

Sid Meier's Civilization V - Demo

Skype Click to Call

Skype™ 5.8

SOL Exodus

Sonic Generations

SopCast 3.4.0

Spec Ops The Line

Spec Ops: The Line Demo

Steam

Super Street Fighter IV: Arcade Edition

swMSM

Sword of the Stars II Lords of Winter

The Darkness II

The Darkness II Demo

The Longest Journey

The Witcher 2

Tom Clancy's Splinter Cell Conviction

Total War: SHOGUN 2

Transformers: War for Cybertron

Tribes Ascend Closed Beta

Trine 2

Tron: Evolution

Tunngle beta

Two Worlds II

UBCD4Win 3.60

Ubisoft Game Launcher

Video Viewer

Visual Studio 2008 x64 Redistributables

VLC media player 1.1.11

Warhammer 40000 Space Marine

Win7codecs

WinAVI All in One Converter

Windows 7 USB/DVD Download Tool

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

x264vfw - H.264/MPEG-4 AVC codec (remove only)

Xvid Video Codec

YTD YouTube Downloader & Converter 3.6

.

==== Event Viewer Messages From Past Week ========

.

13/08/2012 17:22:15, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

13/08/2012 17:22:15, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

13/08/2012 17:22:06, Error: Service Control Manager [7034] - The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).

13/08/2012 17:21:58, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

13/08/2012 17:21:56, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

13/08/2012 17:21:54, Error: Service Control Manager [7023] - The Diagnostic Policy Service service terminated with the following error: Access is denied.

13/08/2012 17:21:54, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

13/08/2012 00:10:14, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.

13/08/2012 00:10:14, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.

13/08/2012 00:09:55, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

12/08/2012 21:21:12, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.

12/08/2012 21:21:12, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.

12/08/2012 21:20:53, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

12/08/2012 19:48:41, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.

12/08/2012 19:48:41, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.

12/08/2012 19:48:22, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

12/08/2012 18:06:37, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.

12/08/2012 18:06:37, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.

12/08/2012 18:06:18, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

12/08/2012 15:01:52, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.

12/08/2012 15:01:52, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.

12/08/2012 15:01:33, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

12/08/2012 09:32:00, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

11/08/2012 21:26:46, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

11/08/2012 20:15:38, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

11/08/2012 17:01:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

11/08/2012 02:34:07, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

10/08/2012 21:25:29, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

10/08/2012 17:43:26, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

10/08/2012 15:10:01, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

10/08/2012 13:31:30, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

10/08/2012 00:21:00, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

09/08/2012 21:27:42, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

09/08/2012 17:28:06, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

08/08/2012 23:57:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

08/08/2012 21:29:22, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

08/08/2012 19:45:23, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

08/08/2012 18:40:46, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

08/08/2012 04:34:14, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

07/08/2012 01:10:32, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

07/08/2012 01:10:24, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

07/08/2012 01:10:18, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1502.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

07/08/2012 01:09:45, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.829.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

.

==== End Of File ===========================

MrCharlie · August 14, 2012

Welcome to the forum.

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against the forums policy:

http://forums.malwar...showtopic=97700

----------------------------------------

Then........

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Offline · August 14, 2012

Hi, thanks for the reply and tips, the report is as follows:

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 Service Pack 1) 64 bits version

Started in : Normal mode

User: Mo [Admin rights]

Mode: Scan -- Date: 08/14/2012 01:14:33

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 8 ¤¤¤

[sUSP PATH] {C97E825C-5B4B-4E5D-BBD0-48AB1B4E10D6}.job @ : C:\Users\Mo\Desktop\SBReV.exe -> FOUND

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (71.10.214.28:3128) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Mo\AppData\Local\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\n.) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\L --> FOUND

[ZeroAccess][FILE] n : c:\users\mo\appdata\local\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\n --> FOUND

[ZeroAccess][FILE] @ : c:\users\mo\appdata\local\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\mo\appdata\local\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\mo\appdata\local\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

[susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 mp01.maniaplanet.com

127.0.0.1 mp02.maniaplanet.com

127.0.0.1 mp03.maniaplanet.com

127.0.0.1 game.maniaplanet.com

127.0.0.1 files.maniaplanet.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103SJ ATA Device +++++

--- User ---

[MBR] 155b549055e269f8ecb153fd790ab9e8

[bSP] 720283765d64d1426a288595a9569cc3 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD103SJ ATA Device +++++

--- User ---

[MBR] a05539d0203d961ac86b57edf64b80a7

[bSP] 3e8f8fcd63eb37de1ea0b526960b88ab : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

MrCharlie · August 14, 2012

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.
BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451
When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063
I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.
Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.<-------

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]Now press the Search button
[*]When the search is complete, search.txt will also be written to your USB
[*]Type exit and reboot the computer normally
[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Offline · August 14, 2012

Hi, the logs are as follows:

Scan result of Farbar Recovery Scan Tool Version: 14-08-2012

Ran by SYSTEM at 14-08-2012 01:34:53

Running from G:\

Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKU\Sufiya\...\Run: [Windows System Devices Manager] c:\windows\csrss.exe [x]

HKU\Sufiya\...\Run: [Windows Login access] C:\Users\Sufiya\AppData\Roaming\win2flash.exe [x]

HKU\Sufiya\...\Run: [WindowsUpdate] C:\Users\Sufiya\AppData\Roaming\msconfig.exe [x]

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462920 2012-07-03] (Malwarebytes Corporation)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

==================== Services (Whitelisted) ======

3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)

2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [430080 2011-05-09] (PowerUp Software, LLC)

2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-02-20] ()

3 RadeonPro Support Service; "C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe" [12800 2011-02-09] (Mr. John aka japamd)

3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [751464 2011-12-12] (Tunngle.net GmbH)

3 DAUpdaterSvc; C:\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [x]

========================== Drivers (Whitelisted) =============

3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [279152 2010-10-27] (Atheros)

0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24456 2011-07-27] (IVT Corporation.)

3 btnetBUs; C:\Windows\System32\Drivers\btnetBUs.sys [30088 2010-04-06] ()

3 cmudaxp; C:\Windows\System32\Drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)

1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [279616 2011-12-23] (DT Soft Ltd)

3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBUs.sys [27016 2010-04-06] (IVT Corporation.)

4 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-12-23] (Duplex Secure Ltd.)

3 tap0901t; C:\Windows\System32\Drivers\tap0901t.sys [31232 2009-09-15] (Tunngle.net)

3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2012-01-09] (Nokia)

3 ALSysIO; \??\C:\Users\Mo\AppData\Local\Temp\ALSysIO64.sys [x]

3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [x]

3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [x]

3 BTCOMBUS; C:\Windows\System32\Drivers\btcombus.sys [x]

3 cpuz135; \??\C:\Users\Mo\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]

3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [x]

3 TRIXX; \??\C:\Users\Mo\AppData\Local\Temp\TRIXX.sys [x]

3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [x]

3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [x]

3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [x]

3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

3 WinRing0_1_2_0; \??\C:\Users\Mo\AppData\Local\Temp\Rar$EX31.160\WinRing0x64.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-13 16:22 - 2012-08-13 16:26 - 00002155 ____A C:\Users\Mo\Desktop\New Text Document (4).txt

2012-08-13 16:18 - 2012-08-13 16:18 - 00000082 ____A C:\Users\Mo\Desktop\Trojan Dropper BC Miner.URL

2012-08-13 16:14 - 2012-08-13 16:14 - 00003115 ____A C:\Users\Mo\Desktop\RKreport[1].txt

2012-08-13 16:12 - 2012-08-13 16:14 - 00000000 ____D C:\Users\Mo\Desktop\RK_Quarantine

2012-08-13 15:52 - 2012-08-13 15:52 - 00001131 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-08-13 15:52 - 2012-07-03 04:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-08-13 09:31 - 2012-08-13 09:48 - 00000286 ____A C:\Users\Mo\Desktop\Fish.txt

2012-08-13 08:38 - 2012-08-13 08:38 - 00037227 ____A C:\Users\Mo\Desktop\Attach.txt

2012-08-13 08:31 - 2012-08-13 08:31 - 00001156 ____A C:\Users\Mo\Desktop\checkup.txt

2012-08-13 08:29 - 2012-08-13 08:30 - 00000000 ____D C:\Users\Mo\Desktop\New folder (2)

2012-08-13 08:20 - 2012-08-13 08:20 - 00050477 ____A C:\Users\Mo\Desktop\Defogger.exe

2012-08-13 08:20 - 2012-08-13 08:20 - 00000576 ____A C:\Users\Mo\Desktop\defogger_disable.log

2012-08-13 08:20 - 2012-08-13 08:20 - 00000020 ____A C:\Users\Mo\defogger_reenable

2012-08-10 18:14 - 2012-08-10 18:14 - 32423679 ____A C:\Users\Mo\Desktop\Lake malawi south african cichlid fluval venezia corner aquarium fish tank_1.mp4

2012-08-10 12:59 - 2012-08-10 13:00 - 31314698 ____A C:\Users\Mo\Desktop\Lake malawi south african cichlid fluval venezia corner aquarium fish tank.mp4

2012-08-10 06:35 - 2012-08-10 06:35 - 00043922 ____A C:\Users\Mo\Desktop\payment-confirmation.html

2012-08-10 06:35 - 2012-08-10 06:35 - 00000000 ____D C:\Users\Mo\Desktop\payment-confirmation_files

2012-08-10 04:25 - 2012-08-10 04:31 - 00000040 ____A C:\Users\Mo\Desktop\New Text Document (2).txt

2012-08-07 15:59 - 2012-08-07 15:59 - 00000818 ____A C:\Users\Mo\Desktop\TES™V Skyrim.lnk

2012-08-07 08:57 - 2012-08-07 08:57 - 00000000 ____A C:\Users\Mo\Desktop\New Text Document.txt

2012-08-06 16:50 - 2012-08-06 16:51 - 00000000 ____D C:\Users\Mo\Documents\GTA Vice City User Files

2012-08-06 16:28 - 2012-08-06 19:35 - 00000000 ____D C:\Users\All Users\MFAData

2012-08-06 16:27 - 2012-08-06 16:27 - 00001270 ____A C:\Users\Mo\Desktop\shutdown.lnk

2012-08-06 16:26 - 2012-08-06 16:27 - 00001270 ____A C:\Users\Sufiya\Desktop\shutdown.lnk

2012-08-06 16:26 - 2012-08-06 16:26 - 00000000 ____D C:\Users\Sufiya\AppData\Roaming\Malwarebytes

2012-08-06 16:20 - 2012-08-06 16:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AB232190785A8F2F

2012-08-06 16:17 - 2012-08-06 16:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D022277278D6DA1

2012-08-06 16:10 - 2012-08-06 16:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BD196A85A2A068E7

2012-08-06 16:08 - 2012-08-06 16:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2012-08-05 09:31 - 2012-08-05 09:31 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-08-04 09:25 - 2012-08-04 09:25 - 00180109 ____A C:\Users\Mo\Desktop\Opethfeldt_ENB_v6_02-18941-6-02.rar

2012-08-01 15:51 - 2012-08-02 16:48 - 1096246298 ____A C:\Users\Mo\Downloads\X-Art - Happy Couple - Kristen [1080p].mov

2012-08-01 09:23 - 2012-08-01 09:23 - 08071432 ___RA C:\Users\Mo\Desktop\Opera_Mobile_12.00.sis

2012-07-31 07:45 - 2012-04-14 13:52 - 00033000 ____A C:\Users\Mo\Desktop\Grand Theft Auto III & VC.pin

2012-07-31 07:43 - 2012-07-31 07:43 - 00000000 ____D C:\Users\Mo\AppData\Roaming\PowerUp Software

2012-07-31 07:43 - 2012-07-31 07:43 - 00000000 ____D C:\Users\All Users\PowerUp Software

2012-07-31 07:41 - 2012-08-13 15:43 - 00119296 ____A C:\Windows\SysWOW64\zlib.dll

2012-07-31 07:41 - 2012-07-31 07:41 - 00909921 ___RA C:\Users\Mo\Desktop\GTA III & VC.zip

2012-07-31 07:41 - 2012-07-31 07:41 - 00002132 ____A C:\Users\Public\Desktop\Pinnacle Game Profiler.lnk

2012-07-31 07:41 - 2012-07-31 07:41 - 00000000 ____D C:\Program Files (x86)\PowerUp Software

2012-07-31 07:41 - 2008-04-13 11:11 - 00619008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dx7vb.dll

2012-07-31 07:41 - 2008-01-13 11:59 - 00036864 ____A C:\Windows\SysWOW64\dxinputdll.dll

2012-07-31 07:41 - 2008-01-13 08:36 - 00091632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dsofile.dll

2012-07-31 07:41 - 2007-12-26 14:33 - 00608448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\COMCTL32.OCX

2012-07-31 07:41 - 2007-04-11 02:11 - 00511328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\capicom.dll

2012-07-31 07:41 - 2004-07-14 09:26 - 00152848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx

2012-07-31 07:41 - 2004-03-09 10:45 - 00212240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX

2012-07-31 07:41 - 2003-01-26 05:41 - 00040960 ____A (vbAccelerator) C:\Windows\SysWOW64\SSubTmr6.dll

2012-07-31 07:41 - 2002-08-09 03:18 - 00045056 ____N (Microsoft) C:\Windows\SysWOW64\NTSVC.ocx

2012-07-31 07:41 - 2001-04-04 22:43 - 00094208 ___RS (Microsoft Corporation) C:\Windows\SysWOW64\msstkprp.dll

2012-07-31 07:41 - 2000-12-05 18:00 - 00109248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mswinsck.ocx

2012-07-31 07:41 - 2000-04-03 12:52 - 00164144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\comct232.ocx

2012-07-31 07:41 - 1999-05-17 05:55 - 00057344 ____N () C:\Windows\SysWOW64\ADsSecurity.dll

2012-07-31 07:41 - 1998-06-17 16:00 - 00089360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.DLL

2012-07-29 15:51 - 2012-07-26 09:05 - 00000000 ____D C:\Users\Mo\Desktop\iCEnhancer Config Tool

2012-07-29 10:57 - 2012-07-29 10:57 - 00000000 ____D C:\Users\Sufiya\AppData\Roaming\PC Suite

2012-07-29 08:04 - 2012-07-29 08:04 - 00003954 ____A C:\Users\Mo\Desktop\EagleEyes.jad

2012-07-28 16:25 - 2012-07-28 16:25 - 00002283 ____A C:\Users\Mo\Desktop\Nokia Software Updater.lnk

2012-07-28 16:25 - 2012-07-28 16:25 - 00000000 ____D C:\Users\Mo\AppData\Local\Nokia

2012-07-28 16:07 - 2012-07-28 16:07 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf

2012-07-28 16:07 - 2012-07-28 16:07 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ccdcmbx64_01009.Wdf

2012-07-28 16:06 - 2012-07-29 08:02 - 00000000 ____D C:\Users\Mo\AppData\Roaming\Nokia

2012-07-28 16:06 - 2012-07-28 16:07 - 00000000 ____D C:\Users\Mo\AppData\Roaming\PC Suite

2012-07-28 16:06 - 2012-07-28 16:07 - 00000000 ____D C:\Users\All Users\PC Suite

2012-07-28 16:06 - 2012-07-28 16:06 - 00002046 ____A C:\Users\Public\Desktop\Nokia PC Suite.lnk

2012-07-28 16:06 - 2012-07-28 16:06 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution

2012-07-28 16:05 - 2012-07-28 16:25 - 00000000 ____D C:\Program Files (x86)\Nokia

2012-07-28 15:38 - 2012-07-28 15:38 - 00001306 ____A C:\Users\Mo\Desktop\Bastion - Shortcut.lnk

2012-07-28 15:34 - 2012-07-28 15:34 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA

2012-07-27 10:28 - 2012-07-29 08:02 - 02515372 ___RA C:\Users\Mo\Desktop\EagleEyes_v1.12.sis

2012-07-27 10:28 - 2012-07-27 10:33 - 06718056 ____A C:\Users\Mo\Desktop\qt.sis

2012-07-27 06:56 - 2012-07-27 06:56 - 00000000 ____D C:\download

2012-07-27 06:52 - 2012-08-13 04:25 - 00000000 ____D C:\tempvideo

2012-07-27 06:39 - 2012-07-27 06:39 - 00001051 ____A C:\Users\Sufiya\Desktop\VideoViewer.lnk

2012-07-27 06:39 - 2012-07-27 06:39 - 00001051 ____A C:\Users\Mo\Desktop\VideoViewer.lnk

2012-07-26 05:01 - 2012-08-13 04:25 - 00000000 ____A C:\DebugTraceNormal.log

2012-07-26 04:29 - 2012-08-13 04:24 - 00000000 ____D C:\Program Files (x86)\VideoViewer

2012-07-26 04:29 - 2012-07-27 06:39 - 00017408 ____A (Microsoft Corporation) C:\psapi.dll

2012-07-26 04:29 - 2012-06-04 05:52 - 00176128 ____N C:\Windows\SysWOW64\AVC_H264.dll

2012-07-26 04:29 - 2012-06-04 05:52 - 00176128 ____N (AVTECH) C:\Windows\SysWOW64\AVC_MPEG4.dll

2012-07-26 04:29 - 2012-06-04 05:52 - 00018432 ____N C:\Windows\SysWOW64\AVC_JPEG.dll

2012-07-26 04:29 - 2012-06-04 05:30 - 00809491 ____N C:\Windows\SysWOW64\avcodec-52.84.800.dll

2012-07-26 04:29 - 2012-06-04 05:30 - 00159251 ____N C:\Windows\SysWOW64\swscale-0.11.800.dll

2012-07-26 04:29 - 2012-06-04 05:30 - 00087040 ____N C:\Windows\SysWOW64\avformat-52.74.800.dll

2012-07-26 04:29 - 2012-06-04 05:30 - 00070675 ____N C:\Windows\SysWOW64\avutil-50.22.800.dll

2012-07-26 04:29 - 2012-06-04 05:25 - 00065447 ____N (Open Source Software community LGPL) C:\Windows\SysWOW64\pthreadGC2.800.dll

2012-07-26 04:29 - 2012-05-23 06:32 - 00286720 ____N (AVTECH) C:\Windows\SysWOW64\AVC_PB.dll

2012-07-26 04:29 - 2012-05-17 04:53 - 00987136 ____N (AVTECH) C:\Windows\SysWOW64\AVC_LIVE.dll

2012-07-26 04:29 - 2012-02-09 08:41 - 00229376 ____N (AVTECH) C:\Windows\SysWOW64\AVC_RTSP.dll

2012-07-26 04:29 - 2009-07-21 05:23 - 00131072 ____N (AV-TECH) C:\Windows\SysWOW64\AVC_NATT.dll

2012-07-26 04:29 - 2008-05-15 08:44 - 00323584 ____N C:\Windows\SysWOW64\Deinterlace.dll

2012-07-26 04:29 - 2005-10-12 11:38 - 00704512 ____N (Intel Corporation) C:\Windows\SysWOW64\ijl20.dll

2012-07-26 04:29 - 2005-08-30 02:55 - 01268736 ____N (Microsoft Corporation) C:\Windows\SysWOW64\XY_quartz.dll

2012-07-26 04:29 - 2004-08-03 15:47 - 00559616 ____N (Microsoft Corporation) C:\Windows\SysWOW64\XY_qedit.dll

2012-07-26 04:29 - 2004-05-04 02:53 - 01645320 ____N (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll

2012-07-26 04:29 - 2003-03-19 04:20 - 01060864 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll

2012-07-26 04:29 - 2003-03-19 02:04 - 00765952 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71d.dll

2012-07-26 04:29 - 2003-03-19 02:03 - 00544768 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71d.dll

2012-07-25 08:00 - 2012-07-25 08:00 - 00000025 ____A C:\Users\Mo\Desktop\Yahoo.txt

2012-07-25 06:33 - 2012-07-25 06:33 - 00000000 ____D C:\Program Files (x86)\KONAMI

2012-07-25 06:32 - 2012-07-25 06:32 - 00000000 ____D C:\Users\Mo\Desktop\New folder

2012-07-18 10:24 - 2012-07-31 10:19 - 00000000 ____D C:\Users\Mo\Documents\GTA3 User Files

2012-07-17 10:27 - 2012-07-17 10:27 - 00000000 ____D C:\Users\Mo\Documents\GTA2

============ 3 Months Modified Files ========================

2012-08-13 16:26 - 2012-08-13 16:22 - 00002155 ____A C:\Users\Mo\Desktop\New Text Document (4).txt

2012-08-13 16:26 - 2009-07-13 20:45 - 00005872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-13 16:26 - 2009-07-13 20:45 - 00005872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-13 16:25 - 2009-07-13 21:13 - 00006466 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-13 16:24 - 2009-07-13 20:51 - 00187895 ____A C:\Windows\setupact.log

2012-08-13 16:19 - 2011-10-05 05:34 - 00305220 ____A C:\Windows\WindowsUpdate.log

2012-08-13 16:18 - 2012-08-13 16:18 - 00000082 ____A C:\Users\Mo\Desktop\Trojan Dropper BC Miner.URL

2012-08-13 16:14 - 2012-08-13 16:14 - 00003115 ____A C:\Users\Mo\Desktop\RKreport[1].txt

2012-08-13 15:52 - 2012-08-13 15:52 - 00001131 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-08-13 15:48 - 2012-03-14 12:33 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-08-13 15:44 - 2012-03-14 12:33 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-08-13 15:43 - 2012-07-31 07:41 - 00119296 ____A C:\Windows\SysWOW64\zlib.dll

2012-08-13 15:43 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-13 09:48 - 2012-08-13 09:31 - 00000286 ____A C:\Users\Mo\Desktop\Fish.txt

2012-08-13 09:00 - 2011-10-13 08:19 - 00000460 ____A C:\Windows\Tasks\ParetoLogic Registration.job

2012-08-13 08:38 - 2012-08-13 08:38 - 00037227 ____A C:\Users\Mo\Desktop\Attach.txt

2012-08-13 08:31 - 2012-08-13 08:31 - 00001156 ____A C:\Users\Mo\Desktop\checkup.txt

2012-08-13 08:20 - 2012-08-13 08:20 - 00050477 ____A C:\Users\Mo\Desktop\Defogger.exe

2012-08-13 08:20 - 2012-08-13 08:20 - 00000576 ____A C:\Users\Mo\Desktop\defogger_disable.log

2012-08-13 08:20 - 2012-08-13 08:20 - 00000020 ____A C:\Users\Mo\defogger_reenable

2012-08-13 04:25 - 2012-07-26 05:01 - 00000000 ____A C:\DebugTraceNormal.log

2012-08-12 16:18 - 2011-12-28 14:33 - 00919100 ____A C:\shared.log

2012-08-12 05:51 - 2009-07-13 21:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-08-10 18:14 - 2012-08-10 18:14 - 32423679 ____A C:\Users\Mo\Desktop\Lake malawi south african cichlid fluval venezia corner aquarium fish tank_1.mp4

2012-08-10 13:00 - 2012-08-10 12:59 - 31314698 ____A C:\Users\Mo\Desktop\Lake malawi south african cichlid fluval venezia corner aquarium fish tank.mp4

2012-08-10 06:35 - 2012-08-10 06:35 - 00043922 ____A C:\Users\Mo\Desktop\payment-confirmation.html

2012-08-10 04:31 - 2012-08-10 04:25 - 00000040 ____A C:\Users\Mo\Desktop\New Text Document (2).txt

2012-08-07 15:59 - 2012-08-07 15:59 - 00000818 ____A C:\Users\Mo\Desktop\TES™V Skyrim.lnk

2012-08-07 11:31 - 2011-10-08 22:06 - 00033162 ____A C:\Windows\PFRO.log

2012-08-07 08:57 - 2012-08-07 08:57 - 00000000 ____A C:\Users\Mo\Desktop\New Text Document.txt

2012-08-06 16:27 - 2012-08-06 16:27 - 00001270 ____A C:\Users\Mo\Desktop\shutdown.lnk

2012-08-06 16:27 - 2012-08-06 16:26 - 00001270 ____A C:\Users\Sufiya\Desktop\shutdown.lnk

2012-08-06 16:23 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe

2012-08-06 16:20 - 2012-08-06 16:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AB232190785A8F2F

2012-08-06 16:17 - 2012-08-06 16:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D022277278D6DA1

2012-08-06 16:10 - 2012-08-06 16:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BD196A85A2A068E7

2012-08-06 16:09 - 2011-07-03 03:29 - 00001945 ____A C:\Windows\epplauncher.mif

2012-08-06 16:08 - 2011-06-21 06:43 - 00006432 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-08-05 09:42 - 2012-05-28 02:37 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-05 09:42 - 2011-11-25 09:32 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-08-04 09:25 - 2012-08-04 09:25 - 00180109 ____A C:\Users\Mo\Desktop\Opethfeldt_ENB_v6_02-18941-6-02.rar

2012-08-02 16:48 - 2012-08-01 15:51 - 1096246298 ____A C:\Users\Mo\Downloads\X-Art - Happy Couple - Kristen [1080p].mov

2012-08-01 09:23 - 2012-08-01 09:23 - 08071432 ___RA C:\Users\Mo\Desktop\Opera_Mobile_12.00.sis

2012-07-31 07:41 - 2012-07-31 07:41 - 00909921 ___RA C:\Users\Mo\Desktop\GTA III & VC.zip

2012-07-31 07:41 - 2012-07-31 07:41 - 00002132 ____A C:\Users\Public\Desktop\Pinnacle Game Profiler.lnk

2012-07-29 08:04 - 2012-07-29 08:04 - 00003954 ____A C:\Users\Mo\Desktop\EagleEyes.jad

2012-07-29 08:02 - 2012-07-27 10:28 - 02515372 ___RA C:\Users\Mo\Desktop\EagleEyes_v1.12.sis

2012-07-28 16:25 - 2012-07-28 16:25 - 00002283 ____A C:\Users\Mo\Desktop\Nokia Software Updater.lnk

2012-07-28 16:07 - 2012-07-28 16:07 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf

2012-07-28 16:07 - 2012-07-28 16:07 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ccdcmbx64_01009.Wdf

2012-07-28 16:06 - 2012-07-28 16:06 - 00002046 ____A C:\Users\Public\Desktop\Nokia PC Suite.lnk

2012-07-28 16:06 - 2011-11-29 13:58 - 00084804 ____A C:\Windows\DPINST.LOG

2012-07-28 15:38 - 2012-07-28 15:38 - 00001306 ____A C:\Users\Mo\Desktop\Bastion - Shortcut.lnk

2012-07-27 10:33 - 2012-07-27 10:28 - 06718056 ____A C:\Users\Mo\Desktop\qt.sis

2012-07-27 06:39 - 2012-07-27 06:39 - 00001051 ____A C:\Users\Sufiya\Desktop\VideoViewer.lnk

2012-07-27 06:39 - 2012-07-27 06:39 - 00001051 ____A C:\Users\Mo\Desktop\VideoViewer.lnk

2012-07-27 06:39 - 2012-07-26 04:29 - 00017408 ____A (Microsoft Corporation) C:\psapi.dll

2012-07-25 16:00 - 2012-06-15 07:07 - 00002238 ____A C:\Users\Public\Desktop\Grand Theft Auto IV.lnk

2012-07-25 09:17 - 2011-10-08 07:54 - 00544654 ____A C:\Windows\DirectX.log

2012-07-25 08:00 - 2012-07-25 08:00 - 00000025 ____A C:\Users\Mo\Desktop\Yahoo.txt

2012-07-17 06:23 - 2012-07-11 08:56 - 00001105 ____A C:\Users\Public\Desktop\Project CARS Launcher.lnk

2012-07-13 06:19 - 2011-07-27 07:20 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe

2012-07-13 06:19 - 2011-06-21 07:14 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr

2012-07-13 06:14 - 2011-06-21 06:42 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.ex0

2012-07-07 23:23 - 2012-07-07 23:23 - 04656398 ____A C:\Users\Sufiya\Downloads\01_Haan_Yahi_Pyaar_Hai_-_Shaan,_Shreya_Ghoshal_[_www.djsdrive.in_]

2012-07-07 23:22 - 2012-07-07 23:22 - 06138108 ____A C:\Users\Sufiya\Downloads\Haan_Yahi_Pyaar_Hai_-_www.Songs.PK

2012-07-07 23:21 - 2012-07-07 23:21 - 11039636 ____A C:\Users\Sufiya\Downloads\Haan_Yahi_Pyar_Hai_-_Luvi!i_Club_Mix

2012-07-03 04:46 - 2012-08-13 15:52 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-27 21:05 - 2009-07-13 20:45 - 04765672 ____A C:\Windows\System32\FNTCACHE.DAT

2012-06-27 08:23 - 2011-06-21 05:24 - 00045752 ____A C:\Users\Mo\AppData\Local\GDIPFONTCACHEV1.DAT

2012-06-27 07:40 - 2012-06-27 07:40 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01009.Wdf

2012-06-27 07:40 - 2012-06-27 07:40 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf

2012-06-24 20:58 - 2012-06-26 03:46 - 3966922852 ____A C:\Users\Mo\Desktop\uefa.euro.2012.quarter.final.four.england.vs.italy.720p.hdtv.x264-w4f.mkv

2012-06-24 06:59 - 2012-06-24 06:58 - 198732944 ____A C:\Users\Mo\Downloads\PS3UPDAT(2).PUP

2012-06-16 15:48 - 2012-06-03 04:29 - 00000944 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk

2012-06-16 08:35 - 2012-06-16 08:34 - 198732944 ____A C:\Users\Mo\Downloads\PS3UPDAT(1).PUP

2012-06-16 06:29 - 2012-06-16 06:29 - 00000000 ____A C:\Windows\ativpsrm.bin

2012-06-16 06:19 - 2012-06-16 06:19 - 160889384 ____A (Advanced Micro Devices, Inc.) C:\Users\Mo\Downloads\12-4_vista_win7_64_dd_ccc.exe

2012-06-16 01:51 - 2012-06-16 01:51 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Mo\Downloads\mbam-setup-1.61.0.1400(2).exe

2012-06-14 10:22 - 2012-06-14 10:22 - 03878112 ____A C:\Users\Mo\Downloads\battlelog-web-plugins-1.122.0-retail-prod.exe

2012-06-14 05:11 - 2011-10-22 14:51 - 550648264 ____A C:\Windows\MEMORY.DMP

2012-06-11 02:33 - 2012-06-11 02:33 - 02152176 ____A (Microsoft Corporation) C:\Windows\System32\WUDFUpdate_01009.dll

2012-06-11 02:33 - 2011-11-29 13:58 - 00026112 ____A (Nokia) C:\Windows\System32\Drivers\pccsmcfdx64.sys

2012-06-06 07:41 - 2012-06-06 07:41 - 00000899 ____A C:\Users\Public\Desktop\FXAA Tool.lnk

2012-06-06 07:37 - 2012-06-06 07:37 - 00295316 ____A () C:\Users\Mo\Downloads\Post_Process_Injector_2_1_Installer-131-2-1(1).exe

2012-06-04 05:52 - 2012-07-26 04:29 - 00176128 ____N C:\Windows\SysWOW64\AVC_H264.dll

2012-06-04 05:52 - 2012-07-26 04:29 - 00176128 ____N (AVTECH) C:\Windows\SysWOW64\AVC_MPEG4.dll

2012-06-04 05:52 - 2012-07-26 04:29 - 00018432 ____N C:\Windows\SysWOW64\AVC_JPEG.dll

2012-06-04 05:30 - 2012-07-26 04:29 - 00809491 ____N C:\Windows\SysWOW64\avcodec-52.84.800.dll

2012-06-04 05:30 - 2012-07-26 04:29 - 00159251 ____N C:\Windows\SysWOW64\swscale-0.11.800.dll

2012-06-04 05:30 - 2012-07-26 04:29 - 00087040 ____N C:\Windows\SysWOW64\avformat-52.74.800.dll

2012-06-04 05:30 - 2012-07-26 04:29 - 00070675 ____N C:\Windows\SysWOW64\avutil-50.22.800.dll

2012-06-04 05:25 - 2012-07-26 04:29 - 00065447 ____N (Open Source Software community LGPL) C:\Windows\SysWOW64\pthreadGC2.800.dll

2012-05-31 03:25 - 2010-11-20 19:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2012-05-27 10:57 - 2012-05-27 10:56 - 259061547 ____A (Igor Pavlov) C:\Users\Mo\Downloads\BASE_eXtreme_0.2.exe

2012-05-23 06:32 - 2012-07-26 04:29 - 00286720 ____N (AVTECH) C:\Windows\SysWOW64\AVC_PB.dll

2012-05-20 20:25 - 2011-06-21 05:16 - 00000035 ____A C:\Users\Public\Documents\AtherosServiceConfig.ini

2012-05-20 11:38 - 2012-05-20 11:37 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Mo\Downloads\mbam-setup-1.61.0.1400(1).exe

2012-05-20 10:05 - 2012-05-20 10:05 - 03339264 ____A C:\Users\Mo\Downloads\UltraMon_3.1.0_en_x64.msi

2012-05-20 05:43 - 2012-05-20 05:43 - 05134840 ____A (Binary Fortress Software ) C:\Users\Mo\Downloads\DisplayFusionSetup-4.0.exe

2012-05-19 11:00 - 2012-05-19 11:00 - 00463080 ____A (CNET Download.com) C:\Users\Mo\Downloads\cnet2_FloboHardDiskRepair_exe.exe

2012-05-19 10:59 - 2012-05-19 10:59 - 00292256 ____A C:\Users\Mo\Downloads\Brothersoft_downloader_For_Flobo_HDD_Bad_Sector_Repair.exe

2012-05-19 08:41 - 2012-05-19 08:41 - 06118990 ____A (LIGHTNING UK!) C:\Users\Mo\Downloads\SetupImgBurn_2.5.7.0.exe

2012-05-19 08:14 - 2012-05-19 08:14 - 02801569 ____A C:\Users\Mo\Downloads\DeepBurner1.exe

2012-05-19 07:31 - 2011-08-19 18:56 - 00001908 ____A C:\Windows\diagwrn.xml

2012-05-19 07:31 - 2011-08-19 18:56 - 00001908 ____A C:\Windows\diagerr.xml

2012-05-19 07:31 - 2009-07-13 20:51 - 00000000 ____A C:\Windows\setuperr.log

2012-05-18 14:30 - 2012-05-18 14:30 - 01153271 ____A (Igor Pavlov) C:\Users\Mo\Downloads\Portable-VirtualBox_v4.1.6-Starter_v6.4.8-Win_all.exe

2012-05-18 14:05 - 2012-05-18 14:02 - 07481624 ____A C:\Users\Mo\Downloads\PowerISO5.exe

2012-05-17 04:53 - 2012-07-26 04:29 - 00987136 ____N (AVTECH) C:\Windows\SysWOW64\AVC_LIVE.dll

ZeroAccess:

C:\Windows\Installer\{d81cac50-f031-9da2-fa92-b57c9935d3e9}

C:\Windows\Installer\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\@

C:\Windows\Installer\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\L

C:\Windows\Installer\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\U

C:\Windows\Installer\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\L\00000004.@

C:\Windows\Installer\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\L\201d3dde

C:\Windows\Installer\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\U\00000004.@

C:\Windows\Installer\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\U\00000008.@

C:\Windows\Installer\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\U\000000cb.@

C:\Windows\Installer\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\U\80000000.@

C:\Windows\Installer\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\U\80000032.@

C:\Windows\Installer\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\U\80000064.@

ZeroAccess:

C:\Users\Mo\AppData\Local\{d81cac50-f031-9da2-fa92-b57c9935d3e9}

C:\Users\Mo\AppData\Local\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\@

C:\Users\Mo\AppData\Local\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\L

C:\Users\Mo\AppData\Local\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\n

C:\Users\Mo\AppData\Local\{d81cac50-f031-9da2-fa92-b57c9935d3e9}\U

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll

[2010-11-20 19:24] - [2010-11-20 19:24] - 1008128 ____A (Microsoft Corporation) D186BABDFAE7C0D93C9F6AE63957EE96

C:\Windows\SysWOW64\User32.dll

[2010-11-20 19:24] - [2010-11-20 19:24] - 0833024 ____A (Microsoft Corporation) 0A8910F85D554ADB5C7F5B157FEE8622

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 11%

Total physical RAM: 8168.94 MB

Available physical RAM: 7190.37 MB

Total Pagefile: 8167.14 MB

Available Pagefile: 7285.77 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:491.64 GB) NTFS

2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive f: (DIRT2) (CDROM) (Total:6.83 GB) (Free:0 GB) UDF

4 Drive g: () (Removable) (Total:7.37 GB) (Free:7.37 GB) FAT32

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 Online 931 GB 0 B

Disk 2 Online 7566 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 931 GB 1024 KB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y Partition 931 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 931 GB 101 MB

==================================================================================

Disk: 1

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 1

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 C NTFS Partition 931 GB Healthy

==================================================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 7565 MB 1024 KB

==================================================================================

Disk: 2

Partition 1

Type : 0B

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G FAT32 Removable 7565 MB Healthy

==================================================================================

Last Boot: 2012-08-07 12:01

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 14-08-2012

Ran by SYSTEM at 2012-08-14 01:32:24

Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\system64\services.exe

[2010-11-20 01:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2012-08-06 16:23] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

MrCharlie · August 14, 2012

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Offline · August 14, 2012

Hi,

Log is as follows:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-08-2012

Ran by SYSTEM at 2012-08-14 01:51:56 Run:1

Running from G:\

==============================================

C:\Windows\Installer\{d81cac50-f031-9da2-fa92-b57c9935d3e9} moved successfully.

C:\Users\Mo\AppData\Local\{d81cac50-f031-9da2-fa92-b57c9935d3e9} moved successfully.

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

C:\Windows\System32\services.exe moved successfully.

C:\Windows\system64\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

MrCharlie · August 14, 2012

A couple of more scans to run....

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Offline · August 14, 2012

I ran the test, it detected five threats, no cure option for any of the threats, log is as follows:

01:56:51.0003 2640 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

01:56:51.0090 2640 ============================================================

01:56:51.0090 2640 Current date / time: 2012/08/14 01:56:51.0090

01:56:51.0090 2640 SystemInfo:

01:56:51.0090 2640

01:56:51.0090 2640 OS Version: 6.1.7600 ServicePack: 1.0

01:56:51.0090 2640 Product type: Workstation

01:56:51.0090 2640 ComputerName: MO-PC

01:56:51.0090 2640 UserName: Mo

01:56:51.0090 2640 Windows directory: C:\Windows

01:56:51.0090 2640 System windows directory: C:\Windows

01:56:51.0090 2640 Running under WOW64

01:56:51.0090 2640 Processor architecture: Intel x64

01:56:51.0090 2640 Number of processors: 4

01:56:51.0090 2640 Page size: 0x1000

01:56:51.0090 2640 Boot type: Normal boot

01:56:51.0090 2640 ============================================================

01:56:52.0519 2640 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

01:56:52.0525 2640 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

01:56:52.0528 2640 Drive \Device\Harddisk2\DR2 - Size: 0x1D8E00000 (7.39 Gb), SectorSize: 0x200, Cylinders: 0x3C4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

01:56:52.0530 2640 ============================================================

01:56:52.0530 2640 \Device\Harddisk0\DR0:

01:56:52.0530 2640 MBR partitions:

01:56:52.0530 2640 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

01:56:52.0530 2640 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800

01:56:52.0530 2640 \Device\Harddisk1\DR1:

01:56:52.0530 2640 MBR partitions:

01:56:52.0530 2640 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

01:56:52.0530 2640 \Device\Harddisk2\DR2:

01:56:52.0531 2640 MBR partitions:

01:56:52.0531 2640 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xB, StartLBA 0x800, BlocksNum 0xEC6800

01:56:52.0531 2640 ============================================================

01:56:52.0546 2640 C: <-> \Device\Harddisk0\DR0\Partition1

01:56:52.0551 2640 D: <-> \Device\Harddisk1\DR1\Partition0

01:56:52.0551 2640 ============================================================

01:56:52.0551 2640 Initialize success

01:56:52.0551 2640 ============================================================

01:58:22.0591 2004 ============================================================

01:58:22.0591 2004 Scan started

01:58:22.0591 2004 Mode: Manual; SigCheck; TDLFS;

01:58:22.0591 2004 ============================================================

01:58:23.0467 2004 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys

01:58:23.0592 2004 1394ohci - ok

01:58:23.0616 2004 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

01:58:23.0623 2004 ACPI - ok

01:58:23.0639 2004 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

01:58:23.0695 2004 AcpiPmi - ok

01:58:23.0791 2004 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

01:58:23.0795 2004 AdobeARMservice - ok

01:58:23.0828 2004 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

01:58:23.0837 2004 adp94xx - ok

01:58:23.0853 2004 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

01:58:23.0860 2004 adpahci - ok

01:58:23.0867 2004 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

01:58:23.0872 2004 adpu320 - ok

01:58:23.0885 2004 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

01:58:23.0972 2004 AeLookupSvc - ok

01:58:23.0994 2004 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

01:58:24.0047 2004 AFD - ok

01:58:24.0069 2004 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

01:58:24.0072 2004 agp440 - ok

01:58:24.0084 2004 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

01:58:24.0110 2004 ALG - ok

01:58:24.0111 2004 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

01:58:24.0115 2004 aliide - ok

01:58:24.0241 2004 ALSysIO - ok

01:58:24.0292 2004 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe

01:58:24.0318 2004 AMD External Events Utility - ok

01:58:24.0319 2004 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

01:58:24.0323 2004 amdide - ok

01:58:24.0365 2004 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

01:58:24.0391 2004 AmdK8 - ok

01:58:24.0654 2004 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys

01:58:24.0780 2004 amdkmdag - ok

01:58:24.0881 2004 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys

01:58:24.0914 2004 amdkmdap - ok

01:58:24.0946 2004 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

01:58:24.0972 2004 AmdPPM - ok

01:58:25.0011 2004 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys

01:58:25.0015 2004 amdsata - ok

01:58:25.0032 2004 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

01:58:25.0037 2004 amdsbs - ok

01:58:25.0050 2004 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys

01:58:25.0054 2004 amdxata - ok

01:58:25.0078 2004 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

01:58:25.0175 2004 AppID - ok

01:58:25.0202 2004 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

01:58:25.0232 2004 AppIDSvc - ok

01:58:25.0246 2004 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

01:58:25.0278 2004 Appinfo - ok

01:58:25.0351 2004 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

01:58:25.0362 2004 Apple Mobile Device - ok

01:58:25.0388 2004 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

01:58:25.0408 2004 AppMgmt - ok

01:58:25.0448 2004 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

01:58:25.0453 2004 arc - ok

01:58:25.0461 2004 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

01:58:25.0465 2004 arcsas - ok

01:58:25.0548 2004 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

01:58:25.0551 2004 aspnet_state - ok

01:58:25.0565 2004 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

01:58:25.0600 2004 AsyncMac - ok

01:58:25.0617 2004 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

01:58:25.0621 2004 atapi - ok

01:58:25.0657 2004 AthBTPort (aaae03f8eda817ec28c5445193ea8bf3) C:\Windows\system32\DRIVERS\btath_flt.sys

01:58:25.0659 2004 AthBTPort - ok

01:58:25.0687 2004 ATHDFU (4ecc791539f23982411864037d1ac8fc) C:\Windows\system32\Drivers\AthDfu.sys

01:58:25.0742 2004 ATHDFU - ok

01:58:25.0793 2004 AtherosSvc (c34b28d6285ead94b3a2faba84e90da5) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

01:58:25.0795 2004 AtherosSvc - ok

01:58:25.0846 2004 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys

01:58:25.0849 2004 AtiHDAudioService - ok

01:58:25.0869 2004 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

01:58:25.0904 2004 AudioEndpointBuilder - ok

01:58:25.0907 2004 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

01:58:25.0924 2004 AudioSrv - ok

01:58:25.0954 2004 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

01:58:25.0982 2004 AxInstSV - ok

01:58:26.0018 2004 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

01:58:26.0042 2004 b06bdrv - ok

01:58:26.0072 2004 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

01:58:26.0099 2004 b57nd60a - ok

01:58:26.0126 2004 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

01:58:26.0148 2004 BDESVC - ok

01:58:26.0168 2004 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

01:58:26.0211 2004 Beep - ok

01:58:26.0239 2004 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

01:58:26.0257 2004 blbdrive - ok

01:58:26.0345 2004 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

01:58:26.0351 2004 Bonjour Service - ok

01:58:26.0367 2004 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

01:58:26.0409 2004 bowser - ok

01:58:26.0420 2004 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

01:58:26.0438 2004 BrFiltLo - ok

01:58:26.0454 2004 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

01:58:26.0459 2004 BrFiltUp - ok

01:58:26.0481 2004 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

01:58:26.0513 2004 Browser - ok

01:58:26.0539 2004 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

01:58:26.0560 2004 Brserid - ok

01:58:26.0575 2004 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

01:58:26.0595 2004 BrSerWdm - ok

01:58:26.0596 2004 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

01:58:26.0606 2004 BrUsbMdm - ok

01:58:26.0623 2004 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

01:58:26.0639 2004 BrUsbSer - ok

01:58:26.0653 2004 BT - ok

01:58:26.0697 2004 BTATH_A2DP (3b1b573371b206d1d5f25e0ef5fcd6d6) C:\Windows\system32\drivers\btath_a2dp.sys

01:58:26.0701 2004 BTATH_A2DP - ok

01:58:26.0729 2004 BTATH_BUS (2d0446336d9db55a742b999ec16adf15) C:\Windows\system32\DRIVERS\btath_bus.sys

01:58:26.0732 2004 BTATH_BUS - ok

01:58:26.0746 2004 BTATH_HCRP (9a9694bbeb2849eaf95dffcae5df02ad) C:\Windows\system32\DRIVERS\btath_hcrp.sys

01:58:26.0749 2004 BTATH_HCRP - ok

01:58:26.0762 2004 BTATH_LWFLT (fc0a8075ddf2e9c66267aec91e0676f9) C:\Windows\system32\DRIVERS\btath_lwflt.sys

01:58:26.0764 2004 BTATH_LWFLT - ok

01:58:26.0776 2004 BTATH_RCP (5eb4815cbddba4541f2380dae6e269ab) C:\Windows\system32\DRIVERS\btath_rcp.sys

01:58:26.0779 2004 BTATH_RCP - ok

01:58:26.0781 2004 BTCOM - ok

01:58:26.0788 2004 BTCOMBUS - ok

01:58:26.0807 2004 BtFilter (0ecede7b33cfd9a52a61220abbd09a50) C:\Windows\system32\DRIVERS\btfilter.sys

01:58:26.0812 2004 BtFilter - ok

01:58:26.0840 2004 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys

01:58:26.0859 2004 BthEnum - ok

01:58:26.0887 2004 BtHidBus (0e7fef42f9e86a41acfc41eaebda65f4) C:\Windows\system32\Drivers\BtHidBus.sys

01:58:26.0889 2004 BtHidBus - ok

01:58:26.0895 2004 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

01:58:26.0915 2004 BTHMODEM - ok

01:58:26.0939 2004 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

01:58:26.0964 2004 BthPan - ok

01:58:27.0000 2004 BTHPORT (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\Windows\system32\Drivers\BTHport.sys

01:58:27.0011 2004 BTHPORT - ok

01:58:27.0028 2004 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

01:58:27.0043 2004 bthserv - ok

01:58:27.0074 2004 BTHUSB (1f9912f8ec5bfa53432e71e150636a8a) C:\Windows\system32\Drivers\BTHUSB.sys

01:58:27.0098 2004 BTHUSB - ok

01:58:27.0131 2004 btnetBUs (c0d50877bb7ec88a953a2a56cef170fa) C:\Windows\system32\Drivers\btnetBus.sys

01:58:27.0134 2004 btnetBUs - ok

01:58:27.0160 2004 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

01:58:27.0192 2004 cdfs - ok

01:58:27.0227 2004 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

01:58:27.0248 2004 cdrom - ok

01:58:27.0288 2004 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

01:58:27.0325 2004 CertPropSvc - ok

01:58:27.0350 2004 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

01:58:27.0356 2004 circlass - ok

01:58:27.0376 2004 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

01:58:27.0383 2004 CLFS - ok

01:58:27.0434 2004 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

01:58:27.0439 2004 clr_optimization_v2.0.50727_32 - ok

01:58:27.0473 2004 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

01:58:27.0477 2004 clr_optimization_v2.0.50727_64 - ok

01:58:27.0524 2004 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

01:58:27.0540 2004 clr_optimization_v4.0.30319_32 - ok

01:58:27.0571 2004 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

01:58:27.0575 2004 clr_optimization_v4.0.30319_64 - ok

01:58:27.0615 2004 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

01:58:27.0637 2004 CmBatt - ok

01:58:27.0658 2004 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

01:58:27.0661 2004 cmdide - ok

01:58:27.0760 2004 cmudaxp (0367f029425cbd5506e8db2757ff3a8f) C:\Windows\system32\drivers\cmudaxp.sys

01:58:27.0788 2004 cmudaxp - ok

01:58:27.0853 2004 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

01:58:27.0880 2004 CNG - ok

01:58:27.0893 2004 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

01:58:27.0896 2004 Compbatt - ok

01:58:27.0907 2004 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

01:58:27.0926 2004 CompositeBus - ok

01:58:27.0940 2004 COMSysApp - ok

01:58:28.0029 2004 cpuz135 - ok

01:58:28.0036 2004 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

01:58:28.0039 2004 crcdisk - ok

01:58:28.0070 2004 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

01:58:28.0105 2004 CryptSvc - ok

01:58:28.0142 2004 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

01:58:28.0185 2004 CSC - ok

01:58:28.0207 2004 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

01:58:28.0236 2004 CscService - ok

01:58:28.0475 2004 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) d:\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe

01:58:28.0478 2004 DAUpdaterSvc - ok

01:58:28.0533 2004 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys

01:58:28.0536 2004 dc3d - ok

01:58:28.0566 2004 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

01:58:28.0600 2004 DcomLaunch - ok

01:58:28.0636 2004 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

01:58:28.0654 2004 defragsvc - ok

01:58:28.0674 2004 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

01:58:28.0701 2004 DfsC - ok

01:58:28.0730 2004 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

01:58:28.0764 2004 Dhcp - ok

01:58:28.0785 2004 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

01:58:28.0818 2004 discache - ok

01:58:28.0868 2004 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

01:58:28.0872 2004 Disk - ok

01:58:28.0894 2004 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys

01:58:28.0912 2004 dmvsc - ok

01:58:28.0944 2004 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

01:58:28.0950 2004 Dnscache - ok

01:58:28.0968 2004 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

01:58:28.0998 2004 dot3svc - ok

01:58:29.0023 2004 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

01:58:29.0056 2004 DPS - ok

01:58:29.0095 2004 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

01:58:29.0112 2004 drmkaud - ok

01:58:29.0170 2004 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

01:58:29.0175 2004 dtsoftbus01 - ok

01:58:29.0208 2004 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

01:58:29.0218 2004 DXGKrnl - ok

01:58:29.0252 2004 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys

01:58:29.0256 2004 e1cexpress - ok

01:58:29.0278 2004 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys

01:58:29.0300 2004 E1G60 - ok

01:58:29.0329 2004 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

01:58:29.0362 2004 EapHost - ok

01:58:29.0442 2004 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

01:58:29.0475 2004 ebdrv - ok

01:58:29.0542 2004 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe

01:58:29.0547 2004 EFS - ok

01:58:29.0595 2004 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

01:58:29.0623 2004 ehRecvr - ok

01:58:29.0642 2004 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

01:58:29.0647 2004 ehSched - ok

01:58:29.0686 2004 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

01:58:29.0696 2004 elxstor - ok

01:58:29.0703 2004 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

01:58:29.0726 2004 ErrDev - ok

01:58:29.0769 2004 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

01:58:29.0803 2004 EventSystem - ok

01:58:29.0821 2004 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

01:58:29.0837 2004 exfat - ok

01:58:29.0849 2004 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

01:58:29.0882 2004 fastfat - ok

01:58:29.0937 2004 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

01:58:29.0965 2004 Fax - ok

01:58:29.0986 2004 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

01:58:30.0007 2004 fdc - ok

01:58:30.0025 2004 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

01:58:30.0053 2004 fdPHost - ok

01:58:30.0073 2004 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

01:58:30.0108 2004 FDResPub - ok

01:58:30.0126 2004 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

01:58:30.0129 2004 FileInfo - ok

01:58:30.0139 2004 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

01:58:30.0173 2004 Filetrace - ok

01:58:30.0189 2004 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

01:58:30.0193 2004 flpydisk - ok

01:58:30.0209 2004 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

01:58:30.0215 2004 FltMgr - ok

01:58:30.0248 2004 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

01:58:30.0282 2004 FontCache - ok

01:58:30.0360 2004 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

01:58:30.0363 2004 FontCache3.0.0.0 - ok

01:58:30.0396 2004 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

01:58:30.0399 2004 FsDepends - ok

01:58:30.0412 2004 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

01:58:30.0415 2004 Fs_Rec - ok

01:58:30.0427 2004 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

01:58:30.0434 2004 fvevol - ok

01:58:30.0449 2004 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

01:58:30.0453 2004 gagp30kx - ok

01:58:30.0493 2004 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

01:58:30.0496 2004 GEARAspiWDM - ok

01:58:30.0529 2004 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

01:58:30.0550 2004 gpsvc - ok

01:58:30.0649 2004 GS In-Game Service (f2de79ec8a151bcf433be1047f08b9cc) C:\Program Files (x86)\GameTracker\GSInGameService.exe

01:58:30.0671 2004 GS In-Game Service - ok

01:58:30.0737 2004 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

01:58:30.0741 2004 gupdate - ok

01:58:30.0742 2004 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

01:58:30.0745 2004 gupdatem - ok

01:58:30.0812 2004 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

01:58:30.0830 2004 hcw85cir - ok

01:58:30.0865 2004 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

01:58:30.0893 2004 HdAudAddService - ok

01:58:30.0925 2004 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

01:58:30.0949 2004 HDAudBus - ok

01:58:30.0971 2004 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

01:58:30.0989 2004 HidBatt - ok

01:58:31.0040 2004 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

01:58:31.0061 2004 HidBth - ok

01:58:31.0078 2004 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

01:58:31.0084 2004 HidIr - ok

01:58:31.0096 2004 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

01:58:31.0127 2004 hidserv - ok

01:58:31.0155 2004 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

01:58:31.0159 2004 HidUsb - ok

01:58:31.0232 2004 HiPatchService (d61f8e72032bdc43157f2b8aea32b529) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

01:58:31.0249 2004 HiPatchService ( UnsignedFile.Multi.Generic ) - warning

01:58:31.0249 2004 HiPatchService - detected UnsignedFile.Multi.Generic (1)

01:58:31.0272 2004 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

01:58:31.0305 2004 hkmsvc - ok

01:58:31.0326 2004 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

01:58:31.0333 2004 HomeGroupListener - ok

01:58:31.0355 2004 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

01:58:31.0380 2004 HomeGroupProvider - ok

01:58:31.0400 2004 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

01:58:31.0404 2004 HpSAMD - ok

01:58:31.0433 2004 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

01:58:31.0470 2004 HTTP - ok

01:58:31.0498 2004 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

01:58:31.0501 2004 hwpolicy - ok

01:58:31.0529 2004 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

01:58:31.0534 2004 i8042prt - ok

01:58:31.0561 2004 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys

01:58:31.0568 2004 iaStorV - ok

01:58:31.0664 2004 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

01:58:31.0680 2004 IDriverT ( UnsignedFile.Multi.Generic ) - warning

01:58:31.0680 2004 IDriverT - detected UnsignedFile.Multi.Generic (1)

01:58:31.0754 2004 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

01:58:31.0766 2004 idsvc - ok

01:58:31.0823 2004 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

01:58:31.0827 2004 iirsp - ok

01:58:31.0879 2004 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

01:58:31.0916 2004 IKEEXT - ok

01:58:31.0939 2004 IntcAzAudAddService - ok

01:58:31.0949 2004 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

01:58:31.0952 2004 intelide - ok

01:58:31.0971 2004 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

01:58:31.0993 2004 intelppm - ok

01:58:32.0028 2004 Intel® PROSet Monitoring Service (068ec06f3b6dd7b81b365d8fd2ce27e6) C:\Windows\system32\IProsetMonitor.exe

01:58:32.0032 2004 Intel® PROSet Monitoring Service - ok

01:58:32.0043 2004 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

01:58:32.0078 2004 IPBusEnum - ok

01:58:32.0100 2004 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

01:58:32.0115 2004 IpFilterDriver - ok

01:58:32.0122 2004 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

01:58:32.0141 2004 IPMIDRV - ok

01:58:32.0159 2004 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

01:58:32.0192 2004 IPNAT - ok

01:58:32.0276 2004 iPod Service (d38469601b72d2da4f847fc642174e21) C:\Program Files\iPod\bin\iPodService.exe

01:58:32.0289 2004 iPod Service - ok

01:58:32.0312 2004 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

01:58:32.0318 2004 IRENUM - ok

01:58:32.0331 2004 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

01:58:32.0338 2004 isapnp - ok

01:58:32.0369 2004 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

01:58:32.0376 2004 iScsiPrt - ok

01:58:32.0411 2004 IvtBtBUs (c7b6be6bf2b5766648e232077e86b6a0) C:\Windows\system32\Drivers\IvtBtBus.sys

01:58:32.0414 2004 IvtBtBUs - ok

01:58:32.0434 2004 JRAID (a577f5db30f70eca9708c07c2eacbd9d) C:\Windows\system32\DRIVERS\jraid.sys

01:58:32.0437 2004 JRAID - ok

01:58:32.0460 2004 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

01:58:32.0463 2004 kbdclass - ok

01:58:32.0481 2004 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

01:58:32.0501 2004 kbdhid - ok

01:58:32.0539 2004 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

01:58:32.0544 2004 KeyIso - ok

01:58:32.0551 2004 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

01:58:32.0555 2004 KSecDD - ok

01:58:32.0562 2004 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

01:58:32.0567 2004 KSecPkg - ok

01:58:32.0576 2004 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

01:58:32.0608 2004 ksthunk - ok

01:58:32.0642 2004 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

01:58:32.0672 2004 KtmRm - ok

01:58:32.0706 2004 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

01:58:32.0737 2004 LanmanServer - ok

01:58:32.0770 2004 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

01:58:32.0786 2004 LanmanWorkstation - ok

01:58:32.0817 2004 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

01:58:32.0845 2004 lltdio - ok

01:58:32.0880 2004 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

01:58:32.0911 2004 lltdsvc - ok

01:58:32.0933 2004 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

01:58:32.0948 2004 lmhosts - ok

01:58:32.0973 2004 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

01:58:32.0977 2004 LSI_FC - ok

01:58:32.0988 2004 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

01:58:32.0992 2004 LSI_SAS - ok

01:58:33.0000 2004 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

01:58:33.0004 2004 LSI_SAS2 - ok

01:58:33.0020 2004 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

01:58:33.0024 2004 LSI_SCSI - ok

01:58:33.0039 2004 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

01:58:33.0073 2004 luafv - ok

01:58:33.0094 2004 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

01:58:33.0099 2004 Mcx2Svc - ok

01:58:33.0109 2004 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

01:58:33.0112 2004 megasas - ok

01:58:33.0133 2004 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

01:58:33.0139 2004 MegaSR - ok

01:58:33.0171 2004 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

01:58:33.0173 2004 MEIx64 - ok

01:58:33.0183 2004 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

01:58:33.0212 2004 MMCSS - ok

01:58:33.0229 2004 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

01:58:33.0258 2004 Modem - ok

01:58:33.0285 2004 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

01:58:33.0302 2004 monitor - ok

01:58:33.0323 2004 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

01:58:33.0327 2004 mouclass - ok

01:58:33.0341 2004 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

01:58:33.0359 2004 mouhid - ok

01:58:33.0381 2004 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

01:58:33.0385 2004 mountmgr - ok

01:58:33.0484 2004 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

01:58:33.0488 2004 MozillaMaintenance - ok

01:58:33.0532 2004 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

01:58:33.0537 2004 MpFilter - ok

01:58:33.0552 2004 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

01:58:33.0557 2004 mpio - ok

01:58:33.0573 2004 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

01:58:33.0589 2004 mpsdrv - ok

01:58:33.0606 2004 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

01:58:33.0631 2004 MRxDAV - ok

01:58:33.0659 2004 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

01:58:33.0696 2004 mrxsmb - ok

01:58:33.0712 2004 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys

01:58:33.0719 2004 mrxsmb10 - ok

01:58:33.0732 2004 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

01:58:33.0737 2004 mrxsmb20 - ok

01:58:33.0748 2004 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

01:58:33.0751 2004 msahci - ok

01:58:33.0763 2004 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

01:58:33.0768 2004 msdsm - ok

01:58:33.0790 2004 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

01:58:33.0796 2004 MSDTC - ok

01:58:33.0808 2004 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

01:58:33.0823 2004 Msfs - ok

01:58:33.0826 2004 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

01:58:33.0841 2004 mshidkmdf - ok

01:58:33.0843 2004 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

01:58:33.0846 2004 msisadrv - ok

01:58:33.0877 2004 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

01:58:33.0909 2004 MSiSCSI - ok

01:58:33.0910 2004 msiserver - ok

01:58:33.0927 2004 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

01:58:33.0962 2004 MSKSSRV - ok

01:58:33.0980 2004 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

01:58:34.0012 2004 MSPCLOCK - ok

01:58:34.0027 2004 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

01:58:34.0055 2004 MSPQM - ok

01:58:34.0103 2004 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

01:58:34.0110 2004 MsRPC - ok

01:58:34.0123 2004 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

01:58:34.0126 2004 mssmbios - ok

01:58:34.0139 2004 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

01:58:34.0168 2004 MSTEE - ok

01:58:34.0184 2004 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

01:58:34.0188 2004 MTConfig - ok

01:58:34.0205 2004 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

01:58:34.0208 2004 Mup - ok

01:58:34.0244 2004 mv91xx (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\DRIVERS\mv91xx.sys

01:58:34.0250 2004 mv91xx - ok

01:58:34.0281 2004 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

01:58:34.0319 2004 napagent - ok

01:58:34.0364 2004 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

01:58:34.0392 2004 NativeWifiP - ok

01:58:34.0438 2004 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

01:58:34.0451 2004 NDIS - ok

01:58:34.0465 2004 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

01:58:34.0481 2004 NdisCap - ok

01:58:34.0498 2004 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

01:58:34.0514 2004 NdisTapi - ok

01:58:34.0529 2004 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

01:58:34.0544 2004 Ndisuio - ok

01:58:34.0555 2004 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

01:58:34.0583 2004 NdisWan - ok

01:58:34.0604 2004 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

01:58:34.0619 2004 NDProxy - ok

01:58:34.0623 2004 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

01:58:34.0651 2004 NetBIOS - ok

01:58:34.0677 2004 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

01:58:34.0694 2004 NetBT - ok

01:58:34.0702 2004 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

01:58:34.0706 2004 Netlogon - ok

01:58:34.0727 2004 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

01:58:34.0763 2004 Netman - ok

01:58:34.0856 2004 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

01:58:34.0860 2004 NetMsmqActivator - ok

01:58:34.0871 2004 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

01:58:34.0874 2004 NetPipeActivator - ok

01:58:34.0897 2004 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

01:58:34.0934 2004 netprofm - ok

01:58:34.0936 2004 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

01:58:34.0939 2004 NetTcpActivator - ok

01:58:34.0940 2004 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

01:58:34.0943 2004 NetTcpPortSharing - ok

01:58:34.0984 2004 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

01:58:34.0988 2004 nfrd960 - ok

01:58:35.0019 2004 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

01:58:35.0023 2004 NisDrv - ok

01:58:35.0083 2004 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

01:58:35.0090 2004 NisSrv - ok

01:58:35.0114 2004 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

01:58:35.0151 2004 NlaSvc - ok

01:58:35.0191 2004 nmwcd (5fe6f8c05f0769bbb74afac11453b182) C:\Windows\system32\drivers\ccdcmbx64.sys

01:58:35.0216 2004 nmwcd - ok

01:58:35.0251 2004 nmwcdc (73c929945c0850b8d1fe2fea05fdf05d) C:\Windows\system32\drivers\ccdcmbox64.sys

01:58:35.0262 2004 nmwcdc - ok

01:58:35.0298 2004 nmwcdnsucx64 (697ca586209e022d15dd0c838b235d6a) C:\Windows\system32\drivers\nmwcdnsucx64.sys

01:58:35.0309 2004 nmwcdnsucx64 - ok

01:58:35.0330 2004 nmwcdnsux64 (292ddf13f91f2cb2482b57aacd6aeb9b) C:\Windows\system32\drivers\nmwcdnsux64.sys

01:58:35.0359 2004 nmwcdnsux64 - ok

01:58:35.0379 2004 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

01:58:35.0394 2004 Npfs - ok

01:58:35.0420 2004 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

01:58:35.0449 2004 nsi - ok

01:58:35.0470 2004 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

01:58:35.0504 2004 nsiproxy - ok

01:58:35.0559 2004 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys

01:58:35.0580 2004 Ntfs - ok

01:58:35.0625 2004 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

01:58:35.0640 2004 Null - ok

01:58:35.0667 2004 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys

01:58:35.0672 2004 nvraid - ok

01:58:35.0685 2004 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys

01:58:35.0690 2004 nvstor - ok

01:58:35.0700 2004 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

01:58:35.0704 2004 nv_agp - ok

01:58:35.0720 2004 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

01:58:35.0738 2004 ohci1394 - ok

01:58:35.0773 2004 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

01:58:35.0796 2004 p2pimsvc - ok

01:58:35.0822 2004 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

01:58:35.0831 2004 p2psvc - ok

01:58:35.0855 2004 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

01:58:35.0860 2004 Parport - ok

01:58:35.0872 2004 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

01:58:35.0876 2004 partmgr - ok

01:58:35.0886 2004 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

01:58:35.0913 2004 PcaSvc - ok

01:58:35.0960 2004 pccsmcfd (3fde033dfb0d07f8b7d5c9a3044aa121) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys

01:58:35.0964 2004 pccsmcfd - ok

01:58:35.0976 2004 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

01:58:35.0980 2004 pci - ok

01:58:35.0982 2004 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

01:58:35.0985 2004 pciide - ok

01:58:35.0998 2004 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

01:58:36.0004 2004 pcmcia - ok

01:58:36.0016 2004 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

01:58:36.0019 2004 pcw - ok

01:58:36.0042 2004 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

01:58:36.0078 2004 PEAUTH - ok

01:58:36.0123 2004 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

01:58:36.0152 2004 PeerDistSvc - ok

01:58:36.0226 2004 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

01:58:36.0251 2004 PerfHost - ok

01:58:36.0349 2004 PinnacleUpdateSvc (0015113a604b94769ab5159e8dcfc6e6) C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe

01:58:36.0373 2004 PinnacleUpdateSvc ( UnsignedFile.Multi.Generic ) - warning

01:58:36.0373 2004 PinnacleUpdateSvc - detected UnsignedFile.Multi.Generic (1)

01:58:36.0450 2004 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

01:58:36.0490 2004 pla - ok

01:58:36.0551 2004 PlugPlay (b806e50427511bcf4ad8e8239c3e25fa) C:\Windows\system32\umpnpmgr.dll

01:58:36.0583 2004 PlugPlay - ok

01:58:36.0616 2004 PnkBstrA - ok

01:58:36.0627 2004 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

01:58:36.0644 2004 PNRPAutoReg - ok

01:58:36.0668 2004 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

01:58:36.0674 2004 PNRPsvc - ok

01:58:36.0720 2004 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys

01:58:36.0722 2004 Point64 - ok

01:58:36.0756 2004 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

01:58:36.0788 2004 PolicyAgent - ok

01:58:36.0814 2004 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

01:58:36.0845 2004 Power - ok

01:58:36.0884 2004 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

01:58:36.0917 2004 PptpMiniport - ok

01:58:36.0933 2004 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

01:58:36.0955 2004 Processor - ok

01:58:36.0990 2004 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

01:58:37.0023 2004 ProfSvc - ok

01:58:37.0043 2004 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

01:58:37.0048 2004 ProtectedStorage - ok

01:58:37.0068 2004 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

01:58:37.0084 2004 Psched - ok

01:58:37.0123 2004 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

01:58:37.0143 2004 ql2300 - ok

01:58:37.0213 2004 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

01:58:37.0218 2004 ql40xx - ok

01:58:37.0244 2004 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

01:58:37.0252 2004 QWAVE - ok

01:58:37.0264 2004 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

01:58:37.0271 2004 QWAVEdrv - ok

01:58:37.0343 2004 RadeonPro Support Service (6c8f17953c07f88364307fc7811c5184) C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe

01:58:37.0362 2004 RadeonPro Support Service ( UnsignedFile.Multi.Generic ) - warning

01:58:37.0362 2004 RadeonPro Support Service - detected UnsignedFile.Multi.Generic (1)

01:58:37.0383 2004 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

01:58:37.0415 2004 RasAcd - ok

01:58:37.0438 2004 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

01:58:37.0453 2004 RasAgileVpn - ok

01:58:37.0465 2004 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

01:58:37.0481 2004 RasAuto - ok

01:58:37.0502 2004 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

01:58:37.0532 2004 Rasl2tp - ok

01:58:37.0558 2004 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

01:58:37.0576 2004 RasMan - ok

01:58:37.0584 2004 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

01:58:37.0612 2004 RasPppoe - ok

01:58:37.0634 2004 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

01:58:37.0663 2004 RasSstp - ok

01:58:37.0692 2004 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

01:58:37.0709 2004 rdbss - ok

01:58:37.0711 2004 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

01:58:37.0731 2004 rdpbus - ok

01:58:37.0747 2004 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

01:58:37.0762 2004 RDPCDD - ok

01:58:37.0779 2004 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

01:58:37.0784 2004 RDPDR - ok

01:58:37.0804 2004 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

01:58:37.0833 2004 RDPENCDD - ok

01:58:37.0848 2004 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

01:58:37.0862 2004 RDPREFMP - ok

01:58:37.0875 2004 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

01:58:37.0898 2004 RdpVideoMiniport - ok

01:58:37.0920 2004 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

01:58:37.0937 2004 RDPWD - ok

01:58:37.0956 2004 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

01:58:37.0962 2004 rdyboost - ok

01:58:37.0993 2004 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

01:58:38.0021 2004 RemoteAccess - ok

01:58:38.0050 2004 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

01:58:38.0081 2004 RemoteRegistry - ok

01:58:38.0136 2004 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

01:58:38.0159 2004 RFCOMM - ok

01:58:38.0179 2004 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

01:58:38.0213 2004 RpcEptMapper - ok

01:58:38.0235 2004 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

01:58:38.0257 2004 RpcLocator - ok

01:58:38.0295 2004 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

01:58:38.0312 2004 RpcSs - ok

01:58:38.0326 2004 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

01:58:38.0342 2004 rspndr - ok

01:58:38.0355 2004 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

01:58:38.0371 2004 s3cap - ok

01:58:38.0393 2004 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

01:58:38.0398 2004 SamSs - ok

01:58:38.0411 2004 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

01:58:38.0415 2004 sbp2port - ok

01:58:38.0435 2004 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

01:58:38.0452 2004 SCardSvr - ok

01:58:38.0464 2004 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

01:58:38.0498 2004 scfilter - ok

01:58:38.0538 2004 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

01:58:38.0574 2004 Schedule - ok

01:58:38.0606 2004 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

01:58:38.0621 2004 SCPolicySvc - ok

01:58:38.0642 2004 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

01:58:38.0648 2004 SDRSVC - ok

01:58:38.0675 2004 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

01:58:38.0705 2004 secdrv - ok

01:58:38.0726 2004 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

01:58:38.0741 2004 seclogon - ok

01:58:38.0748 2004 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

01:58:38.0778 2004 SENS - ok

01:58:38.0796 2004 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

01:58:38.0819 2004 SensrSvc - ok

01:58:38.0839 2004 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

01:58:38.0861 2004 Serenum - ok

01:58:38.0877 2004 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

01:58:38.0900 2004 Serial - ok

01:58:38.0921 2004 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

01:58:38.0942 2004 sermouse - ok

01:58:39.0036 2004 ServiceLayer (c3bb6cf8f9ee199005a2aae2815ad756) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

01:58:39.0047 2004 ServiceLayer - ok

01:58:39.0059 2004 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

01:58:39.0091 2004 SessionEnv - ok

01:58:39.0111 2004 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

01:58:39.0117 2004 sffdisk - ok

01:58:39.0121 2004 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

01:58:39.0144 2004 sffp_mmc - ok

01:58:39.0158 2004 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

01:58:39.0182 2004 sffp_sd - ok

01:58:39.0201 2004 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

01:58:39.0206 2004 sfloppy - ok

01:58:39.0240 2004 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

01:58:39.0258 2004 ShellHWDetection - ok

01:58:39.0271 2004 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

01:58:39.0275 2004 SiSRaid2 - ok

01:58:39.0286 2004 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

01:58:39.0290 2004 SiSRaid4 - ok

01:58:39.0450 2004 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

01:58:39.0486 2004 Skype C2C Service - ok

01:58:39.0542 2004 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe

01:58:39.0546 2004 SkypeUpdate - ok

01:58:39.0634 2004 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

01:58:39.0663 2004 Smb - ok

01:58:39.0690 2004 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

01:58:39.0712 2004 SNMPTRAP - ok

01:58:39.0729 2004 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

01:58:39.0732 2004 spldr - ok

01:58:39.0769 2004 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

01:58:39.0789 2004 Spooler - ok

01:58:39.0865 2004 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

01:58:39.0928 2004 sppsvc - ok

01:58:39.0964 2004 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

01:58:39.0980 2004 sppuinotify - ok

01:58:40.0003 2004 sptd - ok

01:58:40.0028 2004 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

01:58:40.0062 2004 srv - ok

01:58:40.0080 2004 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

01:58:40.0105 2004 srv2 - ok

01:58:40.0129 2004 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

01:58:40.0134 2004 srvnet - ok

01:58:40.0159 2004 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

01:58:40.0176 2004 SSDPSRV - ok

01:58:40.0187 2004 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

01:58:40.0203 2004 SstpSvc - ok

01:58:40.0241 2004 Steam Client Service - ok

01:58:40.0259 2004 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

01:58:40.0263 2004 stexstor - ok

01:58:40.0309 2004 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

01:58:40.0321 2004 stisvc - ok

01:58:40.0340 2004 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

01:58:40.0344 2004 storflt - ok

01:58:40.0350 2004 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

01:58:40.0355 2004 StorSvc - ok

01:58:40.0375 2004 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

01:58:40.0379 2004 storvsc - ok

01:58:40.0397 2004 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

01:58:40.0401 2004 swenum - ok

01:58:40.0484 2004 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

01:58:40.0518 2004 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning

01:58:40.0518 2004 SwitchBoard - detected UnsignedFile.Multi.Generic (1)

01:58:40.0547 2004 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

01:58:40.0586 2004 swprv - ok

01:58:40.0609 2004 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\Synth3dVsc.sys

01:58:40.0613 2004 Synth3dVsc - ok

01:58:40.0656 2004 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

01:58:40.0694 2004 SysMain - ok

01:58:40.0777 2004 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

01:58:40.0798 2004 TabletInputService - ok

01:58:40.0848 2004 tap0901t (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys

01:58:40.0883 2004 tap0901t - ok

01:58:40.0931 2004 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

01:58:40.0966 2004 TapiSrv - ok

01:58:40.0970 2004 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

01:58:40.0985 2004 TBS - ok

01:58:41.0037 2004 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys

01:58:41.0061 2004 Tcpip - ok

01:58:41.0121 2004 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys

01:58:41.0138 2004 TCPIP6 - ok

01:58:41.0592 2004 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

01:58:41.0626 2004 tcpipreg - ok

01:58:41.0649 2004 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

01:58:41.0681 2004 TDPIPE - ok

01:58:41.0702 2004 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

01:58:41.0740 2004 TDTCP - ok

01:58:41.0759 2004 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

01:58:41.0775 2004 tdx - ok

01:58:41.0784 2004 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

01:58:41.0788 2004 TermDD - ok

01:58:41.0814 2004 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys

01:58:41.0830 2004 terminpt - ok

01:58:41.0867 2004 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

01:58:41.0905 2004 TermService - ok

01:58:41.0925 2004 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

01:58:41.0932 2004 Themes - ok

01:58:41.0951 2004 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

01:58:41.0967 2004 THREADORDER - ok

01:58:42.0073 2004 TRIXX - ok

01:58:42.0455 2004 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

01:58:42.0500 2004 TrkWks - ok

01:58:42.0531 2004 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

01:58:42.0562 2004 TrustedInstaller - ok

01:58:42.0631 2004 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

01:58:42.0662 2004 tssecsrv - ok

01:58:42.0683 2004 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

01:58:42.0688 2004 TsUsbFlt - ok

01:58:42.0698 2004 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

01:58:42.0716 2004 TsUsbGD - ok

01:58:42.0739 2004 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys

01:58:42.0744 2004 tsusbhub - ok

01:58:42.0770 2004 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

01:58:42.0802 2004 tunnel - ok

01:58:43.0956 2004 TunngleService (c114a8d9a3ec5fef60b34ec015828752) C:\Program Files (x86)\Tunngle\TnglCtrl.exe

01:58:43.0974 2004 TunngleService - ok

01:58:43.0992 2004 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

01:58:43.0996 2004 uagp35 - ok

01:58:44.0014 2004 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

01:58:44.0045 2004 udfs - ok

01:58:44.0081 2004 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

01:58:44.0087 2004 UI0Detect - ok

01:58:44.0102 2004 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

01:58:44.0106 2004 uliagpkx - ok

01:58:44.0121 2004 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

01:58:44.0138 2004 umbus - ok

01:58:44.0157 2004 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

01:58:44.0173 2004 UmPass - ok

01:58:44.0196 2004 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

01:58:44.0218 2004 UmRdpService - ok

01:58:44.0243 2004 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

01:58:44.0277 2004 upnphost - ok

01:58:44.0338 2004 upperdev (34afb83c7bba370e404e52cc2290350c) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys

01:58:44.0364 2004 upperdev - ok

01:58:44.0406 2004 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

01:58:44.0425 2004 USBAAPL64 - ok

01:58:44.0444 2004 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys

01:58:44.0449 2004 usbccgp - ok

01:58:44.0468 2004 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

01:58:44.0474 2004 usbcir - ok

01:58:44.0485 2004 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys

01:58:44.0509 2004 usbehci - ok

01:58:44.0543 2004 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys

01:58:44.0570 2004 usbhub - ok

01:58:44.0588 2004 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys

01:58:44.0593 2004 usbohci - ok

01:58:44.0603 2004 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

01:58:44.0626 2004 usbprint - ok

01:58:44.0655 2004 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

01:58:44.0661 2004 usbscan - ok

01:58:44.0690 2004 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys

01:58:44.0714 2004 usbser - ok

01:58:44.0736 2004 UsbserFilt (aa75e1efbee7186b4cbaaacf1f15e6ca) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys

01:58:44.0766 2004 UsbserFilt - ok

01:58:44.0790 2004 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS

01:58:44.0795 2004 USBSTOR - ok

01:58:44.0812 2004 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys

01:58:44.0817 2004 usbuhci - ok

01:58:44.0833 2004 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

01:58:44.0866 2004 UxSms - ok

01:58:44.0900 2004 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

01:58:44.0905 2004 VaultSvc - ok

01:58:44.0955 2004 VBoxNetAdp (9e607f6240eadc4c0b3570f3e5e0358c) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys

01:58:44.0959 2004 VBoxNetAdp - ok

01:58:44.0966 2004 VBoxNetFlt - ok

01:58:44.0976 2004 VComm - ok

01:58:44.0983 2004 VcommMgr - ok

01:58:44.0999 2004 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

01:58:45.0002 2004 vdrvroot - ok

01:58:45.0027 2004 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

01:58:45.0047 2004 vds - ok

01:58:45.0056 2004 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

01:58:45.0062 2004 vga - ok

01:58:45.0069 2004 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

01:58:45.0103 2004 VgaSave - ok

01:58:45.0105 2004 VGPU - ok

01:58:45.0124 2004 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

01:58:45.0130 2004 vhdmp - ok

01:58:45.0139 2004 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

01:58:45.0143 2004 viaide - ok

01:58:45.0168 2004 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

01:58:45.0173 2004 vmbus - ok

01:58:45.0184 2004 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

01:58:45.0189 2004 VMBusHID - ok

01:58:45.0210 2004 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

01:58:45.0214 2004 volmgr - ok

01:58:45.0235 2004 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

01:58:45.0242 2004 volmgrx - ok

01:58:45.0292 2004 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

01:58:45.0298 2004 volsnap - ok

01:58:45.0314 2004 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

01:58:45.0319 2004 vsmraid - ok

01:58:45.0383 2004 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

01:58:45.0430 2004 VSS - ok

01:58:45.0924 2004 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

01:58:45.0947 2004 vwifibus - ok

01:58:45.0970 2004 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

01:58:45.0989 2004 W32Time - ok

01:58:46.0010 2004 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

01:58:46.0032 2004 WacomPen - ok

01:58:46.0067 2004 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

01:58:46.0100 2004 WANARP - ok

01:58:46.0101 2004 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

01:58:46.0116 2004 Wanarpv6 - ok

01:58:46.0163 2004 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

01:58:46.0197 2004 wbengine - ok

01:58:46.0277 2004 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

01:58:46.0286 2004 WbioSrvc - ok

01:58:46.0304 2004 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

01:58:46.0330 2004 wcncsvc - ok

01:58:46.0348 2004 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

01:58:46.0352 2004 WcsPlugInService - ok

01:58:46.0366 2004 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

01:58:46.0370 2004 Wd - ok

01:58:46.0398 2004 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

01:58:46.0408 2004 Wdf01000 - ok

01:58:46.0420 2004 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

01:58:46.0445 2004 WdiServiceHost - ok

01:58:46.0446 2004 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

01:58:46.0453 2004 WdiSystemHost - ok

01:58:46.0490 2004 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

01:58:46.0517 2004 WebClient - ok

01:58:46.0545 2004 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

01:58:46.0575 2004 Wecsvc - ok

01:58:46.0594 2004 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

01:58:46.0622 2004 wercplsupport - ok

01:58:46.0652 2004 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

01:58:46.0668 2004 WerSvc - ok

01:58:46.0676 2004 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

01:58:46.0691 2004 WfpLwf - ok

01:58:46.0698 2004 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

01:58:46.0701 2004 WIMMount - ok

01:58:46.0703 2004 WinHttpAutoProxySvc - ok

01:58:46.0753 2004 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

01:58:46.0771 2004 Winmgmt - ok

01:58:47.0776 2004 WinRing0_1_2_0 - ok

01:58:50.0937 2004 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

01:58:50.0979 2004 WinRM - ok

01:58:51.0208 2004 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

01:58:51.0228 2004 WinUsb - ok

01:58:51.0273 2004 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

01:58:51.0303 2004 Wlansvc - ok

01:58:51.0937 2004 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

01:58:51.0971 2004 wlidsvc - ok

01:58:52.0131 2004 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

01:58:52.0171 2004 WmiAcpi - ok

01:58:52.0765 2004 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

01:58:52.0799 2004 wmiApSrv - ok

01:58:52.0825 2004 WMPNetworkSvc - ok

01:58:52.0864 2004 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

01:58:52.0869 2004 WPCSvc - ok

01:58:52.0881 2004 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

01:58:52.0887 2004 WPDBusEnum - ok

01:58:52.0897 2004 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

01:58:52.0912 2004 ws2ifsl - ok

01:58:52.0913 2004 WSearch - ok

01:58:52.0928 2004 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

01:58:52.0962 2004 WudfPf - ok

01:58:52.0994 2004 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

01:58:53.0010 2004 WUDFRd - ok

01:58:53.0025 2004 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

01:58:53.0041 2004 wudfsvc - ok

01:58:53.0058 2004 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

01:58:53.0095 2004 WwanSvc - ok

01:58:53.0156 2004 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys

01:58:53.0168 2004 xnacc - ok

01:58:53.0217 2004 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

01:58:54.0833 2004 \Device\Harddisk0\DR0 - ok

01:58:54.0834 2004 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

01:58:54.0876 2004 \Device\Harddisk1\DR1 - ok

01:58:54.0878 2004 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2

01:58:58.0230 2004 \Device\Harddisk2\DR2 - ok

01:58:58.0241 2004 Boot (0x1200) (a16449b608edc58df0fd41635711315f) \Device\Harddisk0\DR0\Partition0

01:58:58.0277 2004 \Device\Harddisk0\DR0\Partition0 - ok

01:58:58.0289 2004 Boot (0x1200) (ee623c67f92c0e583ce7bdb9b037c945) \Device\Harddisk0\DR0\Partition1

01:58:58.0302 2004 \Device\Harddisk0\DR0\Partition1 - ok

01:58:58.0303 2004 Boot (0x1200) (5f1c47cf0bf1dfe8d7bfa3133f74475a) \Device\Harddisk1\DR1\Partition0

01:58:58.0303 2004 \Device\Harddisk1\DR1\Partition0 - ok

01:58:58.0305 2004 Boot (0x1200) (6a763a26b81b78eae4549cd90e87ba8f) \Device\Harddisk2\DR2\Partition0

01:58:58.0306 2004 \Device\Harddisk2\DR2\Partition0 - ok

01:58:58.0306 2004 ============================================================

01:58:58.0306 2004 Scan finished

01:58:58.0306 2004 ============================================================

01:58:58.0310 2732 Detected object count: 5

01:58:58.0310 2732 Actual detected object count: 5

02:00:12.0542 2732 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user

02:00:12.0542 2732 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:00:12.0543 2732 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

02:00:12.0543 2732 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:00:12.0543 2732 PinnacleUpdateSvc ( UnsignedFile.Multi.Generic ) - skipped by user

02:00:12.0543 2732 PinnacleUpdateSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:00:12.0543 2732 RadeonPro Support Service ( UnsignedFile.Multi.Generic ) - skipped by user

02:00:12.0543 2732 RadeonPro Support Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

02:00:12.0544 2732 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user

02:00:12.0544 2732 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

MrCharlie · August 14, 2012

Those are OK.......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Offline · August 14, 2012

Combofix log is as follows, it detected one threat but claimed to have fixed it:

ComboFix 12-08-13.01 - Mo 14/08/2012 2:20.1.4 - x64

Microsoft Windows 7 Enterprise 6.1.7600.1.1252.44.1033.18.8169.6505 [GMT 1:00]

Running from: c:\users\Mo\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Install.exe

c:\users\Mo\AppData\Roaming\Microsoft\Windows\Recent\Grand Theft Auto III.url

c:\windows\SysWow64\tmp1463.tmp

c:\windows\SysWow64\tmp1493.tmp

c:\windows\SysWow64\tmp277D.tmp

c:\windows\SysWow64\tmp2849.tmp

c:\windows\SysWow64\tmp5092.tmp

c:\windows\SysWow64\tmp5093.tmp

c:\windows\SysWow64\tmp6779.tmp

c:\windows\SysWow64\tmp677A.tmp

c:\windows\SysWow64\tmp755D.tmp

c:\windows\SysWow64\tmp755E.tmp

c:\windows\SysWow64\tmp8C86.tmp

c:\windows\SysWow64\tmp8CB6.tmp

c:\windows\SysWow64\tmp9BA3.tmp

c:\windows\SysWow64\tmp9BC3.tmp

c:\windows\SysWow64\tmpE9C4.tmp

c:\windows\SysWow64\tmpE9C6.tmp

c:\windows\SysWow64\tmpE9C7.tmp

c:\windows\SysWow64\tmpE9D5.tmp

c:\windows\SysWow64\tmpEC80.tmp

c:\windows\SysWow64\tmpECA0.tmp

c:\windows\SysWow64\tmpFB62.tmp

c:\windows\SysWow64\tmpFB63.tmp

c:\windows\SysWow64\tmpFE8A.tmp

c:\windows\SysWow64\tmpFE9A.tmp

.

Infected copy of c:\windows\System32\winver.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_b627d45ffdcc6f00\winver.exe

.

((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))

.

2012-08-14 09:30 . 2012-08-14 09:30 -------- d-----w- C:\FRST

2012-08-13 23:52 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-07 00:28 . 2012-08-07 03:35 -------- d-----w- c:\programdata\MFAData

2012-08-07 00:28 . 2012-08-07 00:28 -------- d--h--w- c:\programdata\Common Files

2012-08-07 00:26 . 2012-08-07 00:26 -------- d-----w- c:\users\Sufiya\AppData\Roaming\Malwarebytes

2012-08-07 00:20 . 2012-08-07 00:20 328704 ----a-w- c:\windows\system32\services.exe.AB232190785A8F2F

2012-08-07 00:17 . 2012-08-07 00:17 328704 ----a-w- c:\windows\system32\services.exe.5D022277278D6DA1

2012-08-07 00:10 . 2012-08-07 00:10 328704 ----a-w- c:\windows\system32\services.exe.BD196A85A2A068E7

2012-08-07 00:09 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C4239B0-2063-4368-9E3D-3D4E35F2B39F}\mpengine.dll

2012-08-07 00:08 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-07 00:08 . 2012-08-07 00:08 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-08-05 17:31 . 2012-08-05 17:31 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-31 15:43 . 2012-07-31 15:43 -------- d-----w- c:\users\Mo\AppData\Roaming\PowerUp Software

2012-07-31 15:43 . 2012-07-31 15:43 -------- d-----w- c:\programdata\PowerUp Software

2012-07-31 15:40 . 2012-07-31 15:40 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll

2012-07-31 15:40 . 2012-07-31 15:40 184452 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll

2012-07-31 15:40 . 2003-09-03 01:28 724992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll

2012-07-31 15:40 . 2003-09-03 01:27 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll

2012-07-31 15:40 . 2003-09-03 01:26 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll

2012-07-31 15:40 . 2003-09-03 01:26 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll

2012-07-31 15:40 . 2003-09-03 01:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe

2012-07-29 18:57 . 2012-07-29 18:57 -------- d-----w- c:\users\Sufiya\AppData\Roaming\PC Suite

2012-07-28 23:34 . 2012-07-28 23:34 -------- d-----w- c:\program files (x86)\Microsoft XNA

2012-07-27 14:56 . 2012-07-27 14:56 -------- d-----w- C:\download

2012-07-27 14:52 . 2012-08-13 12:25 -------- d-----w- C:\tempvideo

2012-07-25 14:33 . 2012-07-25 14:33 -------- d-----w- c:\program files (x86)\KONAMI

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-05 17:42 . 2012-05-28 10:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-05 17:42 . 2011-11-25 17:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-13 14:19 . 2011-07-27 15:20 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-07-13 14:19 . 2011-06-21 15:14 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-07-13 14:14 . 2011-06-21 14:42 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-06-11 10:33 . 2012-06-11 10:33 2152176 ----a-w- c:\windows\system32\WUDFUpdate_01009.dll

2012-06-11 10:33 . 2012-06-11 10:33 759296 ----a-w- c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll

2012-06-11 10:33 . 2011-11-29 21:58 26112 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys

2012-05-31 11:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-18 21:59 . 2012-05-18 21:59 119808 ----a-r- c:\users\Mo\AppData\Roaming\Microsoft\Installer\{F92064F6-BDE8-46FC-A19F-4E12D311BE3A}\icons.exe

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

[-] 2010-11-21 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514] .. c:\windows\system64\user32.dll

[-] 2010-11-21 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll

.

[7] 2011-04-09 . D60D9BCEAE5870A67E6C167F4681877B . 5562240 . . [6.1.7601.17592] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983\ntoskrnl.exe

[-] 2011-04-09 . 0195BB7C3D3ADA405C52C505BEB85B94 . 5505032 . . [6.1.7600.16385] .. c:\windows\system64\ntoskrnl.exe

[7] 2011-04-09 . 99C2715F138E7ED2F489AB796DD3B53C . 5562240 . . [6.1.7601.21701] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_cae7d4cee3dad1a4\ntoskrnl.exe

[-] 2011-04-09 . 0195BB7C3D3ADA405C52C505BEB85B94 . 5505032 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ntoskrnl.exe

[7] 2010-11-21 . C6CEC3E6CC9842B73501C70AA64C00FE . 5563776 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe

[-] 2011-04-09 . 0195BB7C3D3ADA405C52C505BEB85B94 . 5505032 . . [6.1.7600.16385] .. c:\windows\system32\ntoskrnl.exe

.

[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[-] 2010-11-21 . 0A8910F85D554ADB5C7F5B157FEE8622 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll

.

[7] 2011-04-09 . D60D9BCEAE5870A67E6C167F4681877B . 5562240 . . [6.1.7601.17592] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983\ntoskrnl.exe

[-] 2011-04-09 . 0195BB7C3D3ADA405C52C505BEB85B94 . 5505032 . . [6.1.7600.16385] .. c:\windows\system64\ntoskrnl.exe

[7] 2011-04-09 . 99C2715F138E7ED2F489AB796DD3B53C . 5562240 . . [6.1.7601.21701] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_cae7d4cee3dad1a4\ntoskrnl.exe

[-] 2011-04-09 . 0195BB7C3D3ADA405C52C505BEB85B94 . 5505032 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ntoskrnl.exe

[7] 2010-11-21 . C6CEC3E6CC9842B73501C70AA64C00FE . 5563776 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe

[-] 2011-04-09 . 0195BB7C3D3ADA405C52C505BEB85B94 . 5505032 . . [6.1.7600.16385] .. c:\windows\system32\ntoskrnl.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 ALSysIO;ALSysIO;c:\users\Mo\AppData\Local\Temp\ALSysIO64.sys [x]

R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]

R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]

R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]

R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-06 30088]

R3 cpuz135;cpuz135;c:\users\Mo\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [2011-08-11 25832]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 GS In-Game Service;GS In-Game Service;c:\program files (x86)\GameTracker\GSInGameService.exe [2011-04-29 1677096]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 136176]

R3 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]

R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 27016]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2012-01-09 12800]

R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2012-01-09 171008]

R3 RadeonPro Support Service;RadeonPro Support Service;c:\program files (x86)\RadeonPro\RadeonProSupport.exe [2011-02-10 12800]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]

R3 TRIXX;TRIXX;c:\users\Mo\AppData\Local\Temp\TRIXX.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]

R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2011-12-12 751464]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-11-04 146736]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Mo\AppData\Local\Temp\Rar$EX31.160\WinRing0x64.sys [x]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2011-07-27 24456]

S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-11-22 303408]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-23 279616]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]

S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 20:32]

.

2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 20:32]

.

2012-08-13 c:\windows\Tasks\ParetoLogic Registration.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://bl151w.blu151.mail.live.com/default.aspx#!/mail/InboxLight.aspx?n=1326901447

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = 71.10.214.28:3128

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

FF - ProfilePath - c:\users\Mo\AppData\Roaming\Mozilla\Firefox\Profiles\f1um2avb.default\

FF - prefs.js: browser.startup.homepage - www.google.com

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

SafeBoot-MsMpSvc

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe

AddRemove-Call of Duty: Black Ops_is1 - d:\games\Call of Duty - Black Ops\unins000.exe

AddRemove-Dear Esther_is1 - d:\games\Dear Esther\unins000.exe

AddRemove-Deus Ex Human Revolution - The Missing Link_is1 - d:\games\Deus Ex Human Revolution - The Missing Link\unins000.exe

AddRemove-Deus Ex Human Revolution_is1 - d:\games\Deus Ex Human Revolution\unins000.exe

AddRemove-Driver San Francisco - d:\games\Driver San Francisco\Uninstall\Uninstall.exe

AddRemove-Evochron Mercenary_is1 - d:\games\EvochronMercenary\unins000.exe

AddRemove-Halo - c:\program files (x86)\Microsoft Games\Halo\UNINSTAL.EXE

AddRemove-Halo Trial - d:\games\Halo\UNINSTAL.EXE

AddRemove-Hard Reset_is1 - d:\games\Hard Reset\unins000.exe

AddRemove-Kingdoms of Amalur Reckoning_is1 - d:\games\Kingdoms of Amalur Reckoning\unins000.exe

AddRemove-Mafia II_is1 - d:\games\Mafia II\unins000.exe

AddRemove-Mster - c:\crysis\Mster Config v3.01 Uninstall.exe

AddRemove-Orcs Must Die!_is1 - d:\games\Orcs Must Die!\unins000.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-Race Injection_is1 - d:\games\Race Injection\unins000.exe

AddRemove-Rage_is1 - d:\games\Rage\unins000.exe

AddRemove-Red Faction Armageddon_is1 - d:\games\Red Faction Armageddon\unins000.exe

AddRemove-Saints Row The Third_is1 - d:\games\Saints Row The Third\unins000.exe

AddRemove-Serious Sam HD The First Encounter_is1 - d:\games\Serious Sam HD The First Encounter\unins000.exe

AddRemove-SOL Exodus_is1 - d:\games\SOL Exodus\unins000.exe

AddRemove-Sonic Generations_is1 - d:\games\Sonic Generations\unins000.exe

AddRemove-Sword of the Stars II Lords of Winter_is1 - d:\games\Sword of the Stars II Lords of Winter\unins000.exe

AddRemove-The Darkness II_is1 - d:\games\The Darkness II\unins000.exe

AddRemove-Trine 2_is1 - d:\games\Trine 2\unins000.exe

AddRemove-Two Worlds II - d:\games\Two Worlds II\Uninstall.exe

AddRemove-UBCD4Win_is1 - c:\ubcd4win\unins000.exe

AddRemove-Warhammer 40000 Space Marine_is1 - d:\games\Warhammer 40000 Space Marine\unins000.exe

AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\users\Mo\Desktop\uninstall.exe

AddRemove-{3F5FA47E-B4DE-45B4-85E3-11CD5E4974A3}_is1 - d:\games\Mirrors Edge\unins000.exe

AddRemove-{4F5FA47E-B4DE-45B4-85E3-11CD5E4974A3}_is1 - c:\program files (x86)\Black_Box\DarkSiders\unins000.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4021109057-3015000164-1329464817-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:e6,b8,d9,a8,1b,ec,19,da,ca,62,64,e6,a7,52,f8,f7,fc,ea,c0,0f,cc,7a,6e,

0c,85,50,73,2a,f9,aa,6f,f4,b5,46,4b,01,4b,16,9b,6d,43,7b,aa,ce,29,2f,a0,cb,\

"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f

.

[HKEY_USERS\S-1-5-21-4021109057-3015000164-1329464817-1000\Software\SecuROM\License information*]

"datasecu"=hex:35,61,73,37,fa,6e,af,ab,60,d7,bf,4c,5a,8a,3c,db,c9,dd,88,cf,d8,

2f,77,38,5a,45,96,15,86,55,59,82,3b,b5,62,7f,85,53,74,24,34,96,ca,4c,5e,14,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)