Windows defender disabled, google and facebook security revoked

1hyme2 · June 6, 2013

Hello, and thank you in advance for your time. Title tells the shortest version, here's a slightly longer one. My father-in-law gave me an old game of his yesterday, which was apparently attached to his steam account. I attempted to get a key for it, using a keygen that at the time appeared not to work. Then I notice today that facebook, anything google, windows defender, and anything malware removal or just plain search related kicks back revoked security certificate in chrome, or popups in explorer. I fully realize *I* screwed this up, but hopefully I can get help fixing this, and call it a lesson learned? The dds and attach copy pastes follow.

dds :

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2

Run by James at 15:44:05 on 2013-06-06

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8109.5908 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Users\James\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Users\James\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler64.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe

C:\Windows\system32\taskhost.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe

C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.msn.com

uDefault_Page_URL = hxxp://www.msn.com

mWinlogon: Userinit = userinit.exe

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [Google Update] "C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

uRun: [Amazon Cloud Drive] C:\Users\James\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

LSP: mswsock.dll

TCP: NameServer = 8.8.4.4 4.2.2.2

TCP: Interfaces\{D61E13FA-C188-4A35-A59A-E178DE70E486} : DHCPNameServer = 8.8.4.4 4.2.2.2

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-BHO: GBHO.BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} -

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} -

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

x64-RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-10-15 21104]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2011-6-16 87368]

R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]

R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]

R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-10-15 114688]

R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-8-28 92632]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-3-7 40832]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-3-7 65280]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-15 317440]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]

R3 LVUVC64;Logitech QuickCam E3500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-15 413800]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S1 epcpmzca;epcpmzca;C:\Windows\System32\drivers\epcpmzca.sys [2013-6-5 49872]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-10-15 30528]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-1 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

.

=============== Created Last 30 ================

.

2013-06-06 17:18:46 2250024 ----a-w- C:\Windows\SysWow64\pbsvc.exe

2013-06-05 23:25:53 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll

2013-06-05 23:22:17 -------- dc-h--w- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}

2013-06-05 23:08:40 2628 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg

2013-06-05 22:02:38 49872 ----a-w- C:\Windows\System32\drivers\epcpmzca.sys

2013-06-05 18:50:14 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6C054FF2-31E3-4F43-A308-0128534D24B7}\mpengine.dll

2013-05-14 21:40:00 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-05-14 21:40:00 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-05-14 21:40:00 144384 ----a-w- C:\Windows\System32\cdd.dll

2013-05-14 21:39:53 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-05-14 21:39:52 70144 ----a-w- C:\Windows\System32\appinfo.dll

2013-05-14 21:39:52 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-05-14 21:39:52 111448 ----a-w- C:\Windows\System32\consent.exe

2013-05-14 21:39:46 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-05-14 21:39:46 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-05-14 21:39:45 3153920 ----a-w- C:\Windows\System32\win32k.sys

.

==================== Find3M ====================

.

2013-06-06 17:18:54 107832 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-06-05 22:08:41 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-05 22:08:41 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-05 18:46:15 25640 ----a-w- C:\Windows\gdrv.sys

2013-05-22 04:23:57 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-05-22 04:23:57 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-05-02 07:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll

2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-04-04 10:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-10 07:02:23 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-10 07:02:23 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

.

============= FINISH: 15:45:46.12 ===============

attach :

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 11/3/2011 12:33:46 AM

System Uptime: 6/6/2013 1:39:37 AM (14 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | Z68AP-D3

Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz | Socket 1155 | 3701/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 404.165 GiB free.

D: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP199: 5/21/2013 8:31:43 AM - Windows Update

RP200: 6/5/2013 1:49:59 PM - Windows Update

RP201: 6/5/2013 4:08:22 PM - Installed DirectX

RP203: 6/5/2013 5:02:32 PM - Windows Defender Checkpoint

RP204: 6/5/2013 6:08:28 PM - Configured EA Download Manager

RP205: 6/6/2013 12:14:03 PM - Installed Far Cry 2

RP206: 6/6/2013 12:19:19 PM - Installed DirectX

.

==== Installed Programs ======================

.

@BIOS

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.7)

Amazon Cloud Drive

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Audiosurf

Battlefield 3™

Battlelog Web Plugins

Bonjour

Borderlands

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Combined Community Codec Pack 2011-11-11

Counter-Strike

Counter-Strike: Condition Zero

Counter-Strike: Condition Zero Deleted Scenes

Crysis WARHEAD®

Easy Tune 6 B11.0512.1

ESN Sonar

Etron USB3.0 Host Controller

Fallout: New Vegas

Far Cry 2

Google Chrome

Guild Wars 2

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Internet TV for Windows Media Center

iTunes

Java 7 Update 21

Java Auto Updater

Junk Mail filter update

League of Legends

Left 4 Dead 2

Logitech Vid HD

Logitech Webcam Software

Mass Effect™ 3

Medieval II Total War

Medieval II Total War : Kingdoms : Americas

Medieval II Total War : Kingdoms : Britannia

Medieval II Total War : Kingdoms : Crusades

Medieval II Total War : Kingdoms : Teutonic

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Flight

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft IntelliPoint 8.2

Microsoft IntelliType Pro 8.2

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mirror's Edge

MotoHelper 2.1.32 Driver 5.4.0

MotoHelper MergeModules

MOTOROLA MEDIA LINK

Motorola Mobile Drivers Installation 5.4.0

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Netflix in Windows Media Center

NVIDIA PhysX

ON_OFF Charge B11.0110.1

Origin

Pando Media Booster

PunkBuster Services

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

RealUpgrade 1.1

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Skype Click to Call

Skype™ 6.1

Smart 6 B11.0512.1

Steam

TomTom HOME

TomTom HOME Visual Studio Merge Modules

Total War: SHOGUN 2

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Center Add-in for Flash

.

==== Event Viewer Messages From Past Week ========

.

6/6/2013 3:04:40 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: Access is denied.

.

==== End Of File ===========================

D-FRED-BROWN · June 7, 2013

Hello 1hyme2 and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------

In your next reply, please include the following:

TDSSKiller's logfile
MBAR mbar-log.txt and system-log.txt
ComboFix's report (C:\ComboFix.txt)
Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

1hyme2 · June 7, 2013

Thank you very much for the assistance! I have started following your instructions. When I ran TDSSKiller and rebooted, it cured something, but put out 3 logs. I am not certain which you need, sorry, 1 and 3 are fairly small, while 2nd is much much larger file size than them. I will post those three logs first, then continue to step 2 of your instructions.

log 1 : TDSSKiller.2.8.16.0_06.06.2013_23.52.15_log

23:52:15.0475 1796 TDSS rootkit removing tool 2.8.16.0 Mar 21 2013 15:53:02

23:52:37.0594 1796 Perform update action was selected

23:52:37.0596 6880 Deinitialize success

log 2 : TDSSKiller.2.8.16.0_06.06.2013_23.53.31_log

23:53:31.0426 5576 TDSS rootkit removing tool 2.8.16.0 Mar 21 2013 15:53:02

23:53:34.0765 5576 ============================================================

23:53:34.0765 5576 Current date / time: 2013/06/06 23:53:34.0765

23:53:34.0765 5576 SystemInfo:

23:53:34.0765 5576

23:53:34.0765 5576 OS Version: 6.1.7601 ServicePack: 1.0

23:53:34.0765 5576 Product type: Workstation

23:53:34.0765 5576 ComputerName: JAMES-PC

23:53:34.0765 5576 UserName: James

23:53:34.0765 5576 Windows directory: C:\Windows

23:53:34.0765 5576 System windows directory: C:\Windows

23:53:34.0765 5576 Running under WOW64

23:53:34.0765 5576 Processor architecture: Intel x64

23:53:34.0765 5576 Number of processors: 8

23:53:34.0765 5576 Page size: 0x1000

23:53:34.0765 5576 Boot type: Normal boot

23:53:34.0765 5576 ============================================================

23:53:35.0715 5576 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

23:53:35.0718 5576 ============================================================

23:53:35.0718 5576 \Device\Harddisk0\DR0:

23:53:35.0718 5576 MBR partitions:

23:53:35.0718 5576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

23:53:35.0718 5576 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800

23:53:35.0718 5576 ============================================================

23:53:35.0739 5576 C: <-> \Device\Harddisk0\DR0\Partition2

23:53:35.0739 5576 ============================================================

23:53:35.0739 5576 Initialize success

23:53:35.0739 5576 ============================================================

23:54:19.0875 5872 ============================================================

23:54:19.0875 5872 Scan started

23:54:19.0875 5872 Mode: Manual;

23:54:19.0875 5872 ============================================================

23:54:28.0506 5872 ================ Scan system memory ========================

23:54:28.0506 5872 System memory - ok

23:54:28.0506 5872 ================ Scan services =============================

23:54:28.0839 5872 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

23:54:28.0842 5872 1394ohci - ok

23:54:28.0860 5872 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

23:54:28.0863 5872 ACPI - ok

23:54:28.0886 5872 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

23:54:28.0887 5872 AcpiPmi - ok

23:54:28.0994 5872 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

23:54:28.0995 5872 AdobeARMservice - ok

23:54:29.0065 5872 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

23:54:29.0067 5872 AdobeFlashPlayerUpdateSvc - ok

23:54:29.0087 5872 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

23:54:29.0091 5872 adp94xx - ok

23:54:29.0095 5872 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

23:54:29.0098 5872 adpahci - ok

23:54:29.0102 5872 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

23:54:29.0104 5872 adpu320 - ok

23:54:29.0117 5872 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

23:54:29.0118 5872 AeLookupSvc - ok

23:54:29.0168 5872 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

23:54:29.0172 5872 AFD - ok

23:54:29.0186 5872 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

23:54:29.0187 5872 agp440 - ok

23:54:29.0201 5872 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

23:54:29.0202 5872 ALG - ok

23:54:29.0205 5872 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

23:54:29.0205 5872 aliide - ok

23:54:29.0227 5872 ALSysIO - ok

23:54:29.0269 5872 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

23:54:29.0271 5872 AMD External Events Utility - ok

23:54:29.0274 5872 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

23:54:29.0274 5872 amdide - ok

23:54:29.0287 5872 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

23:54:29.0289 5872 AmdK8 - ok

23:54:29.0489 5872 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

23:54:29.0651 5872 amdkmdag - ok

23:54:29.0679 5872 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

23:54:29.0684 5872 amdkmdap - ok

23:54:29.0697 5872 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

23:54:29.0698 5872 AmdPPM - ok

23:54:29.0732 5872 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

23:54:29.0734 5872 amdsata - ok

23:54:29.0743 5872 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

23:54:29.0745 5872 amdsbs - ok

23:54:29.0756 5872 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

23:54:29.0757 5872 amdxata - ok

23:54:29.0801 5872 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

23:54:29.0802 5872 AppID - ok

23:54:29.0822 5872 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

23:54:29.0823 5872 AppIDSvc - ok

23:54:29.0861 5872 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll

23:54:29.0862 5872 Appinfo - ok

23:54:29.0918 5872 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

23:54:29.0920 5872 Apple Mobile Device - ok

23:54:29.0967 5872 [ 6BE11AD81D4527D299F0CB5F3731AABC ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys

23:54:29.0968 5872 AppleCharger - ok

23:54:29.0985 5872 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe

23:54:29.0986 5872 AppleChargerSrv - ok

23:54:29.0998 5872 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

23:54:29.0999 5872 arc - ok

23:54:30.0015 5872 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

23:54:30.0016 5872 arcsas - ok

23:54:30.0048 5872 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

23:54:30.0049 5872 AsyncMac - ok

23:54:30.0062 5872 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

23:54:30.0062 5872 atapi - ok

23:54:30.0075 5872 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

23:54:30.0076 5872 AtiHDAudioService - ok

23:54:30.0241 5872 [ 22A14DF59FB8D0BE918C597988AF4296 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

23:54:30.0283 5872 atikmdag - ok

23:54:30.0300 5872 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

23:54:30.0305 5872 AudioEndpointBuilder - ok

23:54:30.0310 5872 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

23:54:30.0313 5872 AudioSrv - ok

23:54:30.0337 5872 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

23:54:30.0339 5872 AxInstSV - ok

23:54:30.0357 5872 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

23:54:30.0360 5872 b06bdrv - ok

23:54:30.0369 5872 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

23:54:30.0371 5872 b57nd60a - ok

23:54:30.0389 5872 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

23:54:30.0390 5872 BDESVC - ok

23:54:30.0394 5872 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

23:54:30.0395 5872 Beep - ok

23:54:30.0421 5872 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

23:54:30.0426 5872 BFE - ok

23:54:30.0463 5872 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

23:54:30.0472 5872 BITS - ok

23:54:30.0478 5872 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

23:54:30.0479 5872 blbdrive - ok

23:54:30.0560 5872 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

23:54:30.0564 5872 Bonjour Service - ok

23:54:30.0586 5872 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

23:54:30.0587 5872 bowser - ok

23:54:30.0590 5872 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

23:54:30.0591 5872 BrFiltLo - ok

23:54:30.0593 5872 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

23:54:30.0594 5872 BrFiltUp - ok

23:54:30.0625 5872 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

23:54:30.0626 5872 Browser - ok

23:54:30.0645 5872 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

23:54:30.0647 5872 Brserid - ok

23:54:30.0651 5872 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

23:54:30.0652 5872 BrSerWdm - ok

23:54:30.0654 5872 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

23:54:30.0655 5872 BrUsbMdm - ok

23:54:30.0658 5872 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

23:54:30.0659 5872 BrUsbSer - ok

23:54:30.0669 5872 BTCFilterService - ok

23:54:30.0673 5872 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

23:54:30.0674 5872 BTHMODEM - ok

23:54:30.0693 5872 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

23:54:30.0694 5872 bthserv - ok

23:54:30.0708 5872 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

23:54:30.0709 5872 cdfs - ok

23:54:30.0720 5872 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

23:54:30.0722 5872 cdrom - ok

23:54:30.0748 5872 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

23:54:30.0750 5872 CertPropSvc - ok

23:54:30.0752 5872 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

23:54:30.0752 5872 circlass - ok

23:54:30.0767 5872 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

23:54:30.0770 5872 CLFS - ok

23:54:30.0813 5872 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:54:30.0816 5872 clr_optimization_v2.0.50727_32 - ok

23:54:30.0846 5872 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:54:30.0847 5872 clr_optimization_v2.0.50727_64 - ok

23:54:30.0889 5872 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:54:30.0894 5872 clr_optimization_v4.0.30319_32 - ok

23:54:30.0914 5872 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

23:54:30.0916 5872 clr_optimization_v4.0.30319_64 - ok

23:54:30.0919 5872 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

23:54:30.0919 5872 CmBatt - ok

23:54:30.0929 5872 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

23:54:30.0930 5872 cmdide - ok

23:54:30.0963 5872 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

23:54:30.0967 5872 CNG - ok

23:54:30.0979 5872 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

23:54:30.0981 5872 Compbatt - ok

23:54:30.0990 5872 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

23:54:30.0991 5872 CompositeBus - ok

23:54:30.0993 5872 COMSysApp - ok

23:54:31.0006 5872 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

23:54:31.0007 5872 crcdisk - ok

23:54:31.0050 5872 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

23:54:31.0051 5872 CryptSvc - ok

23:54:31.0136 5872 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

23:54:31.0142 5872 cvhsvc - ok

23:54:31.0190 5872 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys

23:54:31.0191 5872 dc3d - ok

23:54:31.0219 5872 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

23:54:31.0223 5872 DcomLaunch - ok

23:54:31.0242 5872 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

23:54:31.0244 5872 defragsvc - ok

23:54:31.0314 5872 [ 0259948FFE5F7E69CD1D8A8E74E0547C ] DeviceMonitorService C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe

23:54:31.0317 5872 DeviceMonitorService - ok

23:54:31.0327 5872 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

23:54:31.0328 5872 DfsC - ok

23:54:31.0349 5872 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

23:54:31.0351 5872 Dhcp - ok

23:54:31.0361 5872 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

23:54:31.0362 5872 discache - ok

23:54:31.0383 5872 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

23:54:31.0384 5872 Disk - ok

23:54:31.0407 5872 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

23:54:31.0409 5872 Dnscache - ok

23:54:31.0413 5872 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

23:54:31.0415 5872 dot3svc - ok

23:54:31.0429 5872 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

23:54:31.0431 5872 DPS - ok

23:54:31.0444 5872 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

23:54:31.0445 5872 drmkaud - ok

23:54:31.0489 5872 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

23:54:31.0496 5872 DXGKrnl - ok

23:54:31.0503 5872 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

23:54:31.0505 5872 EapHost - ok

23:54:31.0562 5872 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

23:54:31.0604 5872 ebdrv - ok

23:54:31.0634 5872 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

23:54:31.0636 5872 EFS - ok

23:54:31.0687 5872 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

23:54:31.0694 5872 ehRecvr - ok

23:54:31.0706 5872 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

23:54:31.0707 5872 ehSched - ok

23:54:31.0729 5872 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

23:54:31.0734 5872 elxstor - ok

23:54:31.0755 5872 [ 5E75CA03513BF7563F9A6AFCBDC47AC2 ] epcpmzca C:\Windows\system32\drivers\epcpmzca.sys

23:54:31.0757 5872 epcpmzca - ok

23:54:31.0759 5872 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

23:54:31.0760 5872 ErrDev - ok

23:54:31.0790 5872 [ 3663291D0D26001A2BB67678AB61D14C ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys

23:54:31.0791 5872 EtronHub3 - ok

23:54:31.0793 5872 [ 744420D6C062C38F7361870F010D6D4B ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys

23:54:31.0794 5872 EtronXHCI - ok

23:54:31.0820 5872 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

23:54:31.0824 5872 EventSystem - ok

23:54:31.0828 5872 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

23:54:31.0830 5872 exfat - ok

23:54:31.0846 5872 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

23:54:31.0848 5872 fastfat - ok

23:54:31.0868 5872 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

23:54:31.0873 5872 Fax - ok

23:54:31.0877 5872 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

23:54:31.0877 5872 fdc - ok

23:54:31.0893 5872 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

23:54:31.0905 5872 fdPHost - ok

23:54:31.0920 5872 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

23:54:31.0927 5872 FDResPub - ok

23:54:31.0938 5872 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

23:54:31.0940 5872 FileInfo - ok

23:54:31.0947 5872 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

23:54:31.0949 5872 Filetrace - ok

23:54:31.0952 5872 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

23:54:31.0953 5872 flpydisk - ok

23:54:31.0963 5872 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

23:54:31.0965 5872 FltMgr - ok

23:54:32.0006 5872 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll

23:54:32.0024 5872 FontCache - ok

23:54:32.0063 5872 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:54:32.0064 5872 FontCache3.0.0.0 - ok

23:54:32.0074 5872 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

23:54:32.0076 5872 FsDepends - ok

23:54:32.0108 5872 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

23:54:32.0110 5872 Fs_Rec - ok

23:54:32.0148 5872 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

23:54:32.0150 5872 fvevol - ok

23:54:32.0166 5872 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

23:54:32.0168 5872 gagp30kx - ok

23:54:32.0194 5872 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys

23:54:32.0196 5872 gdrv - ok

23:54:32.0239 5872 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:54:32.0240 5872 GEARAspiWDM - ok

23:54:32.0259 5872 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

23:54:32.0265 5872 gpsvc - ok

23:54:32.0289 5872 [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64 C:\Windows\GVTDrv64.sys

23:54:32.0291 5872 GVTDrv64 - ok

23:54:32.0302 5872 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

23:54:32.0304 5872 hcw85cir - ok

23:54:32.0328 5872 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

23:54:32.0331 5872 HdAudAddService - ok

23:54:32.0351 5872 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

23:54:32.0354 5872 HDAudBus - ok

23:54:32.0356 5872 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

23:54:32.0357 5872 HidBatt - ok

23:54:32.0360 5872 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

23:54:32.0361 5872 HidBth - ok

23:54:32.0363 5872 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

23:54:32.0364 5872 HidIr - ok

23:54:32.0366 5872 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

23:54:32.0367 5872 hidserv - ok

23:54:32.0380 5872 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

23:54:32.0382 5872 HidUsb - ok

23:54:32.0392 5872 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

23:54:32.0394 5872 hkmsvc - ok

23:54:32.0402 5872 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

23:54:32.0404 5872 HomeGroupListener - ok

23:54:32.0422 5872 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

23:54:32.0424 5872 HomeGroupProvider - ok

23:54:32.0433 5872 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

23:54:32.0436 5872 HpSAMD - ok

23:54:32.0463 5872 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

23:54:32.0470 5872 HTTP - ok

23:54:32.0476 5872 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

23:54:32.0478 5872 hwpolicy - ok

23:54:32.0503 5872 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

23:54:32.0506 5872 i8042prt - ok

23:54:32.0543 5872 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

23:54:32.0547 5872 iaStorV - ok

23:54:32.0583 5872 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

23:54:32.0585 5872 IDriverT - ok

23:54:32.0625 5872 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:54:32.0632 5872 idsvc - ok

23:54:32.0825 5872 [ 174BCAC474DE13B2650E444CF124828E ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

23:54:32.0994 5872 igfx - ok

23:54:33.0017 5872 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

23:54:33.0018 5872 iirsp - ok

23:54:33.0044 5872 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

23:54:33.0052 5872 IKEEXT - ok

23:54:33.0125 5872 [ 2CC2F7C5990BB76767038F4B16D17A56 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

23:54:33.0168 5872 IntcAzAudAddService - ok

23:54:33.0207 5872 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

23:54:33.0210 5872 IntcDAud - ok

23:54:33.0213 5872 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

23:54:33.0214 5872 intelide - ok

23:54:33.0219 5872 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

23:54:33.0221 5872 intelppm - ok

23:54:33.0240 5872 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

23:54:33.0242 5872 IPBusEnum - ok

23:54:33.0252 5872 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:54:33.0254 5872 IpFilterDriver - ok

23:54:33.0297 5872 [ 08C2957BB30058E663720C5606885653 ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll

23:54:33.0303 5872 IpHlpSvc - ok

23:54:33.0321 5872 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

23:54:33.0329 5872 IPMIDRV - ok

23:54:33.0333 5872 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

23:54:33.0334 5872 IPNAT - ok

23:54:33.0393 5872 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

23:54:33.0401 5872 iPod Service - ok

23:54:33.0407 5872 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

23:54:33.0409 5872 IRENUM - ok

23:54:33.0418 5872 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

23:54:33.0419 5872 isapnp - ok

23:54:33.0437 5872 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

23:54:33.0440 5872 iScsiPrt - ok

23:54:33.0458 5872 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

23:54:33.0460 5872 kbdclass - ok

23:54:33.0468 5872 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

23:54:33.0469 5872 kbdhid - ok

23:54:33.0474 5872 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

23:54:33.0474 5872 KeyIso - ok

23:54:33.0510 5872 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

23:54:33.0512 5872 KSecDD - ok

23:54:33.0526 5872 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

23:54:33.0528 5872 KSecPkg - ok

23:54:33.0538 5872 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

23:54:33.0539 5872 ksthunk - ok

23:54:33.0560 5872 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

23:54:33.0563 5872 KtmRm - ok

23:54:33.0586 5872 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

23:54:33.0589 5872 LanmanServer - ok

23:54:33.0600 5872 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

23:54:33.0603 5872 LanmanWorkstation - ok

23:54:33.0617 5872 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

23:54:33.0619 5872 lltdio - ok

23:54:33.0634 5872 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

23:54:33.0637 5872 lltdsvc - ok

23:54:33.0655 5872 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

23:54:33.0657 5872 lmhosts - ok

23:54:33.0678 5872 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

23:54:33.0680 5872 LSI_FC - ok

23:54:33.0696 5872 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

23:54:33.0698 5872 LSI_SAS - ok

23:54:33.0705 5872 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

23:54:33.0707 5872 LSI_SAS2 - ok

23:54:33.0717 5872 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

23:54:33.0719 5872 LSI_SCSI - ok

23:54:33.0729 5872 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

23:54:33.0731 5872 luafv - ok

23:54:33.0768 5872 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys

23:54:33.0770 5872 LVPr2M64 - ok

23:54:33.0782 5872 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys

23:54:33.0782 5872 LVPr2Mon - ok

23:54:34.0222 5872 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

23:54:34.0226 5872 LVPrcS64 - ok

23:54:34.0290 5872 [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys

23:54:34.0591 5872 LVRS64 - ok

23:54:34.0808 5872 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys

23:54:34.0891 5872 LVUVC64 - ok

23:54:34.0910 5872 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

23:54:34.0911 5872 Mcx2Svc - ok

23:54:34.0920 5872 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

23:54:34.0921 5872 megasas - ok

23:54:34.0939 5872 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

23:54:34.0941 5872 MegaSR - ok

23:54:34.0962 5872 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

23:54:34.0963 5872 MEIx64 - ok

23:54:34.0978 5872 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

23:54:34.0980 5872 MMCSS - ok

23:54:34.0991 5872 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

23:54:34.0992 5872 Modem - ok

23:54:35.0015 5872 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

23:54:35.0016 5872 monitor - ok

23:54:35.0025 5872 motccgp - ok

23:54:35.0028 5872 motccgpfl - ok

23:54:35.0030 5872 motmodem - ok

23:54:35.0090 5872 [ 9DFD34E6841C460B5D992A1C5327AE69 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

23:54:35.0092 5872 MotoHelper - ok

23:54:35.0094 5872 MotoSwitchService - ok

23:54:35.0095 5872 Motousbnet - ok

23:54:35.0103 5872 motusbdevice - ok

23:54:35.0116 5872 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

23:54:35.0117 5872 mouclass - ok

23:54:35.0144 5872 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

23:54:35.0145 5872 mouhid - ok

23:54:35.0152 5872 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

23:54:35.0153 5872 mountmgr - ok

23:54:35.0171 5872 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

23:54:35.0173 5872 mpio - ok

23:54:35.0193 5872 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

23:54:35.0194 5872 mpsdrv - ok

23:54:35.0210 5872 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

23:54:35.0217 5872 MpsSvc - ok

23:54:35.0221 5872 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

23:54:35.0222 5872 MRxDAV - ok

23:54:35.0245 5872 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

23:54:35.0247 5872 mrxsmb - ok

23:54:35.0260 5872 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:54:35.0262 5872 mrxsmb10 - ok

23:54:35.0298 5872 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:54:35.0299 5872 mrxsmb20 - ok

23:54:35.0314 5872 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

23:54:35.0315 5872 msahci - ok

23:54:35.0318 5872 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

23:54:35.0320 5872 msdsm - ok

23:54:35.0338 5872 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

23:54:35.0340 5872 MSDTC - ok

23:54:35.0351 5872 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

23:54:35.0352 5872 Msfs - ok

23:54:35.0356 5872 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

23:54:35.0357 5872 mshidkmdf - ok

23:54:35.0369 5872 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

23:54:35.0370 5872 msisadrv - ok

23:54:35.0380 5872 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

23:54:35.0383 5872 MSiSCSI - ok

23:54:35.0384 5872 msiserver - ok

23:54:35.0399 5872 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

23:54:35.0400 5872 MSKSSRV - ok

23:54:35.0407 5872 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

23:54:35.0408 5872 MSPCLOCK - ok

23:54:35.0416 5872 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

23:54:35.0417 5872 MSPQM - ok

23:54:35.0431 5872 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

23:54:35.0434 5872 MsRPC - ok

23:54:35.0444 5872 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

23:54:35.0445 5872 mssmbios - ok

23:54:35.0455 5872 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

23:54:35.0456 5872 MSTEE - ok

23:54:35.0458 5872 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

23:54:35.0459 5872 MTConfig - ok

23:54:35.0469 5872 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

23:54:35.0470 5872 Mup - ok

23:54:35.0493 5872 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

23:54:35.0497 5872 napagent - ok

23:54:35.0514 5872 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

23:54:35.0517 5872 NativeWifiP - ok

23:54:35.0575 5872 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

23:54:35.0582 5872 NDIS - ok

23:54:35.0600 5872 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

23:54:35.0601 5872 NdisCap - ok

23:54:35.0612 5872 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

23:54:35.0613 5872 NdisTapi - ok

23:54:35.0622 5872 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

23:54:35.0624 5872 Ndisuio - ok

23:54:35.0639 5872 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

23:54:35.0641 5872 NdisWan - ok

23:54:35.0653 5872 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

23:54:35.0654 5872 NDProxy - ok

23:54:35.0664 5872 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

23:54:35.0666 5872 NetBIOS - ok

23:54:35.0680 5872 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

23:54:35.0683 5872 NetBT - ok

23:54:35.0688 5872 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

23:54:35.0689 5872 Netlogon - ok

23:54:35.0725 5872 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

23:54:35.0728 5872 Netman - ok

23:54:35.0743 5872 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

23:54:35.0747 5872 netprofm - ok

23:54:35.0761 5872 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

23:54:35.0762 5872 NetTcpPortSharing - ok

23:54:35.0782 5872 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

23:54:35.0784 5872 nfrd960 - ok

23:54:35.0820 5872 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

23:54:35.0824 5872 NlaSvc - ok

23:54:35.0833 5872 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

23:54:35.0834 5872 Npfs - ok

23:54:35.0850 5872 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

23:54:35.0852 5872 nsi - ok

23:54:35.0867 5872 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

23:54:35.0868 5872 nsiproxy - ok

23:54:35.0945 5872 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

23:54:35.0967 5872 Ntfs - ok

23:54:36.0009 5872 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys

23:54:36.0010 5872 NuidFltr - ok

23:54:36.0020 5872 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

23:54:36.0021 5872 Null - ok

23:54:36.0179 5872 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

23:54:36.0333 5872 nvlddmkm - ok

23:54:36.0359 5872 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

23:54:36.0361 5872 nvraid - ok

23:54:36.0392 5872 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

23:54:36.0394 5872 nvstor - ok

23:54:36.0396 5872 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

23:54:36.0397 5872 nv_agp - ok

23:54:36.0404 5872 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

23:54:36.0406 5872 ohci1394 - ok

23:54:36.0434 5872 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:54:36.0436 5872 ose - ok

23:54:36.0525 5872 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

23:54:36.0618 5872 osppsvc - ok

23:54:36.0675 5872 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

23:54:36.0678 5872 p2pimsvc - ok

23:54:36.0689 5872 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

23:54:36.0693 5872 p2psvc - ok

23:54:36.0712 5872 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

23:54:36.0713 5872 Parport - ok

23:54:36.0746 5872 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

23:54:36.0748 5872 partmgr - ok

23:54:36.0760 5872 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

23:54:36.0763 5872 PcaSvc - ok

23:54:36.0778 5872 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

23:54:36.0779 5872 pci - ok

23:54:36.0789 5872 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

23:54:36.0791 5872 pciide - ok

23:54:36.0802 5872 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

23:54:36.0804 5872 pcmcia - ok

23:54:36.0814 5872 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

23:54:36.0816 5872 pcw - ok

23:54:36.0833 5872 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

23:54:36.0838 5872 PEAUTH - ok

23:54:36.0888 5872 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

23:54:36.0892 5872 PerfHost - ok

23:54:36.0921 5872 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

23:54:36.0946 5872 pla - ok

23:54:36.0973 5872 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

23:54:36.0976 5872 PlugPlay - ok

23:54:36.0979 5872 PnkBstrA - ok

23:54:36.0982 5872 PnkBstrB - ok

23:54:36.0992 5872 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

23:54:36.0995 5872 PNRPAutoReg - ok

23:54:36.0999 5872 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

23:54:37.0002 5872 PNRPsvc - ok

23:54:37.0043 5872 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys

23:54:37.0045 5872 Point64 - ok

23:54:37.0077 5872 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

23:54:37.0082 5872 PolicyAgent - ok

23:54:37.0104 5872 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

23:54:37.0106 5872 Power - ok

23:54:37.0125 5872 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

23:54:37.0127 5872 PptpMiniport - ok

23:54:37.0138 5872 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

23:54:37.0140 5872 Processor - ok

23:54:37.0185 5872 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

23:54:37.0188 5872 ProfSvc - ok

23:54:37.0194 5872 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

23:54:37.0195 5872 ProtectedStorage - ok

23:54:37.0216 5872 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

23:54:37.0217 5872 Psched - ok

23:54:37.0260 5872 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

23:54:37.0285 5872 ql2300 - ok

23:54:37.0289 5872 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

23:54:37.0290 5872 ql40xx - ok

23:54:37.0307 5872 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

23:54:37.0310 5872 QWAVE - ok

23:54:37.0322 5872 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

23:54:37.0323 5872 QWAVEdrv - ok

23:54:37.0326 5872 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

23:54:37.0327 5872 RasAcd - ok

23:54:37.0353 5872 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

23:54:37.0355 5872 RasAgileVpn - ok

23:54:37.0362 5872 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

23:54:37.0365 5872 RasAuto - ok

23:54:37.0377 5872 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

23:54:37.0379 5872 Rasl2tp - ok

23:54:37.0387 5872 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

23:54:37.0390 5872 RasMan - ok

23:54:37.0396 5872 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

23:54:37.0398 5872 RasPppoe - ok

23:54:37.0419 5872 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

23:54:37.0421 5872 RasSstp - ok

23:54:37.0431 5872 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

23:54:37.0434 5872 rdbss - ok

23:54:37.0445 5872 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

23:54:37.0446 5872 rdpbus - ok

23:54:37.0462 5872 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

23:54:37.0464 5872 RDPCDD - ok

23:54:37.0471 5872 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

23:54:37.0473 5872 RDPENCDD - ok

23:54:37.0480 5872 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

23:54:37.0481 5872 RDPREFMP - ok

23:54:37.0518 5872 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

23:54:37.0520 5872 RDPWD - ok

23:54:37.0534 5872 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

23:54:37.0536 5872 rdyboost - ok

23:54:37.0606 5872 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

23:54:37.0608 5872 RealNetworks Downloader Resolver Service - ok

23:54:37.0629 5872 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

23:54:37.0632 5872 RemoteAccess - ok

23:54:37.0642 5872 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

23:54:37.0644 5872 RemoteRegistry - ok

23:54:37.0669 5872 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

23:54:37.0671 5872 RpcEptMapper - ok

23:54:37.0679 5872 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

23:54:37.0681 5872 RpcLocator - ok

23:54:37.0694 5872 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

23:54:37.0697 5872 RpcSs - ok

23:54:37.0711 5872 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

23:54:37.0712 5872 rspndr - ok

23:54:37.0742 5872 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

23:54:37.0745 5872 RTL8167 - ok

23:54:37.0752 5872 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

23:54:37.0753 5872 SamSs - ok

23:54:37.0763 5872 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

23:54:37.0765 5872 sbp2port - ok

23:54:37.0783 5872 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

23:54:37.0785 5872 SCardSvr - ok

23:54:37.0797 5872 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

23:54:37.0798 5872 scfilter - ok

23:54:37.0821 5872 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

23:54:37.0838 5872 Schedule - ok

23:54:37.0857 5872 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

23:54:37.0858 5872 SCPolicySvc - ok

23:54:37.0871 5872 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

23:54:37.0874 5872 SDRSVC - ok

23:54:37.0881 5872 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

23:54:37.0882 5872 secdrv - ok

23:54:37.0891 5872 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

23:54:37.0902 5872 seclogon - ok

23:54:37.0911 5872 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

23:54:37.0913 5872 SENS - ok

23:54:37.0921 5872 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

23:54:37.0923 5872 SensrSvc - ok

23:54:37.0928 5872 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

23:54:37.0929 5872 Serenum - ok

23:54:37.0951 5872 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

23:54:37.0953 5872 Serial - ok

23:54:37.0974 5872 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

23:54:37.0975 5872 sermouse - ok

23:54:37.0993 5872 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

23:54:37.0995 5872 SessionEnv - ok

23:54:37.0997 5872 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

23:54:37.0998 5872 sffdisk - ok

23:54:38.0000 5872 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

23:54:38.0000 5872 sffp_mmc - ok

23:54:38.0002 5872 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

23:54:38.0003 5872 sffp_sd - ok

23:54:38.0005 5872 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

23:54:38.0005 5872 sfloppy - ok

23:54:38.0046 5872 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys

23:54:38.0052 5872 Sftfs - ok

23:54:38.0104 5872 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

23:54:38.0108 5872 sftlist - ok

23:54:38.0126 5872 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys

23:54:38.0128 5872 Sftplay - ok

23:54:38.0140 5872 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys

23:54:38.0142 5872 Sftredir - ok

23:54:38.0154 5872 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys

23:54:38.0155 5872 Sftvol - ok

23:54:38.0167 5872 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

23:54:38.0170 5872 sftvsa - ok

23:54:38.0196 5872 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

23:54:38.0199 5872 SharedAccess - ok

23:54:38.0208 5872 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

23:54:38.0211 5872 ShellHWDetection - ok

23:54:38.0214 5872 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

23:54:38.0214 5872 SiSRaid2 - ok

23:54:38.0231 5872 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

23:54:38.0232 5872 SiSRaid4 - ok

23:54:38.0394 5872 [ EB17DF573B4423DF0B3B2EE3B268A6DE ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

23:54:38.0445 5872 Skype C2C Service - ok

23:54:38.0490 5872 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

23:54:38.0492 5872 SkypeUpdate - ok

23:54:38.0544 5872 [ 101556F6216E97F1258D87C38203695F ] Smart TimeLock C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

23:54:38.0546 5872 Smart TimeLock - ok

23:54:38.0554 5872 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

23:54:38.0555 5872 Smb - ok

23:54:38.0570 5872 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

23:54:38.0572 5872 SNMPTRAP - ok

23:54:38.0579 5872 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

23:54:38.0581 5872 spldr - ok

23:54:38.0628 5872 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

23:54:38.0632 5872 Spooler - ok

23:54:38.0685 5872 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

23:54:38.0732 5872 sppsvc - ok

23:54:38.0755 5872 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

23:54:38.0757 5872 sppuinotify - ok

23:54:38.0778 5872 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

23:54:38.0781 5872 srv - ok

23:54:38.0796 5872 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

23:54:38.0799 5872 srv2 - ok

23:54:38.0812 5872 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

23:54:38.0814 5872 srvnet - ok

23:54:38.0834 5872 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

23:54:38.0836 5872 SSDPSRV - ok

23:54:38.0848 5872 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

23:54:38.0850 5872 SstpSvc - ok

23:54:38.0878 5872 Steam Client Service - ok

23:54:38.0896 5872 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

23:54:38.0901 5872 stexstor - ok

23:54:38.0924 5872 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

23:54:38.0929 5872 stisvc - ok

23:54:38.0938 5872 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

23:54:38.0939 5872 swenum - ok

23:54:38.0955 5872 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

23:54:38.0960 5872 swprv - ok

23:54:38.0990 5872 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

23:54:39.0018 5872 SysMain - ok

23:54:39.0034 5872 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

23:54:39.0037 5872 TabletInputService - ok

23:54:39.0046 5872 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

23:54:39.0049 5872 TapiSrv - ok

23:54:39.0058 5872 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

23:54:39.0060 5872 TBS - ok

23:54:39.0123 5872 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

23:54:39.0156 5872 Tcpip - ok

23:54:39.0198 5872 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

23:54:39.0206 5872 TCPIP6 - ok

23:54:39.0242 5872 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

23:54:39.0244 5872 tcpipreg - ok

23:54:39.0258 5872 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

23:54:39.0260 5872 TDPIPE - ok

23:54:39.0289 5872 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

23:54:39.0291 5872 TDTCP - ok

23:54:39.0307 5872 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

23:54:39.0309 5872 tdx - ok

23:54:39.0322 5872 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

23:54:39.0325 5872 TermDD - ok

23:54:39.0344 5872 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

23:54:39.0350 5872 TermService - ok

23:54:39.0356 5872 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

23:54:39.0358 5872 Themes - ok

23:54:39.0373 5872 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

23:54:39.0374 5872 THREADORDER - ok

23:54:39.0443 5872 [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

23:54:39.0445 5872 TomTomHOMEService - ok

23:54:39.0453 5872 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

23:54:39.0457 5872 TrkWks - ok

23:54:39.0492 5872 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

23:54:39.0495 5872 TrustedInstaller - ok

23:54:39.0503 5872 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

23:54:39.0504 5872 tssecsrv - ok

23:54:39.0514 5872 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

23:54:39.0515 5872 TsUsbFlt - ok

23:54:39.0517 5872 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

23:54:39.0518 5872 TsUsbGD - ok

23:54:39.0540 5872 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

23:54:39.0542 5872 tunnel - ok

23:54:39.0550 5872 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

23:54:39.0552 5872 uagp35 - ok

23:54:39.0567 5872 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

23:54:39.0570 5872 udfs - ok

23:54:39.0584 5872 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

23:54:39.0586 5872 UI0Detect - ok

23:54:39.0599 5872 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

23:54:39.0601 5872 uliagpkx - ok

23:54:39.0610 5872 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

23:54:39.0612 5872 umbus - ok

23:54:39.0625 5872 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

23:54:39.0627 5872 UmPass - ok

23:54:39.0645 5872 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

23:54:39.0649 5872 upnphost - ok

23:54:39.0694 5872 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

23:54:39.0696 5872 USBAAPL64 - ok

23:54:39.0729 5872 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

23:54:40.0088 5872 usbaudio - ok

23:54:40.0136 5872 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

23:54:40.0138 5872 usbccgp - ok

23:54:40.0153 5872 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

23:54:40.0155 5872 usbcir - ok

23:54:40.0172 5872 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

23:54:40.0173 5872 usbehci - ok

23:54:40.0189 5872 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

23:54:40.0192 5872 usbhub - ok

23:54:40.0208 5872 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

23:54:40.0209 5872 usbohci - ok

23:54:40.0231 5872 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

23:54:40.0232 5872 usbprint - ok

23:54:40.0241 5872 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:54:40.0242 5872 USBSTOR - ok

23:54:40.0248 5872 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

23:54:40.0249 5872 usbuhci - ok

23:54:40.0256 5872 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

23:54:40.0258 5872 UxSms - ok

23:54:40.0266 5872 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

23:54:40.0267 5872 VaultSvc - ok

23:54:40.0286 5872 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

23:54:40.0287 5872 vdrvroot - ok

23:54:40.0299 5872 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

23:54:40.0304 5872 vds - ok

23:54:40.0324 5872 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

23:54:40.0325 5872 vga - ok

23:54:40.0333 5872 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

23:54:40.0334 5872 VgaSave - ok

23:54:40.0346 5872 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

23:54:40.0348 5872 vhdmp - ok

23:54:40.0351 5872 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

23:54:40.0351 5872 viaide - ok

23:54:40.0365 5872 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

23:54:40.0366 5872 volmgr - ok

23:54:40.0378 5872 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

23:54:40.0381 5872 volmgrx - ok

23:54:40.0396 5872 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

23:54:40.0399 5872 volsnap - ok

23:54:40.0415 5872 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

23:54:40.0416 5872 vsmraid - ok

23:54:40.0451 5872 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

23:54:40.0476 5872 VSS - ok

23:54:40.0490 5872 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

23:54:40.0491 5872 vwifibus - ok

23:54:40.0504 5872 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

23:54:40.0508 5872 W32Time - ok

23:54:40.0511 5872 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

23:54:40.0512 5872 WacomPen - ok

23:54:40.0519 5872 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

23:54:40.0520 5872 WANARP - ok

23:54:40.0522 5872 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

23:54:40.0523 5872 Wanarpv6 - ok

23:54:40.0573 5872 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

23:54:40.0590 5872 WatAdminSvc - ok

23:54:40.0624 5872 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

23:54:40.0648 5872 wbengine - ok

23:54:40.0676 5872 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

23:54:40.0679 5872 WbioSrvc - ok

23:54:40.0690 5872 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

23:54:40.0693 5872 wcncsvc - ok

23:54:40.0701 5872 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

23:54:40.0703 5872 WcsPlugInService - ok

23:54:40.0705 5872 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

23:54:40.0706 5872 Wd - ok

23:54:40.0751 5872 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

23:54:40.0757 5872 Wdf01000 - ok

23:54:40.0764 5872 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

23:54:40.0766 5872 WdiServiceHost - ok

23:54:40.0768 5872 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

23:54:40.0769 5872 WdiSystemHost - ok

23:54:40.0779 5872 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

23:54:40.0782 5872 WebClient - ok

23:54:40.0794 5872 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

23:54:40.0797 5872 Wecsvc - ok

23:54:40.0805 5872 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

23:54:40.0807 5872 wercplsupport - ok

23:54:40.0818 5872 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

23:54:40.0820 5872 WerSvc - ok

23:54:40.0830 5872 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

23:54:40.0831 5872 WfpLwf - ok

23:54:40.0841 5872 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

23:54:40.0842 5872 WIMMount - ok

23:54:40.0849 5872 WinDefend - ok

23:54:40.0859 5872 WinHttpAutoProxySvc - ok

23:54:40.0894 5872 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

23:54:40.0895 5872 Winmgmt - ok

23:54:40.0953 5872 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

23:54:40.0986 5872 WinRM - ok

23:54:41.0018 5872 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

23:54:41.0019 5872 WinUsb - ok

23:54:41.0042 5872 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

23:54:41.0049 5872 Wlansvc - ok

23:54:41.0166 5872 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

23:54:41.0201 5872 wlidsvc - ok

23:54:41.0204 5872 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

23:54:41.0205 5872 WmiAcpi - ok

23:54:41.0220 5872 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

23:54:41.0222 5872 wmiApSrv - ok

23:54:41.0235 5872 WMPNetworkSvc - ok

23:54:41.0247 5872 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

23:54:41.0248 5872 WPCSvc - ok

23:54:41.0258 5872 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

23:54:41.0260 5872 WPDBusEnum - ok

23:54:41.0263 5872 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

23:54:41.0264 5872 ws2ifsl - ok

23:54:41.0272 5872 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

23:54:41.0274 5872 wscsvc - ok

23:54:41.0277 5872 WSearch - ok

23:54:41.0339 5872 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

23:54:41.0372 5872 wuauserv - ok

23:54:41.0379 5872 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

23:54:41.0382 5872 WudfPf - ok

23:54:41.0410 5872 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

23:54:41.0412 5872 WUDFRd - ok

23:54:41.0445 5872 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

23:54:41.0447 5872 wudfsvc - ok

23:54:41.0481 5872 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll

23:54:41.0484 5872 WwanSvc - ok

23:54:41.0511 5872 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys

23:54:41.0514 5872 yukonw7 - ok

23:54:41.0515 5872 ================ Scan global ===============================

23:54:41.0540 5872 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

23:54:41.0576 5872 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

23:54:41.0582 5872 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

23:54:41.0597 5872 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

23:54:41.0628 5872 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe

23:54:41.0632 5872 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected

23:54:41.0632 5872 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)

23:54:41.0632 5872 ================ Scan MBR ==================================

23:54:41.0644 5872 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

23:54:41.0773 5872 \Device\Harddisk0\DR0 - ok

23:54:41.0774 5872 ================ Scan VBR ==================================

23:54:41.0784 5872 [ B72C49DC20D6E8E463FCF0D5166C6C36 ] \Device\Harddisk0\DR0\Partition1

23:54:41.0786 5872 \Device\Harddisk0\DR0\Partition1 - ok

23:54:41.0787 5872 [ 6445311ADF5976789793DB18915521CC ] \Device\Harddisk0\DR0\Partition2

23:54:41.0789 5872 \Device\Harddisk0\DR0\Partition2 - ok

23:54:41.0789 5872 ============================================================

23:54:41.0789 5872 Scan finished

23:54:41.0789 5872 ============================================================

23:54:41.0794 3304 Detected object count: 1

23:54:41.0794 3304 Actual detected object count: 1

23:55:14.0278 3304 C:\Windows\system32\services.exe - copied to quarantine

23:55:14.0552 3304 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine

23:55:14.0562 3304 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine

23:55:14.0663 3304 C:\Windows\installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\@ - copied to quarantine

23:55:14.0674 3304 C:\Windows\installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\L\00000004.@ - copied to quarantine

23:55:14.0675 3304 C:\Windows\installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\L\201d3dde - copied to quarantine

23:55:14.0676 3304 C:\Windows\installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\L\6715e287 - copied to quarantine

23:55:14.0676 3304 C:\Windows\installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\U\00000004.@ - copied to quarantine

23:55:14.0677 3304 C:\Windows\installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\U\00000008.@ - copied to quarantine

23:55:14.0678 3304 C:\Windows\installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\U\000000cb.@ - copied to quarantine

23:55:14.0678 3304 C:\Windows\installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\U\80000000.@ - copied to quarantine

23:55:14.0679 3304 C:\Windows\installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\U\80000032.@ - copied to quarantine

23:55:14.0680 3304 C:\Windows\installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\U\80000064.@ - copied to quarantine

23:55:40.0462 3304 Backup copy not found, trying to cure infected file..

23:55:40.0462 3304 Cure success, using it..

23:55:40.0498 3304 C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot

23:55:40.0498 3304 C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot

23:55:40.0502 3304 C:\Windows\installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\@ - will be deleted on reboot

23:55:40.0503 3304 C:\Windows\installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\U\00000004.@ - will be deleted on reboot

23:55:40.0503 3304 C:\Windows\installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\U\00000008.@ - will be deleted on reboot

23:55:40.0503 3304 C:\Windows\installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\U\000000cb.@ - will be deleted on reboot

23:55:40.0503 3304 C:\Windows\installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\U\80000000.@ - will be deleted on reboot

23:55:40.0503 3304 C:\Windows\installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\U\80000032.@ - will be deleted on reboot

23:55:40.0504 3304 C:\Windows\installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\U\80000064.@ - will be deleted on reboot

23:55:40.0505 3304 C:\Windows\system32\services.exe - will be cured on reboot

23:55:40.0505 3304 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure

23:56:08.0903 5708 Deinitialize success

log 3 : TDSSKiller.2.8.16.0_06.06.2013_23.59.33_log

23:59:33.0136 3316 TDSS rootkit removing tool 2.8.16.0 Mar 21 2013 15:53:02

00:00:23.0233 3316 ============================================================

00:00:23.0233 3316 Current date / time: 2013/06/07 00:00:23.0233

00:00:23.0233 3316 SystemInfo:

00:00:23.0233 3316

00:00:23.0233 3316 OS Version: 6.1.7601 ServicePack: 1.0

00:00:23.0233 3316 Product type: Workstation

00:00:23.0233 3316 ComputerName: JAMES-PC

00:00:23.0233 3316 UserName: James

00:00:23.0233 3316 Windows directory: C:\Windows

00:00:23.0233 3316 System windows directory: C:\Windows

00:00:23.0233 3316 Running under WOW64

00:00:23.0233 3316 Processor architecture: Intel x64

00:00:23.0233 3316 Number of processors: 8

00:00:23.0233 3316 Page size: 0x1000

00:00:23.0233 3316 Boot type: Normal boot

00:00:23.0233 3316 ============================================================

00:00:25.0136 3316 BG loaded

00:00:25.0479 3316 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

00:00:25.0479 3316 ============================================================

00:00:25.0479 3316 \Device\Harddisk0\DR0:

00:00:25.0495 3316 MBR partitions:

00:00:25.0495 3316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

00:00:25.0495 3316 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800

00:00:25.0495 3316 ============================================================

00:00:25.0542 3316 C: <-> \Device\Harddisk0\DR0\Partition2

00:00:25.0542 3316 ============================================================

00:00:25.0542 3316 Initialize success

00:00:25.0542 3316 ============================================================

D-FRED-BROWN · June 7, 2013

Sure, go ahead and post all of them

1hyme2 · June 7, 2013

I am running into problems with step 2. I am extracting the files out of the zipped folder, it creates a new folder where they all *should* extract to, but that folder is empty and they are all still in the zipped file. I am stumped as to why. I will stop here until further instructed, hopefully avoiding any further mistakes on my part

D-FRED-BROWN · June 7, 2013

Try downloading it again, it may have been corrupted.

if it doesn't work again, just move on to the next step

1hyme2 · June 7, 2013

Had to skip that step, moved on to ComboFix. I had to reboot my computer again when I received error message. I feel immensely better about my situation with these easy to follow steps On to step 4, and here is that log :

ComboFix 13-06-06.04 - James 06/07/2013 0:38.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8109.6280 [GMT -5:00]

Running from: c:\users\James\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\ntuser.dat

c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete

c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete

.

Infected copy of c:\windows\system32\Services.exe was found and disinfected

Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

.

((((((((((((((((((((((((( Files Created from 2013-05-07 to 2013-06-07 )))))))))))))))))))))))))))))))

.

2013-06-07 05:47 . 2013-06-07 05:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-07 05:15 . 2013-06-07 05:16 -------- d-----w- c:\users\James\mbar

2013-06-07 05:12 . 2013-06-07 05:12 -------- d-----w- c:\users\James\New folder

2013-06-07 04:55 . 2013-06-07 04:55 -------- d-----w- C:\TDSSKiller_Quarantine

2013-06-06 17:18 . 2013-06-06 17:18 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe

2013-06-06 17:14 . 2013-06-06 17:14 -------- d-----w- c:\program files (x86)\Ubisoft

2013-06-06 01:27 . 2013-06-06 01:27 -------- d--h--r- c:\users\James\AppData\Roaming\SecuROM

2013-06-05 23:25 . 2013-06-05 23:25 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll

2013-06-05 23:22 . 2013-06-05 23:22 -------- dc-h--w- c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}

2013-06-05 23:08 . 2013-06-05 23:08 2628 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg

2013-06-05 18:50 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C054FF2-31E3-4F43-A308-0128534D24B7}\mpengine.dll

2013-05-14 21:40 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-14 21:40 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-05-14 21:40 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll

2013-05-14 21:39 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll

2013-05-14 21:39 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll

2013-05-14 21:39 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll

2013-05-14 21:39 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe

2013-05-14 21:39 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll

2013-05-14 21:39 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-05-14 21:39 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll

2013-05-14 21:39 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll

2013-05-14 21:39 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-07 05:52 . 2011-10-15 18:39 25640 ----a-w- c:\windows\gdrv.sys

2013-06-06 17:18 . 2011-11-06 07:15 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-06-05 22:08 . 2012-05-10 13:41 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-06-05 22:08 . 2012-03-21 03:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-22 04:23 . 2011-11-06 07:19 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-05-22 04:23 . 2011-11-06 07:15 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-05-15 08:03 . 2011-11-05 07:37 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-02 07:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-13 05:49 . 2013-05-14 21:39 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-14 21:39 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-14 21:39 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-14 21:39 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-14 21:39 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-14 21:39 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-23 22:53 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-04 10:35 . 2013-04-19 15:15 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-22 08:01 . 2013-03-22 08:01 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-03-22 08:01 . 2013-03-22 08:01 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-03-22 08:01 . 2013-03-22 08:01 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-03-22 08:01 . 2013-03-22 08:01 81408 ----a-w- c:\windows\system32\icardie.dll

2013-03-22 08:01 . 2013-03-22 08:01 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-03-22 08:01 . 2013-03-22 08:01 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-03-22 08:01 . 2013-03-22 08:01 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-03-22 08:01 . 2013-03-22 08:01 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-03-22 08:01 . 2013-03-22 08:01 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-03-22 08:01 . 2013-03-22 08:01 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-03-22 08:01 . 2013-03-22 08:01 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-03-22 08:01 . 2013-03-22 08:01 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-03-22 08:01 . 2013-03-22 08:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-03-22 08:01 . 2013-03-22 08:01 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-03-22 08:01 . 2013-03-22 08:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-03-22 08:01 . 2013-03-22 08:01 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-03-22 08:01 . 2013-03-22 08:01 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-03-22 08:01 . 2013-03-22 08:01 441856 ----a-w- c:\windows\system32\html.iec

2013-03-22 08:01 . 2013-03-22 08:01 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-03-22 08:01 . 2013-03-22 08:01 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-03-22 08:01 . 2013-03-22 08:01 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-03-22 08:01 . 2013-03-22 08:01 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-03-22 08:01 . 2013-03-22 08:01 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-03-22 08:01 . 2013-03-22 08:01 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-03-22 08:01 . 2013-03-22 08:01 235008 ----a-w- c:\windows\system32\url.dll

2013-03-22 08:01 . 2013-03-22 08:01 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-03-22 08:01 . 2013-03-22 08:01 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-03-22 08:01 . 2013-03-22 08:01 216064 ----a-w- c:\windows\system32\msls31.dll

2013-03-22 08:01 . 2013-03-22 08:01 197120 ----a-w- c:\windows\system32\msrating.dll

2013-03-22 08:01 . 2013-03-22 08:01 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-03-22 08:01 . 2013-03-22 08:01 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-03-22 08:01 . 2013-03-22 08:01 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-03-22 08:01 . 2013-03-22 08:01 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-03-22 08:01 . 2013-03-22 08:01 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-03-22 08:01 . 2013-03-22 08:01 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-03-22 08:01 . 2013-03-22 08:01 149504 ----a-w- c:\windows\system32\occache.dll

2013-03-22 08:01 . 2013-03-22 08:01 144896 ----a-w- c:\windows\system32\wextract.exe

2013-03-22 08:01 . 2013-03-22 08:01 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-03-22 08:01 . 2013-03-22 08:01 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-03-22 08:01 . 2013-03-22 08:01 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-03-22 08:01 . 2013-03-22 08:01 13824 ----a-w- c:\windows\system32\mshta.exe

2013-03-22 08:01 . 2013-03-22 08:01 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-03-22 08:01 . 2013-03-22 08:01 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-03-22 08:01 . 2013-03-22 08:01 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-03-22 08:01 . 2013-03-22 08:01 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-03-22 08:01 . 2013-03-22 08:01 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-03-22 08:01 . 2013-03-22 08:01 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-03-22 08:01 . 2013-03-22 08:01 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-03-22 08:01 . 2013-03-22 08:01 102912 ----a-w- c:\windows\system32\inseng.dll

2013-03-19 06:04 . 2013-04-11 00:56 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-11 00:56 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-11 00:56 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-11 00:56 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-11 00:56 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-11 00:56 112640 ----a-w- c:\windows\system32\smss.exe

2013-03-10 07:02 . 2012-09-10 01:56 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-10 07:02 . 2012-09-10 01:56 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-11-03 3077528]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-06-06 1641896]

"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768]

"Amazon Cloud Drive"="c:\users\James\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe" [2012-11-12 646528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-12-21 295072]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R1 epcpmzca;epcpmzca;c:\windows\system32\drivers\epcpmzca.sys;c:\windows\SYSNATIVE\drivers\epcpmzca.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 ALSysIO;ALSysIO;c:\users\user\AppData\Local\Temp\ALSysIO64.sys;c:\users\user\AppData\Local\Temp\ALSysIO64.sys [x]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]

S3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 22:08]

.

2013-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1378216186-232563498-1211227599-1001Core.job

- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 05:37]

.

2013-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1378216186-232563498-1211227599-1001UA.job

- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 05:37]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]

2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-21 444752]

.

[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]

[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 416024]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2011-03-30 2552320]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;192.168.*.*

TCP: DhcpNameServer = 8.8.4.4 4.2.2.2

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

SafeBoot-47653498.sys

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1378216186-232563498-1211227599-1001\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

"datasecu"=hex:c5,06,c9,83,34,de,6a,14,50,e5,04,cc,dc,b8,28,9c,3d,0e,9f,53,e2,

37,c0,a4,72,fe,18,b9,38,df,2d,98,14,d3,a9,0c,ce,af,ff,9c,71,dc,26,d6,75,fc,\

"rkeysecu"=hex:03,37,95,fb,f9,5a,58,6e,a8,75,d1,eb,be,cc,3f,80

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\windows\SysWOW64\PnkBstrB.exe

c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

.

**************************************************************************

.

Completion time: 2013-06-07 00:56:20 - machine was rebooted

ComboFix-quarantined-files.txt 2013-06-07 05:56

.

Pre-Run: 431,446,716,416 bytes free

Post-Run: 433,565,065,216 bytes free

.

- - End Of File - - 7A6145F1061EA8E2A9AA46896BC47493

1hyme2 · June 7, 2013

Here is the final step's log :

Results of screen317's Security Check version 0.99.64

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 10

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Windows Firewall Disabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Java 7 Update 21

Adobe Flash Player 11.7.700.202

Adobe Reader 10.1.7 Adobe Reader out of Date!

Google Chrome 27.0.1453.110

Google Chrome 27.0.1453.94

Google Chrome plugins...

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

Test Run!!!

1hyme2 · June 7, 2013

Everything appears to work now, but I have no idea if anything in those logs says I still have a problem lurking. This forum, and my helper in particular, of course, have been amazing!

D-FRED-BROWN · June 7, 2013

Looks a whole lot better. I'd like to run a few more scans to verify we haven't missed anything.

Edit: It's past 1AM here, so I'll call it a night. I'll check back here in the morning

----------Step 1----------------

We removed a pretty good chunk of the malware on your system, and chances are that some of it was blocking your download of Malwarebytes Anti-Rootkit.

Try to download a new copy of Malwarebytes Anti-Rootkit again and extract it just like before. If you still run into trouble with it, just move on to the next step .

----------Step 2----------------

We need to create a New FULL OTL Report

Please download OTL from here if you have not done so already:
- Main Mirror
[*]Save it to your desktop.
[*]Double click on the OTL icon on your desktop.
[*]Click the "Scan All Users" checkbox.
[*]Change the "Extra Registry" option to "SafeList"
[*]Push the Run Scan button.
[*]Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

----------Step 3----------------

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
[*]Check
[*]Click the button.
[*]Accept any security warnings from your browser.
[*]Check
[*]Push the Start button.
[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
[*]When the scan completes, push
[*]Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
[*]Push the button.
[*]Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

----------Step 4----------------

Please post the MBAR log (if you were able to run it), the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

1hyme2 · June 7, 2013

MBAR still wont extract properly, so skipping again it seems.

OTL.txt :

OTL logfile created on: 6/7/2013 1:39:35 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\James\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16576)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.92 Gb Total Physical Memory | 5.90 Gb Available Physical Memory | 74.48% Memory free

15.84 Gb Paging File | 13.40 Gb Available in Paging File | 84.61% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 403.80 Gb Free Space | 43.35% Space Free | Partition Type: NTFS

Drive D: | 3.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/07 01:38:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe

PRC - [2013/06/06 17:06:24 | 001,641,896 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2013/06/06 17:06:24 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2013/06/06 12:18:54 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe

PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/12/21 09:02:32 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

PRC - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

PRC - [2012/08/28 07:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

PRC - [2012/08/28 07:41:06 | 000,247,768 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

PRC - [2012/02/20 01:51:36 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

PRC - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/06/16 22:40:58 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe

PRC - [2010/04/22 17:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe

PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe

PRC - [2009/10/13 18:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe

PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

========== Modules (No Company Name) ==========

MOD - [2013/06/06 17:06:24 | 001,114,536 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2013/05/29 00:27:38 | 000,393,168 | ---- | M] () -- C:\Users\James\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll

MOD - [2013/05/29 00:27:35 | 004,051,408 | ---- | M] () -- C:\Users\James\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll

MOD - [2013/05/29 00:26:40 | 000,599,504 | ---- | M] () -- C:\Users\James\AppData\Local\Google\Chrome\Application\27.0.1453.110\libglesv2.dll

MOD - [2013/05/29 00:26:39 | 000,124,368 | ---- | M] () -- C:\Users\James\AppData\Local\Google\Chrome\Application\27.0.1453.110\libegl.dll

MOD - [2013/05/29 00:26:36 | 001,597,392 | ---- | M] () -- C:\Users\James\AppData\Local\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll

MOD - [2013/05/06 20:05:20 | 000,654,848 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll

MOD - [2013/03/26 19:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2012/12/11 12:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2012/12/11 12:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2012/12/11 12:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll

MOD - [2012/09/11 02:13:04 | 003,039,056 | -HS- | M] () -- \\?\C:\ProgramData\Microsoft\PlayReady\Cache\S-1-5-21-1378216186-232563498-1211227599-1001\MSPRindiv01.key

MOD - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe

========== Services (SafeList) ==========

SRV:64bit: - [2012/12/19 14:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/04/06 18:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)

SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013/06/06 17:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013/06/06 12:18:54 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)

SRV - [2013/06/05 17:08:41 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2012/08/28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2012/02/20 01:51:36 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)

SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/06/16 22:40:58 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)

SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/10/13 18:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/19 15:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2012/12/19 15:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/12/19 14:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/11/06 06:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/08/01 16:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)

DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2011/04/09 22:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/07 04:22:00 | 000,065,280 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)

DRV:64bit: - [2011/03/07 04:22:00 | 000,040,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)

DRV:64bit: - [2011/01/13 06:58:00 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/01/10 20:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)

DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/14 12:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010/09/21 11:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)

DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)

DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2013/06/07 00:59:20 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - [2011/11/03 16:26:42 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}

IE:64bit: - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}

IE - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1378216186-232563498-1211227599-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKU\S-1-5-21-1378216186-232563498-1211227599-1001\..\SearchScopes,DefaultScope = {1D18A755-B33B-4cca-BD5F-6B9D80FDA31F}

IE - HKU\S-1-5-21-1378216186-232563498-1211227599-1001\..\SearchScopes\{1D18A755-B33B-4cca-BD5F-6B9D80FDA31F}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}'>http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}

IE - HKU\S-1-5-21-1378216186-232563498-1211227599-1001\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}'>http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}

IE - HKU\S-1-5-21-1378216186-232563498-1211227599-1001\..\SearchScopes\{52BA1A21-BA60-407B-9B57-9135FA9563AD}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=FE04F99C-7F47-4EAB-A7FE-24026CEFD9C1&apn_sauid=F536AC4B-7AB5-49F1-A7AD-8D85C21EA7E5

IE - HKU\S-1-5-21-1378216186-232563498-1211227599-1001\..\SearchScopes\{C047B031-4B7B-458f-838C-6FD6D828B9F8}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV

IE - HKU\S-1-5-21-1378216186-232563498-1211227599-1001\..\SearchScopes\{D755A9D3-5DDA-47ac-9906-211502A2C585}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH

IE - HKU\S-1-5-21-1378216186-232563498-1211227599-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1378216186-232563498-1211227599-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\James\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\James\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/21 09:03:10 | 000,000,000 | ---D | M]

[2012/10/05 20:24:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions

[2012/10/05 20:24:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll

CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: Google Update (Enabled) = C:\Users\James\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Adblock Plus = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\

CHR - Extension: Google Search = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: RealDownloader = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\

CHR - Extension: Google Mail Checker = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\

CHR - Extension: Gmail = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/06/07 00:52:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1378216186-232563498-1211227599-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-1378216186-232563498-1211227599-1001..\Run: [Amazon Cloud Drive] C:\Users\James\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe ()

O4 - HKU\S-1-5-21-1378216186-232563498-1211227599-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()

O4 - HKU\S-1-5-21-1378216186-232563498-1211227599-1001..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-1378216186-232563498-1211227599-1001..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1378216186-232563498-1211227599-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1378216186-232563498-1211227599-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.4.4 4.2.2.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D61E13FA-C188-4A35-A59A-E178DE70E486}: DhcpNameServer = 8.8.4.4 4.2.2.2

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/10/02 13:18:52 | 000,000,000 | R--D | M] - D:\autoplay -- [ UDF ]

O32 - AutoRun File - [2008/10/02 12:46:33 | 003,064,456 | R--- | M] (UBISOFT) - D:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2008/10/02 11:47:42 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ UDF ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/07 01:38:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe

[2013/06/07 00:52:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/06/07 00:35:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/06/07 00:35:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/06/07 00:35:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/06/07 00:35:23 | 000,000,000 | ---D | C] -- C:\ComboFix

[2013/06/07 00:35:21 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/06/07 00:35:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/06/07 00:32:17 | 005,077,996 | R--- | C] (Swearware) -- C:\Users\James\Desktop\ComboFix.exe

[2013/06/07 00:15:59 | 000,000,000 | ---D | C] -- C:\Users\James\mbar

[2013/06/07 00:12:34 | 000,000,000 | ---D | C] -- C:\Users\James\New folder

[2013/06/06 23:55:14 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2013/06/06 23:50:46 | 002,239,840 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\James\Desktop\tdsskiller.exe

[2013/06/06 12:14:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft

[2013/06/05 20:27:59 | 000,000,000 | RH-D | C] -- C:\Users\James\AppData\Roaming\SecuROM

[2013/06/05 18:25:53 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll

[2013/06/05 18:22:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}

[2013/05/15 03:00:45 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/05/15 03:00:45 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/05/15 03:00:45 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/05/15 03:00:44 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/05/15 03:00:44 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/05/15 03:00:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/05/15 03:00:44 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/05/15 03:00:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/05/15 03:00:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/05/15 03:00:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/05/15 03:00:44 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/05/15 03:00:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/05/15 03:00:41 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/05/15 03:00:41 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/05/15 03:00:41 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/05/14 16:40:00 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys

[2013/05/14 16:40:00 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll

[2013/05/14 16:39:53 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll

[2013/05/14 16:39:53 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll

[2013/05/14 16:39:52 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll

[2013/05/14 16:39:52 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe

[2013/05/14 16:39:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\SysNative\

[2013/06/07 01:38:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe

[2013/06/07 01:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/06/07 01:06:09 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/06/07 01:06:09 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/06/07 01:05:20 | 000,890,839 | ---- | M] () -- C:\Users\James\Desktop\SecurityCheck.exe

[2013/06/07 01:05:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1378216186-232563498-1211227599-1001UA.job

[2013/06/07 00:59:20 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys

[2013/06/07 00:58:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/06/07 00:58:37 | 2082,299,903 | -HS- | M] () -- C:\hiberfil.sys

[2013/06/07 00:52:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/06/07 00:32:20 | 005,077,996 | R--- | M] (Swearware) -- C:\Users\James\Desktop\ComboFix.exe

[2013/06/06 23:50:48 | 002,239,840 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\James\Desktop\tdsskiller.exe

[2013/06/06 18:16:11 | 000,000,622 | ---- | M] () -- C:\Users\James\Desktop\Far Cry® 2 - Shortcut.lnk

[2013/06/06 16:27:49 | 000,000,355 | ---- | M] () -- C:\Users\James\Desktop\My Comp.lnk

[2013/06/06 12:18:54 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2013/06/06 12:18:46 | 002,250,024 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe

[2013/06/06 12:11:08 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1378216186-232563498-1211227599-1001Core.job

[2013/06/05 19:06:00 | 000,002,364 | ---- | M] () -- C:\Users\James\Desktop\Google Chrome.lnk

[2013/06/05 18:25:53 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll

[2013/06/05 18:08:40 | 000,002,628 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg

[2013/06/05 17:08:41 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/06/05 17:08:41 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/05/21 23:23:57 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2013/05/21 23:23:57 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2013/05/15 03:23:07 | 000,277,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/05/15 03:02:30 | 000,741,188 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/05/15 03:02:30 | 000,624,606 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/05/15 03:02:30 | 000,106,724 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/05/14 08:58:52 | 000,011,020 | ---- | M] () -- C:\Users\James\Desktop\VitalChek Order Receipt.htm

[2013/05/13 12:12:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Windows\SysNative\

[2013/06/07 01:05:19 | 000,890,839 | ---- | C] () -- C:\Users\James\Desktop\SecurityCheck.exe

[2013/06/07 00:35:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/06/07 00:35:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/06/07 00:35:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/06/07 00:35:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/06/07 00:35:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/06/06 18:16:11 | 000,000,622 | ---- | C] () -- C:\Users\James\Desktop\Far Cry® 2 - Shortcut.lnk

[2013/06/06 16:27:49 | 000,000,355 | ---- | C] () -- C:\Users\James\Desktop\My Comp.lnk

[2013/06/06 12:18:46 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2013/06/05 18:08:40 | 000,002,628 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg

[2013/05/14 08:58:52 | 000,011,020 | ---- | C] () -- C:\Users\James\Desktop\VitalChek Order Receipt.htm

[2012/12/19 14:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/12/19 14:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2012/03/19 09:24:29 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/11/06 02:15:12 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011/11/06 02:15:11 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011/10/15 13:40:00 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys

[2011/10/15 13:36:42 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll

[2011/10/15 13:34:01 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2011/10/15 13:34:00 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2011/10/15 13:34:00 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011/10/15 13:34:00 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011/10/15 13:34:00 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011/10/15 13:31:30 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2013/06/06 12:12:44 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\L

[2013/06/06 23:57:41 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\U

[2013/06/05 16:47:27 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\L\00000004.@

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Extras.txt :

OTL Extras logfile created on: 6/7/2013 1:39:35 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\James\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16576)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.92 Gb Total Physical Memory | 5.90 Gb Available Physical Memory | 74.48% Memory free

15.84 Gb Paging File | 13.40 Gb Available in Paging File | 84.61% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 403.80 Gb Free Space | 43.35% Space Free | Partition Type: NTFS

Drive D: | 3.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"TCP Query User{710211F4-A318-402C-9529-DC590CC991D1}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"UDP Query User{DDB16FB7-CCF0-48A5-B593-4E146BA7FFCF}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager

"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes

"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support

"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2

"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64

"{ADED6869-D6D1-671E-9653-3782C21FA809}" = AMD Drag and Drop Transcoding

"{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}" = Motorola Mobile Drivers Installation 5.4.0

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French

"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech

"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21

"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{293FE8CE-376E-4F5E-B129-D3A2065F2EA7}" = Amazon Cloud Drive

"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK

"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B11.0512.1

"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1

"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English

"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0512.1

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4D5308D2-DC8E-4658-A37C-351000048100}" = Microsoft Flight

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1

"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3

"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian

"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai

"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center

"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®

"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas

"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™

"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center

"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker

"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish

"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard

"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)

"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War

"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean

"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish

"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia

"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common

"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional

"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller

"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash

"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All

"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian

"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish

"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2

"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Battlelog Web Plugins" = Battlelog Web Plugins

"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11

"Crysis WARHEAD®" = Crysis WARHEAD®

"ESN Sonar-0.70.4" = ESN Sonar

"GFWL_{4D5308D2-DC8E-4658-A37C-351000048100}" = Microsoft Flight

"Guild Wars 2" = Guild Wars 2

"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0512.1

"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller

"Logitech Vid" = Logitech Vid HD

"MotoHelper" = MotoHelper 2.1.32 Driver 5.4.0

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Origin" = Origin

"PunkBusterSvc" = PunkBuster Services

"RealPlayer 16.0" = RealPlayer

"Steam App 10" = Counter-Strike

"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes

"Steam App 12900" = Audiosurf

"Steam App 17410" = Mirror's Edge

"Steam App 22380" = Fallout: New Vegas

"Steam App 34330" = Total War: SHOGUN 2

"Steam App 550" = Left 4 Dead 2

"Steam App 80" = Counter-Strike: Condition Zero

"Steam App 8980" = Borderlands

"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1378216186-232563498-1211227599-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 3/31/2013 2:21:37 AM | Computer Name = James-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 3011

Error - 3/31/2013 2:21:37 AM | Computer Name = James-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 3011

Error - 3/31/2013 2:21:38 AM | Computer Name = James-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/31/2013 2:21:38 AM | Computer Name = James-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 4009

Error - 3/31/2013 2:21:38 AM | Computer Name = James-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 4009

Error - 3/31/2013 2:21:39 AM | Computer Name = James-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/31/2013 2:21:39 AM | Computer Name = James-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 5008

Error - 3/31/2013 2:21:39 AM | Computer Name = James-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 5008

Error - 3/31/2013 2:53:05 AM | Computer Name = James-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/31/2013 2:53:05 AM | Computer Name = James-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 998

[ Media Center Events ]

Error - 11/28/2011 2:11:19 PM | Computer Name = James-PC | Source = MCUpdate | ID = 0

Description = 12:11:19 PM - Error connecting to the internet. 12:11:19 PM - Unable

to contact server..

Error - 11/28/2011 3:15:57 PM | Computer Name = James-PC | Source = MCUpdate | ID = 0

Description = 1:15:57 PM - Error connecting to the internet. 1:15:57 PM - Unable

to contact server..

Error - 11/29/2011 12:55:38 PM | Computer Name = James-PC | Source = MCUpdate | ID = 0

Description = 10:55:38 AM - Error connecting to the internet. 10:55:38 AM - Unable

to contact server..

Error - 11/29/2011 1:55:43 PM | Computer Name = James-PC | Source = MCUpdate | ID = 0

Description = 11:55:43 AM - Error connecting to the internet. 11:55:43 AM - Unable

to contact server..

Error - 11/30/2011 12:39:08 AM | Computer Name = James-PC | Source = MCUpdate | ID = 0

Description = 10:39:08 PM - Error connecting to the internet. 10:39:08 PM - Unable

to contact server..

Error - 11/30/2011 12:39:14 AM | Computer Name = James-PC | Source = MCUpdate | ID = 0

Description = 10:39:13 PM - Error connecting to the internet. 10:39:13 PM - Unable

to contact server..

Error - 11/30/2011 1:39:18 AM | Computer Name = James-PC | Source = MCUpdate | ID = 0

Description = 11:39:18 PM - Error connecting to the internet. 11:39:18 PM - Unable

to contact server..

Error - 11/30/2011 1:39:23 AM | Computer Name = James-PC | Source = MCUpdate | ID = 0

Description = 11:39:23 PM - Error connecting to the internet. 11:39:23 PM - Unable

to contact server..

Error - 12/7/2011 12:41:57 AM | Computer Name = James-PC | Source = MCUpdate | ID = 0

Description = 10:41:57 PM - Error connecting to the internet. 10:41:57 PM - Unable

to contact server..

Error - 12/7/2011 12:42:02 AM | Computer Name = James-PC | Source = MCUpdate | ID = 0

Description = 10:42:02 PM - Error connecting to the internet. 10:42:02 PM - Unable

to contact server..

[ System Events ]

Error - 6/7/2013 1:00:21 AM | Computer Name = James-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Steam

Client Service service to connect.

Error - 6/7/2013 1:00:21 AM | Computer Name = James-PC | Source = Service Control Manager | ID = 7000

Description = The Steam Client Service service failed to start due to the following

error: %%1053

Error - 6/7/2013 1:35:13 AM | Computer Name = James-PC | Source = Service Control Manager | ID = 7034

Description = The Skype C2C Service service terminated unexpectedly. It has done

this 1 time(s).

Error - 6/7/2013 1:42:12 AM | Computer Name = James-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 6/7/2013 1:46:52 AM | Computer Name = James-PC | Source = Application Popup | ID = 1060

Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility

with this system. Please contact your software vendor for a compatible version

of the driver.

Error - 6/7/2013 1:47:45 AM | Computer Name = James-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 6/7/2013 1:47:48 AM | Computer Name = James-PC | Source = Service Control Manager | ID = 7034

Description = The Process Monitor service terminated unexpectedly. It has done

this 1 time(s).

Error - 6/7/2013 1:48:41 AM | Computer Name = James-PC | Source = Service Control Manager | ID = 7023

Description = The WinDefend service terminated with the following error: %%5

Error - 6/7/2013 1:55:48 AM | Computer Name = James-PC | Source = Service Control Manager | ID = 7034

Description = The Process Monitor service terminated unexpectedly. It has done

this 1 time(s).

Error - 6/7/2013 1:58:51 AM | Computer Name = James-PC | Source = Service Control Manager | ID = 7023

Description = The WinDefend service terminated with the following error: %%5

< End of report >

1hyme2 · June 7, 2013

last two logs from ESETScan, wow that took a looong time

export to text file log :

C:\TDSSKiller_Quarantine\06.06.2013_23.53.34\zasubsys0000\file0000\tsk0000.dta Win64/Patched.A.Gen trojan deleted - quarantined

C:\TDSSKiller_Quarantine\06.06.2013_23.53.34\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\06.06.2013_23.53.34\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.W trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\06.06.2013_23.53.34\zasubsys0000\zafs0000\tsk0006.dta Win64/Conedex.C trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\06.06.2013_23.53.34\zasubsys0000\zafs0000\tsk0008.dta Win64/Conedex.B trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\06.06.2013_23.53.34\zasubsys0000\zafs0000\tsk0009.dta Win64/Sirefef.AW trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\06.06.2013_23.53.34\zasubsys0000\zafs0000\tsk0010.dta a variant of Win32/Sirefef.FV trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\06.06.2013_23.53.34\zasubsys0000\zafs0000\tsk0011.dta a variant of Win64/Sirefef.AN trojan cleaned by deleting - quarantined

C:\Users\Public\Videos\potato things\jagx234\Desktop\james\dl\gb2beta-setup.exe probably unknown NewHeur_PE virus cleaned by deleting - quarantined

C:\Users\Public\Videos\potato things\jagx234\Desktop\james\dl\reginout_setup.exe multiple threats cleaned by deleting - quarantined

programfiles log :

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=4eff89f62263784eb697550eb08b1935

# engine=14015

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-06-07 10:04:25

# local_time=2013-06-07 05:04:25 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 29 0 79358254 0 0

# scanned=748834

# found=10

# cleaned=10

# scan_time=11283

sh=CCB938D9BEA1626D4786D96ED26A96EE392E314B ft=1 fh=0c5d2e9df5c5a0a5 vn="Win64/Patched.A.Gen trojan (deleted - quarantined)" ac=C fn="C:\TDSSKiller_Quarantine\06.06.2013_23.53.34\zasubsys0000\file0000\tsk0000.dta"

sh=1728444F6D66A543C4E38B92A9CC1D2D332B72F0 ft=1 fh=6bf8034f6983546b vn="Win32/Sirefef.EZ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\TDSSKiller_Quarantine\06.06.2013_23.53.34\zasubsys0000\zafs0000\tsk0000.dta"

sh=A0E57BAC8B2A6FF64937D45029FF31FA0F873B30 ft=1 fh=bbc320f44d9ef8bc vn="Win64/Sirefef.W trojan (cleaned by deleting - quarantined)" ac=C fn="C:\TDSSKiller_Quarantine\06.06.2013_23.53.34\zasubsys0000\zafs0000\tsk0001.dta"

sh=46C1319EE38510C365A4226621DE30BDF7E462FF ft=1 fh=662930a683ab766b vn="Win64/Conedex.C trojan (cleaned by deleting - quarantined)" ac=C fn="C:\TDSSKiller_Quarantine\06.06.2013_23.53.34\zasubsys0000\zafs0000\tsk0006.dta"

sh=810E28D4E7B28D658DC48A82F0C65B46149AAE89 ft=1 fh=120d32a29875bbd8 vn="Win64/Conedex.B trojan (cleaned by deleting - quarantined)" ac=C fn="C:\TDSSKiller_Quarantine\06.06.2013_23.53.34\zasubsys0000\zafs0000\tsk0008.dta"

sh=061A3739739904F13A5B9ADCBF4AC2E8A3157B18 ft=1 fh=3f70b78fb0084ee4 vn="Win64/Sirefef.AW trojan (cleaned by deleting - quarantined)" ac=C fn="C:\TDSSKiller_Quarantine\06.06.2013_23.53.34\zasubsys0000\zafs0000\tsk0009.dta"

sh=B13BD8868B583578C5146AFB237DC55B85512158 ft=1 fh=cc5cb84c7733d7f0 vn="a variant of Win32/Sirefef.FV trojan (cleaned by deleting - quarantined)" ac=C fn="C:\TDSSKiller_Quarantine\06.06.2013_23.53.34\zasubsys0000\zafs0000\tsk0010.dta"

sh=48C3E4403B2099D7CE9BBB89FF0F0CCBF77981F4 ft=1 fh=1d52409ede4e2f84 vn="a variant of Win64/Sirefef.AN trojan (cleaned by deleting - quarantined)" ac=C fn="C:\TDSSKiller_Quarantine\06.06.2013_23.53.34\zasubsys0000\zafs0000\tsk0011.dta"

sh=638C4FD585025BF34A1FF4403321512543B90743 ft=1 fh=4d80609fb8ffe871 vn="probably unknown NewHeur_PE virus (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Public\Videos\potato things\jagx234\Desktop\james\dl\gb2beta-setup.exe"

sh=700E799BEC18B763DC50FC4EF9AC10E2255FB260 ft=1 fh=07cd96e938ab64d2 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Public\Videos\potato things\jagx234\Desktop\james\dl\reginout_setup.exe"

1hyme2 · June 7, 2013

Also, there was a "delete quarantined files" option that wasn't in the directions, so I didn't do it. But it nags me like maybe I should have?

D-FRED-BROWN · June 7, 2013

Also, there was a "delete quarantined files" option that wasn't in the directions, so I didn't do it. But it nags me like maybe I should have?

I wouldn't worry about it- all the major threats it detected were already quarantined by TDSSKiller .

--------------------

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the

textbox.

:OTL
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2013/06/06 12:12:44 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\L
[2013/06/06 23:57:41 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\U
[2013/06/05 16:47:27 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\L\00000004.@
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.

1hyme2 · June 7, 2013

here is the mbam log, will run the otl fix next :

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.06.07.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16576

James :: JAMES-PC [administrator]

6/7/2013 5:52:45 AM

MBAM-log-2013-06-07 (12-34-41).txt

Scan type: Full scan (C:\|Q:\|)

Scan options disabled: P2P

Objects scanned: 954172

Time elapsed: 1 hour(s), 33 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\James\Desktop\dl\etype_setup.exe (PUP.BundleInstaller.IB) -> No action taken.

C:\Users\Public\Videos\potato things\jagx234\Desktop\james\dl\media.player.codec.pack.v3.9.6.setup.exe (PUP.Dealio.TB) -> No action taken.

(end)

1hyme2 · June 7, 2013

OTL fix log:

All processes killed

========== OTL ==========

C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP\WiseCustomCalla.dll deleted successfully.

C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP folder deleted successfully.

C:\Windows\msdownld.tmp folder deleted successfully.

C:\Windows\Installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\L folder moved successfully.

C:\Windows\Installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\U folder moved successfully.

File C:\Windows\Installer\{d7dc0b73-a22a-9667-5b1c-56b926773dbd}\L\00000004.@ not found.

C:\Windows\assembly\Desktop.ini moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: James

->Temp folder emptied: 1496391 bytes

->Temporary Internet Files folder emptied: 15348358 bytes

->Java cache emptied: 22342018 bytes

->Google Chrome cache emptied: 481722989 bytes

->Flash cache emptied: 105270 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 245617 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78039 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 497.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: James

->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: James

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 06072013_124159

Files\Folders moved on Reboot...

C:\Users\James\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

1hyme2 · June 7, 2013

I keep trying to download mbar, and i keep getting an empty folder after extraction. With all of the things that have been removed, is there still something blocking it? I dont have any other zipped files on my computer to even test if I am messing up somewhere, but I've unzipped hundreds of files before. I'd like to think I can easily do something that basic, but it keeps failing...

1hyme2 · June 7, 2013

I also can't find the edit option, so must make a new post. Windows defender still won't turn on, and I can't find security essentials anywhere to turn on instead, must not have it. Is something I have downloaded from here running real time protection now?

D-FRED-BROWN · June 7, 2013

I keep trying to download mbar, and i keep getting an empty folder after extraction. With all of the things that have been removed, is there still something blocking it? I dont have any other zipped files on my computer to even test if I am messing up somewhere, but I've unzipped hundreds of files before. I'd like to think I can easily do something that basic, but it keeps failing...

Try downloading it and extracting it on a different computer, and then just copy over the files via a USB flash drive.

I also can't find the edit option, so must make a new post. Windows defender still won't turn on, and I can't find security essentials anywhere to turn on instead, must not have it. Is something I have downloaded from here running real time protection now?

I wouldn't worry about Windows Defender for now- let's focus on clearing out the main infection (which may actually be responsible for blocking Windows Defender), and then we'll worry about getting it again.

For now, see if you can transfer MBAR over. Let me know how it goes.

1hyme2 · June 8, 2013

<div>Malwarebytes Anti-Rootkit BETA 1.06.0.1003</div>

<div>www.malwarebytes.org</div>

<div>Database version: v2013.06.07.10</div>

<div>Windows 7 Service Pack 1 x64 FAT</div>

<div>Internet Explorer 10.0.9200.16576</div>

<div>James :: JAMES-PC [administrator]</div>

<div>Scan type: Quick scan</div>

<div>Scan options disabled: Deep Anti-Rootkit Scan | PUP</div>

<div>Objects scanned: 232760</div>

<div>Time elapsed: 6 minute(s), 53 second(s)</div>

<div>Memory Processes Detected: 0</div>