1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Been locking up, then Bluescreened... Help!?

Discussion in 'Virus & Other Malware Removal' started by norgalis, Jun 22, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. norgalis

    norgalis Thread Starter

    Joined:
    Jul 5, 2006
    Messages:
    113
    Whoa, my PC's been locking up alot lately, and It bluescreen'd earlier. I haven't been here in some time, and was hoping this community was still active! Would you help, please? Here's my HJT log... Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:56:31 AM, on 6/22/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\PROGRA~2\AD-AWA~1\AdAware.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://idp.socal.safemls.net/idp/Authn/UserPassword R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421; R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Spotify] "C:\Users\Owner\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NitroPDFDriverCreatorReadSpool2 (NitroDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RosettaStoneDaemon - Rosetta Stone Ltd. - C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: wordpressApache - Apache Software Foundation - C:\PROGRA~1\BITNAM~1\apache2\bin\httpd.exe O23 - Service: wordpressMySQL - Unknown owner - C:\Program Files\BitNami WordPress Stack\mysql\bin\mysqld.exe -- End of file - 14663 bytes Warm Regards, Norgalis
     
  2. norgalis

    norgalis Thread Starter

    Joined:
    Jul 5, 2006
    Messages:
    113
    bumped?
     
  3. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    Please download DDS from either of these links

    LINK 1
    LINK 2

    and save it to your desktop.
    • Disable any script blocking protection
    • Right-click and Run as Administrator dds to run the tool.
    • When done, two DDS.txt's will open.
    • Save both reports to your desktop.
    ---------------------------------------------------
    Please include the contents of the following in your next reply:

    DDS.txt

    Attach.txt
    ----------

    Please download aswMBR to your desktop.

    • Right click and Run as Administrator the aswMBR icon to run it.
    • Click the Scan button to start scan.
    • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

    [​IMG]
    Click the image to enlarge it
    ----------

    In your next reply please post the logs made by DDS and aswMBR.exe :)
     
  4. norgalis

    norgalis Thread Starter

    Joined:
    Jul 5, 2006
    Messages:
    113
    Thank You!

    Here is DDS.txt

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
    Run by Owner at 12:13:07 on 2012-06-28
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2289 [GMT -7:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
    C:\Windows\SysWOW64\NLSSRV32.EXE
    C:\Program Files\Core Temp\Core Temp.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\Explorer.EXE
    c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\PROGRA~1\BITNAM~1\apache2\bin\httpd.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\PROGRA~1\BITNAM~1\apache2\bin\httpd.exe
    C:\Program Files\BitNami WordPress Stack\mysql\bin\mysqld.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
    C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
    C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k HPService
    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\system32\msiexec.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://idp.socal.safemls.net/idp/Authn/UserPassword
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    mWinlogon: Userinit=userinit.exe
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
    uRun: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
    uRun: [Spotify Web Helper] "C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [Spotify] "C:\Users\Owner\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    TCP: Interfaces\{A1276109-6B98-4FB0-B58B-5A6E3D6C60DE} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    TCP: Interfaces\{FDE70ECB-A23E-4282-A4AC-1B1A774F6F91} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    TCP: Interfaces\{FDE70ECB-A23E-4282-A4AC-1B1A774F6F91}\C696E6B6379737 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wbhqclo9.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.wikipedia.org/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npatgpc.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2011-11-2 341280]
    R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2011-11-2 68896]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-7 2214504]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
    R2 wordpressApache;wordpressApache;C:\PROGRA~1\BITNAM~1\apache2\bin\httpd.exe [2011-9-29 20549]
    R2 wordpressMySQL;wordpressMySQL;C:\Program Files\BitNami WordPress Stack\mysql\bin\mysqld.exe [2011-9-29 6107136]
    R3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\Windows\system32\DRIVERS\AE2500w764.sys --> C:\Windows\system32\DRIVERS\AE2500w764.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    RUnknown SbFw;SbFw; [x]
    RUnknown SBFWIMCLMP;SBFWIMCLMP; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 250056]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29 136176]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-1-7 17152]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120]
    S3 rt61x64;Linksys Wireless-G PCI Adapter Driver;C:\Windows\system32\DRIVERS\WMP54Gv41x64.sys --> C:\Windows\system32\DRIVERS\WMP54Gv41x64.sys [?]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    SUnknown sbhips;sbhips; [x]
    .
    =============== Created Last 30 ================
    .
    2012-06-28 19:08:06 -------- d-----w- C:\ProgramData\GFI Software
    2012-06-25 17:41:02 -------- d-----w- C:\Program Files\Core Temp
    2012-06-23 20:33:28 -------- d-----w- C:\Users\Owner\AppData\Local\Macromedia
    2012-06-22 17:47:53 388096 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-06-22 17:47:52 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2012-06-21 01:16:33 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-21 01:15:52 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-21 01:15:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-21 01:15:09 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-17 23:50:06 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-06-17 23:50:06 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-06-17 22:07:20 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{92B8BA65-5854-40F7-B493-DDE79626FEC2}\mpengine.dll
    2012-06-14 20:58:26 -------- d-----w- C:\Users\Owner\AppData\Local\adawarebp
    2012-06-14 04:54:43 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-14 04:54:02 525312 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
    2012-06-14 04:54:01 505344 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
    2012-06-14 04:52:53 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-06-14 04:52:48 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-06-14 04:52:45 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-06-14 04:52:42 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-06-14 04:52:38 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-06-14 04:52:35 3216384 ----a-w- C:\Windows\System32\msi.dll
    2012-06-14 04:52:34 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    2012-06-14 04:52:11 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-06-14 04:52:10 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-06-14 04:52:10 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-06-14 04:52:10 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-06-14 04:52:09 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-06-14 04:52:09 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-06-11 21:55:15 -------- d-----w- C:\Users\Owner\AppData\Local\Spotify
    2012-06-11 21:54:56 -------- d-----w- C:\Users\Owner\AppData\Roaming\Spotify
    2012-06-11 01:50:01 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-11 01:50:01 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
    .
    ==================== Find3M ====================
    .
    2012-06-23 03:03:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-23 03:03:16 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 12:15:46.58 ===============


    Here is ATTACH.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/7/2011 1:50:16 PM
    System Uptime: 6/28/2012 11:26:04 AM (1 hours ago)
    .
    Motherboard: XFX | | MI-A78S-8209
    Processor: AMD Phenom(tm) 8650 Triple-Core Processor | CPU 1 | 2300/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 279 GiB total, 42.271 GiB free.
    D: is CDROM ()
    E: is CDROM (UDF)
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart C4700 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart C4700 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Photosmart C4700 series
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Photosmart C4700 series
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    ==== System Restore Points ===================
    .
    RP177: 6/22/2012 10:46:24 AM - Installed HiJackThis
    RP178: 6/28/2012 11:40:50 AM - Removed Rosetta Stone Homeschool
    RP179: 6/28/2012 11:43:20 AM - Removed Rosetta Stone Homeschool
    RP180: 6/28/2012 11:49:43 AM - Removed Rosetta Stone Ltd Services
    RP181: 6/28/2012 11:52:15 AM - Removed Rosetta Stone TOTALe
    RP182: 6/28/2012 11:52:41 AM - Removed Rosetta Stone TOTALe
    RP183: 6/28/2012 11:57:02 AM - Removed Snagit 10.0.1
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office system
    Ad-Aware Browsing Protection
    Adobe AIR
    Adobe Community Help
    Adobe Download Assistant
    Adobe Flash Player 11 Plugin
    Adobe Photoshop CS5.1
    Adobe Photoshop Elements 9
    Adobe Photoshop.com Inspiration Browser
    Adobe Reader X (10.1.3)
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Apple Application Support
    Apple Software Update
    Assassin's Creed
    Baldur's Gate(TM) II - Shadows of Amn(TM)
    BitNami WordPress Stack
    BufferChm
    Business Contact Manager for Outlook 2007 SP2
    C4700
    Counter-Strike: Source
    Coupon Printer for Windows
    Crysis(R)
    D3DX10
    DAEMON Tools Lite
    Destinations
    DeviceDiscovery
    Dino D-Day
    Dragon Age II
    Dragon Age: Origins
    Dungeon and Dragons: Neverwinter Nights Complete
    Elements 9 Organizer
    Elements STI Installer
    F.E.A.R. 2: Project Origin
    F.E.A.R. 3
    FranklinCovey Forms Wizard
    Google Apps Migration For Microsoft Outlook® 2.3.12.34
    Google Apps Sync™ for Microsoft Outlook® 3.1.94.203
    Google Update Helper
    GPBaseService2
    Half-Life 2
    Half-Life 2: Deathmatch
    Hewlett-Packard ACLM.NET v1.1.0.0
    HiJackThis
    HP Photo Creations
    HP Product Detection
    HP Update
    HPDiagnosticAlert
    HPPhotoGadget
    HPProductAssistant
    HPSSupply
    Java Auto Updater
    Java(TM) 6 Update 26
    Junk Mail filter update
    L.A. Noire
    L.A. Noire: The Complete Edition
    Left 4 Dead
    MarketResearch
    Mesh Runtime
    Messenger Companion
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Accounting 2007
    Microsoft Office Accounting ADP Payroll Addin
    Microsoft Office Accounting Equifax Addin
    Microsoft Office Accounting Fixed Asset Manager
    Microsoft Office Accounting PayPal Addin
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Setup Support Files (English)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA 3D Vision Controller Driver
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Oblivion
    PDF Settings CS5
    PrimoPDF -- brought to you by Nitro PDF Software
    PS_AIO_06_C4700_SW_Min
    PunkBuster Services
    QuickTime
    QuickTransfer
    Realtek High Definition Audio Driver
    Rockstar Games Social Club
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    ShufflePlusVLOI
    SmartWebPrinting
    SolutionCenter
    Spotify
    Status
    Steam
    The Elder Scrolls V: Skyrim
    Toolbox
    TrayApp
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VLC media player 1.1.9
    WebReg
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    zipForm6
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/28/2012 12:10:03 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
    6/28/2012 12:10:03 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
    6/28/2012 12:10:03 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
    6/28/2012 11:22:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    6/28/2012 11:22:30 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    6/28/2012 11:07:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/28/2012 11:07:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    6/28/2012 11:07:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    6/28/2012 11:07:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    6/28/2012 11:07:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/28/2012 11:07:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/28/2012 11:00:30 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache kl2 KLIF KLIM6 NetBIOS NetBT nsiproxy Psched rdbss SbFw spldr sptd tdx vwififlt Wanarpv6 WfpLwf
    6/28/2012 11:00:28 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/28/2012 11:00:28 AM, Error: Service Control Manager [7001] - The wordpressApache service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/28/2012 11:00:28 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/28/2012 11:00:28 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    6/28/2012 11:00:28 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/28/2012 11:00:28 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/28/2012 11:00:28 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    6/28/2012 11:00:28 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/28/2012 11:00:28 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/28/2012 11:00:28 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/28/2012 11:00:28 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/28/2012 11:00:03 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    6/26/2012 10:32:18 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    6/26/2012 10:29:33 AM, Error: Service Control Manager [7022] - The Kaspersky Anti-Virus Service service hung on starting.
    6/22/2012 10:42:38 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa800453dfb2, 0x0000000000000000, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062212-24086-01.
    6/21/2012 3:43:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Ad-Aware service to connect.
    6/21/2012 3:43:09 PM, Error: Service Control Manager [7000] - The Ad-Aware service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/21/2012 3:43:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service SBAMSvc with arguments "" in order to run the server: {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43}
    .
    ==== End Of File ===========================


    here is ASWMBR.txt

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-28 12:19:54
    -----------------------------
    12:19:54.141 OS Version: Windows x64 6.1.7601 Service Pack 1
    12:19:54.141 Number of processors: 3 586 0x203
    12:19:54.142 ComputerName: OWNER-PC UserName: Owner
    12:19:55.601 Initialize success
    12:20:04.134 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
    12:20:04.136 Disk 0 Vendor: Maxtor_6L300S0 BACE1G20 Size: 286188MB BusType: 3
    12:20:04.143 Disk 0 MBR read successfully
    12:20:04.145 Disk 0 MBR scan
    12:20:04.147 Disk 0 Windows 7 default MBR code
    12:20:04.149 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286173 MB offset 63
    12:20:04.160 Disk 0 scanning C:\Windows\system32\drivers
    12:20:11.427 Service scanning
    12:20:24.959 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    12:20:29.847 Modules scanning
    12:20:29.853 Disk 0 trace - called modules:
    12:20:29.865 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80039a92c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    12:20:29.868 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800495c060]
    12:20:29.872 3 CLASSPNP.SYS[fffff8800200143f] -> nt!IofCallDriver -> [0xfffffa8003aff520]
    12:20:30.201 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8003b02680]
    12:20:30.206 \Driver\atapi[0xfffffa8003adbe70] -> IRP_MJ_CREATE -> 0xfffffa80039a92c0
    12:20:30.210 Scan finished successfully
    12:20:36.664 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
    12:20:36.669 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
     
  5. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • when the window opens, click on Change Parameters
    • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
    • click OK
    • Press Start Scan
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
    • Attach the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    ----------
     
  6. norgalis

    norgalis Thread Starter

    Joined:
    Jul 5, 2006
    Messages:
    113
    13:58:34.0564 2600 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
    13:58:34.0944 2600 ============================================================
    13:58:34.0944 2600 Current date / time: 2012/06/28 13:58:34.0944
    13:58:34.0944 2600 SystemInfo:
    13:58:34.0944 2600
    13:58:34.0944 2600 OS Version: 6.1.7601 ServicePack: 1.0
    13:58:34.0944 2600 Product type: Workstation
    13:58:34.0944 2600 ComputerName: OWNER-PC
    13:58:34.0944 2600 UserName: Owner
    13:58:34.0944 2600 Windows directory: C:\Windows
    13:58:34.0944 2600 System windows directory: C:\Windows
    13:58:34.0944 2600 Running under WOW64
    13:58:34.0944 2600 Processor architecture: Intel x64
    13:58:34.0944 2600 Number of processors: 3
    13:58:34.0944 2600 Page size: 0x1000
    13:58:34.0944 2600 Boot type: Normal boot
    13:58:34.0944 2600 ============================================================
    13:58:36.0382 2600 Drive \Device\Harddisk0\DR0 - Size: 0x45DECD2000 (279.48 Gb), SectorSize: 0x200, Cylinders: 0x8E83, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    13:58:36.0382 2600 ============================================================
    13:58:36.0382 2600 \Device\Harddisk0\DR0:
    13:58:36.0382 2600 MBR partitions:
    13:58:36.0382 2600 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EEEBC3
    13:58:36.0382 2600 ============================================================
    13:58:36.0413 2600 C: <-> \Device\Harddisk0\DR0\Partition0
    13:58:36.0413 2600 ============================================================
    13:58:36.0413 2600 Initialize success
    13:58:36.0413 2600 ============================================================
    13:58:52.0824 6544 ============================================================
    13:58:52.0824 6544 Scan started
    13:58:52.0824 6544 Mode: Manual; TDLFS;
    13:58:52.0824 6544 ============================================================
    13:58:53.0901 6544 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    13:58:53.0916 6544 1394ohci - ok
    13:58:54.0010 6544 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    13:58:54.0010 6544 ACPI - ok
    13:58:54.0010 6544 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    13:58:54.0010 6544 AcpiPmi - ok
    13:58:54.0150 6544 AdobeActiveFileMonitor9.0 (1474f121c3df1232d3e7239c03691ee6) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    13:58:54.0150 6544 AdobeActiveFileMonitor9.0 - ok
    13:58:54.0275 6544 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    13:58:54.0275 6544 AdobeARMservice - ok
    13:58:54.0416 6544 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    13:58:54.0416 6544 AdobeFlashPlayerUpdateSvc - ok
    13:58:54.0478 6544 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    13:58:54.0494 6544 adp94xx - ok
    13:58:54.0572 6544 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    13:58:54.0572 6544 adpahci - ok
    13:58:54.0618 6544 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    13:58:54.0618 6544 adpu320 - ok
    13:58:54.0665 6544 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    13:58:54.0665 6544 AeLookupSvc - ok
    13:58:54.0728 6544 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    13:58:54.0743 6544 AFD - ok
    13:58:54.0790 6544 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    13:58:54.0790 6544 agp440 - ok
    13:58:54.0946 6544 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll
    13:58:54.0946 6544 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
    13:58:54.0962 6544 Akamai ( HiddenFile.Multi.Generic ) - warning
    13:58:54.0962 6544 Akamai - detected HiddenFile.Multi.Generic (1)
    13:58:55.0055 6544 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    13:58:55.0055 6544 ALG - ok
    13:58:55.0118 6544 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    13:58:55.0118 6544 aliide - ok
    13:58:55.0289 6544 ALSysIO - ok
    13:58:55.0305 6544 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    13:58:55.0305 6544 amdide - ok
    13:58:55.0367 6544 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    13:58:55.0367 6544 AmdK8 - ok
    13:58:55.0398 6544 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    13:58:55.0398 6544 AmdPPM - ok
    13:58:55.0414 6544 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    13:58:55.0414 6544 amdsata - ok
    13:58:55.0445 6544 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    13:58:55.0445 6544 amdsbs - ok
    13:58:55.0461 6544 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    13:58:55.0461 6544 amdxata - ok
    13:58:55.0508 6544 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    13:58:55.0508 6544 AppID - ok
    13:58:55.0539 6544 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    13:58:55.0554 6544 AppIDSvc - ok
    13:58:55.0586 6544 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    13:58:55.0586 6544 Appinfo - ok
    13:58:55.0726 6544 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    13:58:55.0742 6544 Apple Mobile Device - ok
    13:58:55.0757 6544 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    13:58:55.0757 6544 arc - ok
    13:58:55.0788 6544 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    13:58:55.0788 6544 arcsas - ok
    13:58:55.0804 6544 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    13:58:55.0804 6544 AsyncMac - ok
    13:58:55.0804 6544 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    13:58:55.0804 6544 atapi - ok
    13:58:55.0851 6544 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    13:58:55.0882 6544 AudioEndpointBuilder - ok
    13:58:55.0882 6544 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    13:58:55.0882 6544 AudioSrv - ok
    13:58:55.0898 6544 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    13:58:55.0913 6544 AxInstSV - ok
    13:58:55.0944 6544 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    13:58:55.0960 6544 b06bdrv - ok
    13:58:55.0976 6544 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    13:58:55.0991 6544 b57nd60a - ok
    13:58:56.0100 6544 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    13:58:56.0100 6544 BcmSqlStartupSvc - ok
    13:58:56.0132 6544 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    13:58:56.0147 6544 BDESVC - ok
    13:58:56.0178 6544 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    13:58:56.0178 6544 Beep - ok
    13:58:56.0225 6544 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    13:58:56.0241 6544 BFE - ok
    13:58:56.0319 6544 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    13:58:56.0334 6544 BITS - ok
    13:58:56.0381 6544 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    13:58:56.0381 6544 blbdrive - ok
    13:58:56.0475 6544 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    13:58:56.0475 6544 Bonjour Service - ok
    13:58:56.0506 6544 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    13:58:56.0506 6544 bowser - ok
    13:58:56.0537 6544 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    13:58:56.0537 6544 BrFiltLo - ok
    13:58:56.0584 6544 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    13:58:56.0584 6544 BrFiltUp - ok
    13:58:56.0615 6544 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    13:58:56.0615 6544 Browser - ok
    13:58:56.0646 6544 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    13:58:56.0646 6544 Brserid - ok
    13:58:56.0678 6544 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    13:58:56.0678 6544 BrSerWdm - ok
    13:58:56.0693 6544 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    13:58:56.0693 6544 BrUsbMdm - ok
    13:58:56.0709 6544 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    13:58:56.0709 6544 BrUsbSer - ok
    13:58:56.0740 6544 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    13:58:56.0740 6544 BTHMODEM - ok
    13:58:56.0771 6544 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    13:58:56.0771 6544 bthserv - ok
    13:58:56.0802 6544 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    13:58:56.0802 6544 cdfs - ok
    13:58:56.0818 6544 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    13:58:56.0818 6544 cdrom - ok
    13:58:56.0849 6544 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    13:58:56.0849 6544 CertPropSvc - ok
    13:58:56.0880 6544 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    13:58:56.0880 6544 circlass - ok
    13:58:56.0896 6544 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    13:58:56.0912 6544 CLFS - ok
    13:58:57.0021 6544 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    13:58:57.0021 6544 clr_optimization_v2.0.50727_32 - ok
    13:58:57.0099 6544 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    13:58:57.0099 6544 clr_optimization_v2.0.50727_64 - ok
    13:58:57.0146 6544 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    13:58:57.0161 6544 clr_optimization_v4.0.30319_32 - ok
    13:58:57.0177 6544 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    13:58:57.0177 6544 clr_optimization_v4.0.30319_64 - ok
    13:58:57.0208 6544 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
    13:58:57.0208 6544 CmBatt - ok
    13:58:57.0255 6544 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    13:58:57.0255 6544 cmdide - ok
    13:58:57.0302 6544 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    13:58:57.0302 6544 CNG - ok
    13:58:57.0333 6544 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
    13:58:57.0333 6544 Compbatt - ok
    13:58:57.0364 6544 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
    13:58:57.0364 6544 CompositeBus - ok
    13:58:57.0364 6544 COMSysApp - ok
    13:58:57.0395 6544 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    13:58:57.0395 6544 crcdisk - ok
    13:58:57.0458 6544 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    13:58:57.0458 6544 CryptSvc - ok
    13:58:57.0582 6544 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    13:58:57.0582 6544 DAUpdaterSvc - ok
    13:58:57.0660 6544 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    13:58:57.0676 6544 DcomLaunch - ok
    13:58:57.0723 6544 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    13:58:57.0723 6544 defragsvc - ok
    13:58:57.0754 6544 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    13:58:57.0754 6544 DfsC - ok
    13:58:57.0816 6544 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    13:58:57.0832 6544 Dhcp - ok
    13:58:57.0832 6544 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    13:58:57.0832 6544 discache - ok
    13:58:57.0863 6544 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    13:58:57.0863 6544 Disk - ok
    13:58:57.0894 6544 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    13:58:57.0910 6544 Dnscache - ok
    13:58:57.0941 6544 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    13:58:57.0957 6544 dot3svc - ok
    13:58:58.0019 6544 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    13:58:58.0019 6544 Dot4 - ok
    13:58:58.0035 6544 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    13:58:58.0035 6544 Dot4Print - ok
    13:58:58.0066 6544 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    13:58:58.0066 6544 dot4usb - ok
    13:58:58.0082 6544 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    13:58:58.0097 6544 DPS - ok
    13:58:58.0128 6544 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    13:58:58.0128 6544 drmkaud - ok
    13:58:58.0191 6544 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    13:58:58.0206 6544 DXGKrnl - ok
    13:58:58.0253 6544 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    13:58:58.0253 6544 EapHost - ok
    13:58:58.0362 6544 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    13:58:58.0378 6544 ebdrv - ok
    13:58:58.0503 6544 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    13:58:58.0503 6544 EFS - ok
    13:58:58.0596 6544 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    13:58:58.0596 6544 ehRecvr - ok
    13:58:58.0659 6544 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    13:58:58.0659 6544 ehSched - ok
    13:58:58.0737 6544 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    13:58:58.0752 6544 elxstor - ok
    13:58:58.0768 6544 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    13:58:58.0768 6544 ErrDev - ok
    13:58:58.0830 6544 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    13:58:58.0846 6544 EventSystem - ok
    13:58:58.0877 6544 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    13:58:58.0877 6544 exfat - ok
    13:58:58.0908 6544 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    13:58:58.0908 6544 fastfat - ok
    13:58:58.0940 6544 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    13:58:58.0955 6544 Fax - ok
    13:58:58.0986 6544 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    13:58:58.0986 6544 fdc - ok
    13:58:59.0002 6544 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    13:58:59.0018 6544 fdPHost - ok
    13:58:59.0033 6544 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    13:58:59.0033 6544 FDResPub - ok
    13:58:59.0049 6544 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    13:58:59.0049 6544 FileInfo - ok
    13:58:59.0096 6544 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    13:58:59.0096 6544 Filetrace - ok
    13:58:59.0252 6544 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    13:58:59.0252 6544 FLEXnet Licensing Service - ok
    13:58:59.0283 6544 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    13:58:59.0283 6544 flpydisk - ok
    13:58:59.0314 6544 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    13:58:59.0314 6544 FltMgr - ok
    13:58:59.0361 6544 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    13:58:59.0392 6544 FontCache - ok
    13:58:59.0517 6544 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    13:58:59.0517 6544 FontCache3.0.0.0 - ok
    13:58:59.0579 6544 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    13:58:59.0579 6544 FsDepends - ok
    13:58:59.0657 6544 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
    13:58:59.0657 6544 fssfltr - ok
    13:58:59.0782 6544 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    13:58:59.0782 6544 fsssvc - ok
    13:58:59.0907 6544 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    13:58:59.0907 6544 Fs_Rec - ok
    13:58:59.0938 6544 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    13:58:59.0954 6544 fvevol - ok
    13:58:59.0985 6544 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    13:58:59.0985 6544 gagp30kx - ok
    13:59:00.0016 6544 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    13:59:00.0016 6544 GEARAspiWDM - ok
    13:59:00.0078 6544 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    13:59:00.0094 6544 gpsvc - ok
    13:59:00.0219 6544 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    13:59:00.0219 6544 gupdate - ok
    13:59:00.0234 6544 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    13:59:00.0234 6544 gupdatem - ok
    13:59:00.0281 6544 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    13:59:00.0281 6544 hcw85cir - ok
    13:59:00.0328 6544 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    13:59:00.0328 6544 HdAudAddService - ok
    13:59:00.0375 6544 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    13:59:00.0375 6544 HDAudBus - ok
    13:59:00.0406 6544 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    13:59:00.0406 6544 HidBatt - ok
    13:59:00.0422 6544 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    13:59:00.0437 6544 HidBth - ok
    13:59:00.0437 6544 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    13:59:00.0453 6544 HidIr - ok
    13:59:00.0468 6544 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    13:59:00.0468 6544 hidserv - ok
    13:59:00.0484 6544 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    13:59:00.0484 6544 HidUsb - ok
    13:59:00.0531 6544 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    13:59:00.0546 6544 hkmsvc - ok
    13:59:00.0593 6544 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    13:59:00.0624 6544 HomeGroupListener - ok
    13:59:00.0671 6544 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    13:59:00.0671 6544 HomeGroupProvider - ok
    13:59:00.0812 6544 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    13:59:00.0827 6544 hpqcxs08 - ok
    13:59:00.0843 6544 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    13:59:00.0843 6544 hpqddsvc - ok
    13:59:00.0890 6544 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    13:59:00.0890 6544 HpSAMD - ok
    13:59:00.0968 6544 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
    13:59:00.0968 6544 HPSLPSVC - ok
    13:59:01.0014 6544 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    13:59:01.0030 6544 HTTP - ok
    13:59:01.0046 6544 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    13:59:01.0046 6544 hwpolicy - ok
    13:59:01.0077 6544 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    13:59:01.0077 6544 i8042prt - ok
    13:59:01.0124 6544 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    13:59:01.0124 6544 iaStorV - ok
    13:59:01.0311 6544 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    13:59:01.0311 6544 idsvc - ok
    13:59:01.0342 6544 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    13:59:01.0342 6544 iirsp - ok
    13:59:01.0404 6544 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    13:59:01.0404 6544 IKEEXT - ok
    13:59:01.0514 6544 IntcAzAudAddService (26407a11d7e222afb7ce32700abbd9d1) C:\Windows\system32\drivers\RTKVHD64.sys
    13:59:01.0529 6544 IntcAzAudAddService - ok
    13:59:01.0654 6544 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    13:59:01.0654 6544 intelide - ok
    13:59:01.0701 6544 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
    13:59:01.0701 6544 intelppm - ok
    13:59:01.0732 6544 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    13:59:01.0732 6544 IPBusEnum - ok
    13:59:01.0763 6544 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    13:59:01.0763 6544 IpFilterDriver - ok
    13:59:01.0794 6544 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    13:59:01.0810 6544 iphlpsvc - ok
    13:59:01.0841 6544 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    13:59:01.0841 6544 IPMIDRV - ok
    13:59:01.0841 6544 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    13:59:01.0857 6544 IPNAT - ok
    13:59:01.0950 6544 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
    13:59:01.0966 6544 iPod Service - ok
    13:59:01.0997 6544 irda (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
    13:59:01.0997 6544 irda - ok
    13:59:02.0013 6544 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    13:59:02.0013 6544 IRENUM - ok
    13:59:02.0044 6544 Irmon (3848384ab383f0a8f506c4370635c1f9) C:\Windows\System32\irmon.dll
    13:59:02.0060 6544 Irmon - ok
    13:59:02.0106 6544 irsir (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys
    13:59:02.0106 6544 irsir - ok
    13:59:02.0138 6544 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    13:59:02.0138 6544 isapnp - ok
    13:59:02.0169 6544 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    13:59:02.0169 6544 iScsiPrt - ok
    13:59:02.0184 6544 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    13:59:02.0184 6544 kbdclass - ok
    13:59:02.0200 6544 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    13:59:02.0200 6544 kbdhid - ok
    13:59:02.0247 6544 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    13:59:02.0247 6544 KeyIso - ok
    13:59:02.0278 6544 KL1 - ok
    13:59:02.0278 6544 kl2 - ok
    13:59:02.0294 6544 KLIF - ok
    13:59:02.0294 6544 klmouflt - ok
    13:59:02.0325 6544 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    13:59:02.0325 6544 KSecDD - ok
    13:59:02.0325 6544 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    13:59:02.0340 6544 KSecPkg - ok
    13:59:02.0340 6544 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    13:59:02.0340 6544 ksthunk - ok
    13:59:02.0403 6544 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    13:59:02.0418 6544 KtmRm - ok
    13:59:02.0481 6544 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    13:59:02.0481 6544 LanmanServer - ok
    13:59:02.0512 6544 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    13:59:02.0528 6544 LanmanWorkstation - ok
    13:59:02.0684 6544 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
    13:59:02.0684 6544 Lavasoft Kernexplorer - ok
    13:59:02.0746 6544 Linksys_adapter_H (584528bf596a54b2bf6be5067adda44a) C:\Windows\system32\DRIVERS\AE2500w764.sys
    13:59:02.0746 6544 Linksys_adapter_H - ok
    13:59:02.0762 6544 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    13:59:02.0777 6544 lltdio - ok
    13:59:02.0824 6544 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    13:59:02.0840 6544 lltdsvc - ok
    13:59:02.0855 6544 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    13:59:02.0855 6544 lmhosts - ok
    13:59:02.0902 6544 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    13:59:02.0902 6544 LSI_FC - ok
    13:59:02.0949 6544 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    13:59:02.0949 6544 LSI_SAS - ok
    13:59:02.0964 6544 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    13:59:02.0964 6544 LSI_SAS2 - ok
    13:59:02.0980 6544 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    13:59:02.0996 6544 LSI_SCSI - ok
    13:59:03.0011 6544 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    13:59:03.0011 6544 luafv - ok
    13:59:03.0058 6544 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    13:59:03.0058 6544 Mcx2Svc - ok
    13:59:03.0074 6544 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    13:59:03.0074 6544 megasas - ok
    13:59:03.0105 6544 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    13:59:03.0105 6544 MegaSR - ok
    13:59:03.0167 6544 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    13:59:03.0183 6544 MMCSS - ok
    13:59:03.0183 6544 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    13:59:03.0183 6544 Modem - ok
    13:59:03.0214 6544 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    13:59:03.0214 6544 monitor - ok
    13:59:03.0230 6544 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    13:59:03.0230 6544 mouclass - ok
    13:59:03.0261 6544 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    13:59:03.0261 6544 mouhid - ok
    13:59:03.0261 6544 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    13:59:03.0276 6544 mountmgr - ok
    13:59:03.0417 6544 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    13:59:03.0417 6544 MozillaMaintenance - ok
    13:59:03.0448 6544 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    13:59:03.0448 6544 mpio - ok
    13:59:03.0464 6544 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    13:59:03.0479 6544 mpsdrv - ok
    13:59:03.0495 6544 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    13:59:03.0526 6544 MpsSvc - ok
    13:59:03.0542 6544 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    13:59:03.0542 6544 MRxDAV - ok
    13:59:03.0588 6544 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    13:59:03.0588 6544 mrxsmb - ok
    13:59:03.0620 6544 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    13:59:03.0635 6544 mrxsmb10 - ok
    13:59:03.0635 6544 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    13:59:03.0635 6544 mrxsmb20 - ok
    13:59:03.0682 6544 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    13:59:03.0682 6544 msahci - ok
    13:59:03.0713 6544 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    13:59:03.0713 6544 msdsm - ok
    13:59:03.0744 6544 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    13:59:03.0744 6544 MSDTC - ok
    13:59:03.0760 6544 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    13:59:03.0760 6544 Msfs - ok
    13:59:03.0776 6544 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    13:59:03.0776 6544 mshidkmdf - ok
    13:59:03.0807 6544 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    13:59:03.0807 6544 msisadrv - ok
    13:59:03.0854 6544 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    13:59:03.0885 6544 MSiSCSI - ok
    13:59:03.0885 6544 msiserver - ok
    13:59:03.0932 6544 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    13:59:03.0932 6544 MSKSSRV - ok
    13:59:03.0963 6544 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    13:59:03.0963 6544 MSPCLOCK - ok
    13:59:04.0010 6544 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    13:59:04.0010 6544 MSPQM - ok
    13:59:04.0041 6544 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    13:59:04.0041 6544 MsRPC - ok
    13:59:04.0056 6544 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    13:59:04.0056 6544 mssmbios - ok
    13:59:04.0134 6544 MSSQL$MSSMLBIZ - ok
    13:59:04.0166 6544 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
    13:59:04.0166 6544 MSSQLServerADHelper - ok
    13:59:04.0181 6544 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    13:59:04.0181 6544 MSTEE - ok
    13:59:04.0212 6544 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    13:59:04.0212 6544 MTConfig - ok
    13:59:04.0244 6544 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    13:59:04.0244 6544 Mup - ok
    13:59:04.0290 6544 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    13:59:04.0306 6544 napagent - ok
    13:59:04.0337 6544 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    13:59:04.0337 6544 NativeWifiP - ok
    13:59:04.0384 6544 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    13:59:04.0400 6544 NDIS - ok
    13:59:04.0431 6544 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    13:59:04.0431 6544 NdisCap - ok
    13:59:04.0446 6544 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    13:59:04.0446 6544 NdisTapi - ok
    13:59:04.0462 6544 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    13:59:04.0478 6544 Ndisuio - ok
    13:59:04.0493 6544 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    13:59:04.0493 6544 NdisWan - ok
    13:59:04.0524 6544 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    13:59:04.0524 6544 NDProxy - ok
    13:59:04.0649 6544 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
    13:59:04.0649 6544 Net Driver HPZ12 - ok
    13:59:04.0665 6544 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    13:59:04.0665 6544 NetBIOS - ok
    13:59:04.0680 6544 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    13:59:04.0696 6544 NetBT - ok
    13:59:04.0727 6544 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    13:59:04.0727 6544 Netlogon - ok
    13:59:04.0790 6544 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    13:59:04.0805 6544 Netman - ok
    13:59:04.0821 6544 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    13:59:04.0836 6544 netprofm - ok
    13:59:04.0992 6544 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    13:59:04.0992 6544 NetTcpPortSharing - ok
    13:59:05.0039 6544 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    13:59:05.0039 6544 nfrd960 - ok
    13:59:05.0195 6544 NitroDriverReadSpool2 (a79d2a51e9743262d35258d515ce773e) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
    13:59:05.0195 6544 NitroDriverReadSpool2 - ok
    13:59:05.0211 6544 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    13:59:05.0226 6544 NlaSvc - ok
    13:59:05.0320 6544 nlsX86cc (fac20f9060ff9c74af0c8a002bb04ae7) C:\Windows\SysWOW64\NLSSRV32.EXE
    13:59:05.0320 6544 nlsX86cc - ok
    13:59:05.0367 6544 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    13:59:05.0367 6544 Npfs - ok
    13:59:05.0414 6544 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    13:59:05.0414 6544 nsi - ok
    13:59:05.0460 6544 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    13:59:05.0460 6544 nsiproxy - ok
    13:59:05.0523 6544 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    13:59:05.0523 6544 Ntfs - ok
    13:59:05.0679 6544 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
    13:59:05.0679 6544 NuidFltr - ok
    13:59:05.0679 6544 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    13:59:05.0679 6544 Null - ok
    13:59:05.0741 6544 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
    13:59:05.0741 6544 NVHDA - ok
    13:59:06.0147 6544 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    13:59:06.0240 6544 nvlddmkm - ok
    13:59:06.0318 6544 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    13:59:06.0318 6544 nvraid - ok
    13:59:06.0365 6544 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
    13:59:06.0365 6544 nvsmu - ok
    13:59:06.0381 6544 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    13:59:06.0396 6544 nvstor - ok
    13:59:06.0474 6544 NVSvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
    13:59:06.0506 6544 NVSvc - ok
    13:59:06.0693 6544 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    13:59:06.0708 6544 nvUpdatusService - ok
    13:59:06.0880 6544 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    13:59:06.0880 6544 nv_agp - ok
    13:59:07.0005 6544 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    13:59:07.0020 6544 odserv - ok
    13:59:07.0036 6544 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    13:59:07.0036 6544 ohci1394 - ok
    13:59:07.0067 6544 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    13:59:07.0067 6544 ose - ok
    13:59:07.0130 6544 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    13:59:07.0145 6544 p2pimsvc - ok
    13:59:07.0176 6544 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    13:59:07.0192 6544 p2psvc - ok
    13:59:07.0208 6544 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
    13:59:07.0208 6544 Parport - ok
    13:59:07.0239 6544 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    13:59:07.0254 6544 partmgr - ok
    13:59:07.0254 6544 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    13:59:07.0286 6544 PcaSvc - ok
    13:59:07.0301 6544 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    13:59:07.0301 6544 pci - ok
    13:59:07.0301 6544 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    13:59:07.0317 6544 pciide - ok
    13:59:07.0332 6544 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    13:59:07.0332 6544 pcmcia - ok
    13:59:07.0364 6544 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    13:59:07.0364 6544 pcw - ok
    13:59:07.0395 6544 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    13:59:07.0395 6544 PEAUTH - ok
    13:59:07.0488 6544 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    13:59:07.0488 6544 PerfHost - ok
    13:59:07.0582 6544 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    13:59:07.0613 6544 pla - ok
    13:59:07.0676 6544 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    13:59:07.0691 6544 PlugPlay - ok
    13:59:07.0754 6544 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
    13:59:07.0754 6544 Pml Driver HPZ12 - ok
    13:59:07.0769 6544 PnkBstrA - ok
    13:59:07.0800 6544 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    13:59:07.0800 6544 PNRPAutoReg - ok
    13:59:07.0847 6544 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    13:59:07.0847 6544 PNRPsvc - ok
    13:59:07.0925 6544 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
    13:59:07.0925 6544 Point64 - ok
    13:59:07.0988 6544 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    13:59:08.0003 6544 PolicyAgent - ok
    13:59:08.0050 6544 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    13:59:08.0066 6544 Power - ok
    13:59:08.0081 6544 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    13:59:08.0081 6544 PptpMiniport - ok
    13:59:08.0112 6544 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    13:59:08.0112 6544 Processor - ok
    13:59:08.0159 6544 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    13:59:08.0175 6544 ProfSvc - ok
    13:59:08.0222 6544 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    13:59:08.0222 6544 ProtectedStorage - ok
    13:59:08.0268 6544 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    13:59:08.0268 6544 Psched - ok
    13:59:08.0331 6544 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
    13:59:08.0331 6544 PxHlpa64 - ok
    13:59:08.0393 6544 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    13:59:08.0409 6544 ql2300 - ok
    13:59:08.0518 6544 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    13:59:08.0518 6544 ql40xx - ok
    13:59:08.0596 6544 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    13:59:08.0612 6544 QWAVE - ok
    13:59:08.0627 6544 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    13:59:08.0627 6544 QWAVEdrv - ok
    13:59:08.0658 6544 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    13:59:08.0658 6544 RasAcd - ok
    13:59:08.0690 6544 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    13:59:08.0690 6544 RasAgileVpn - ok
    13:59:08.0705 6544 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    13:59:08.0721 6544 RasAuto - ok
    13:59:08.0736 6544 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    13:59:08.0736 6544 Rasl2tp - ok
    13:59:08.0768 6544 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    13:59:08.0783 6544 RasMan - ok
    13:59:08.0814 6544 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    13:59:08.0814 6544 RasPppoe - ok
    13:59:08.0830 6544 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    13:59:08.0846 6544 RasSstp - ok
    13:59:08.0861 6544 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    13:59:08.0861 6544 rdbss - ok
    13:59:08.0877 6544 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
    13:59:08.0877 6544 rdpbus - ok
    13:59:08.0908 6544 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    13:59:08.0908 6544 RDPCDD - ok
    13:59:08.0924 6544 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    13:59:08.0924 6544 RDPENCDD - ok
    13:59:08.0939 6544 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    13:59:08.0939 6544 RDPREFMP - ok
    13:59:08.0970 6544 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    13:59:08.0986 6544 RDPWD - ok
    13:59:09.0017 6544 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    13:59:09.0017 6544 rdyboost - ok
    13:59:09.0126 6544 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    13:59:09.0142 6544 RemoteAccess - ok
    13:59:09.0158 6544 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    13:59:09.0158 6544 RemoteRegistry - ok
    13:59:09.0220 6544 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    13:59:09.0220 6544 RpcEptMapper - ok
    13:59:09.0267 6544 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    13:59:09.0267 6544 RpcLocator - ok
    13:59:09.0282 6544 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    13:59:09.0298 6544 RpcSs - ok
    13:59:09.0314 6544 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    13:59:09.0314 6544 rspndr - ok
    13:59:09.0360 6544 rt61x64 (60eb8a87357ca5b088b422d1e55a2405) C:\Windows\system32\DRIVERS\WMP54Gv41x64.sys
    13:59:09.0376 6544 rt61x64 - ok
    13:59:09.0407 6544 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    13:59:09.0407 6544 SamSs - ok
    13:59:09.0438 6544 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    13:59:09.0438 6544 sbp2port - ok
    13:59:09.0485 6544 SBRE - ok
    13:59:09.0501 6544 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    13:59:09.0516 6544 SCardSvr - ok
    13:59:09.0548 6544 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    13:59:09.0548 6544 scfilter - ok
    13:59:09.0579 6544 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    13:59:09.0610 6544 Schedule - ok
    13:59:09.0657 6544 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    13:59:09.0657 6544 SCPolicySvc - ok
    13:59:09.0672 6544 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    13:59:09.0688 6544 SDRSVC - ok
    13:59:09.0719 6544 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    13:59:09.0719 6544 secdrv - ok
    13:59:09.0735 6544 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    13:59:09.0750 6544 seclogon - ok
    13:59:09.0766 6544 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    13:59:09.0766 6544 SENS - ok
    13:59:09.0797 6544 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    13:59:09.0813 6544 SensrSvc - ok
    13:59:09.0860 6544 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    13:59:09.0860 6544 Serenum - ok
    13:59:09.0875 6544 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    13:59:09.0875 6544 Serial - ok
    13:59:09.0906 6544 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    13:59:09.0906 6544 sermouse - ok
    13:59:09.0969 6544 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    13:59:09.0984 6544 SessionEnv - ok
    13:59:10.0000 6544 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    13:59:10.0000 6544 sffdisk - ok
    13:59:10.0016 6544 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    13:59:10.0016 6544 sffp_mmc - ok
    13:59:10.0031 6544 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    13:59:10.0031 6544 sffp_sd - ok
    13:59:10.0047 6544 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    13:59:10.0047 6544 sfloppy - ok
    13:59:10.0094 6544 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    13:59:10.0109 6544 SharedAccess - ok
    13:59:10.0140 6544 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    13:59:10.0156 6544 ShellHWDetection - ok
    13:59:10.0187 6544 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    13:59:10.0187 6544 SiSRaid2 - ok
    13:59:10.0218 6544 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    13:59:10.0218 6544 SiSRaid4 - ok
    13:59:10.0234 6544 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    13:59:10.0234 6544 Smb - ok
    13:59:10.0265 6544 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    13:59:10.0265 6544 SNMPTRAP - ok
    13:59:10.0281 6544 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    13:59:10.0281 6544 spldr - ok
    13:59:10.0312 6544 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    13:59:10.0312 6544 Spooler - ok
    13:59:10.0421 6544 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    13:59:10.0437 6544 sppsvc - ok
    13:59:10.0530 6544 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    13:59:10.0577 6544 sppuinotify - ok
    13:59:10.0702 6544 sptd (d519ad2de7968cd2b47fea807c5b29b2) C:\Windows\System32\Drivers\sptd.sys
    13:59:10.0702 6544 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: d519ad2de7968cd2b47fea807c5b29b2
    13:59:10.0702 6544 sptd ( LockedFile.Multi.Generic ) - warning
    13:59:10.0702 6544 sptd - detected LockedFile.Multi.Generic (1)
    13:59:10.0796 6544 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    13:59:10.0796 6544 SQLBrowser - ok
    13:59:10.0842 6544 SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    13:59:10.0842 6544 SQLWriter - ok
    13:59:10.0905 6544 SRS_SSCFilter (83be26217fd07b3613d151d24aaa9beb) C:\Windows\system32\drivers\srs_sscfilter_amd64.sys
    13:59:10.0905 6544 SRS_SSCFilter - ok
    13:59:10.0952 6544 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    13:59:10.0967 6544 srv - ok
    13:59:10.0983 6544 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    13:59:10.0983 6544 srv2 - ok
    13:59:10.0998 6544 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    13:59:10.0998 6544 srvnet - ok
    13:59:11.0061 6544 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    13:59:11.0061 6544 SSDPSRV - ok
    13:59:11.0076 6544 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    13:59:11.0076 6544 SstpSvc - ok
    13:59:11.0139 6544 Steam Client Service - ok
    13:59:11.0248 6544 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    13:59:11.0248 6544 Stereo Service - ok
    13:59:11.0295 6544 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    13:59:11.0295 6544 stexstor - ok
    13:59:11.0342 6544 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    13:59:11.0357 6544 StillCam - ok
    13:59:11.0404 6544 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    13:59:11.0435 6544 stisvc - ok
    13:59:11.0451 6544 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    13:59:11.0451 6544 swenum - ok
    13:59:11.0513 6544 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    13:59:11.0513 6544 SwitchBoard - ok
    13:59:11.0544 6544 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    13:59:11.0544 6544 swprv - ok
    13:59:11.0607 6544 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    13:59:11.0638 6544 SysMain - ok
    13:59:11.0747 6544 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    13:59:11.0763 6544 TabletInputService - ok
    13:59:11.0778 6544 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    13:59:11.0778 6544 TapiSrv - ok
    13:59:11.0810 6544 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    13:59:11.0810 6544 TBS - ok
    13:59:11.0934 6544 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    13:59:11.0950 6544 Tcpip - ok
    13:59:12.0075 6544 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    13:59:12.0090 6544 TCPIP6 - ok
    13:59:12.0168 6544 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    13:59:12.0168 6544 tcpipreg - ok
    13:59:12.0200 6544 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    13:59:12.0200 6544 TDPIPE - ok
    13:59:12.0246 6544 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    13:59:12.0246 6544 TDTCP - ok
    13:59:12.0278 6544 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    13:59:12.0278 6544 tdx - ok
    13:59:12.0293 6544 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
    13:59:12.0293 6544 TermDD - ok
    13:59:12.0324 6544 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    13:59:12.0356 6544 TermService - ok
    13:59:12.0356 6544 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    13:59:12.0387 6544 Themes - ok
    13:59:12.0418 6544 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    13:59:12.0418 6544 THREADORDER - ok
    13:59:12.0418 6544 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    13:59:12.0434 6544 TrkWks - ok
    13:59:12.0496 6544 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    13:59:12.0512 6544 TrustedInstaller - ok
    13:59:12.0543 6544 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    13:59:12.0543 6544 tssecsrv - ok
    13:59:12.0558 6544 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    13:59:12.0574 6544 TsUsbFlt - ok
    13:59:12.0574 6544 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
    13:59:12.0574 6544 TsUsbGD - ok
    13:59:12.0621 6544 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    13:59:12.0621 6544 tunnel - ok
    13:59:12.0636 6544 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    13:59:12.0636 6544 uagp35 - ok
    13:59:12.0668 6544 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    13:59:12.0683 6544 udfs - ok
    13:59:12.0730 6544 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    13:59:12.0730 6544 UI0Detect - ok
    13:59:12.0761 6544 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    13:59:12.0761 6544 uliagpkx - ok
    13:59:12.0777 6544 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    13:59:12.0777 6544 umbus - ok
    13:59:12.0792 6544 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    13:59:12.0792 6544 UmPass - ok
    13:59:12.0839 6544 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    13:59:12.0839 6544 upnphost - ok
    13:59:12.0886 6544 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    13:59:12.0886 6544 USBAAPL64 - ok
    13:59:12.0933 6544 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    13:59:12.0933 6544 usbccgp - ok
    13:59:12.0964 6544 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    13:59:12.0980 6544 usbcir - ok
    13:59:13.0011 6544 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    13:59:13.0011 6544 usbehci - ok
    13:59:13.0026 6544 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    13:59:13.0026 6544 usbhub - ok
    13:59:13.0058 6544 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    13:59:13.0058 6544 usbohci - ok
    13:59:13.0089 6544 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    13:59:13.0089 6544 usbprint - ok
    13:59:13.0136 6544 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    13:59:13.0136 6544 usbscan - ok
    13:59:13.0167 6544 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    13:59:13.0167 6544 USBSTOR - ok
    13:59:13.0198 6544 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    13:59:13.0198 6544 usbuhci - ok
    13:59:13.0214 6544 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    13:59:13.0214 6544 UxSms - ok
    13:59:13.0260 6544 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    13:59:13.0260 6544 VaultSvc - ok
    13:59:13.0260 6544 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    13:59:13.0260 6544 vdrvroot - ok
    13:59:13.0307 6544 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    13:59:13.0307 6544 vds - ok
    13:59:13.0323 6544 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    13:59:13.0323 6544 vga - ok
    13:59:13.0338 6544 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    13:59:13.0338 6544 VgaSave - ok
    13:59:13.0370 6544 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    13:59:13.0370 6544 vhdmp - ok
    13:59:13.0385 6544 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    13:59:13.0385 6544 viaide - ok
    13:59:13.0401 6544 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    13:59:13.0401 6544 volmgr - ok
    13:59:13.0432 6544 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    13:59:13.0448 6544 volmgrx - ok
    13:59:13.0463 6544 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    13:59:13.0463 6544 volsnap - ok
    13:59:13.0494 6544 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    13:59:13.0494 6544 vsmraid - ok
    13:59:13.0572 6544 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    13:59:13.0572 6544 VSS - ok
    13:59:13.0682 6544 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    13:59:13.0697 6544 vwifibus - ok
    13:59:13.0744 6544 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    13:59:13.0744 6544 vwififlt - ok
    13:59:13.0791 6544 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    13:59:13.0806 6544 W32Time - ok
    13:59:13.0838 6544 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    13:59:13.0838 6544 WacomPen - ok
    13:59:13.0869 6544 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    13:59:13.0869 6544 WANARP - ok
    13:59:13.0884 6544 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    13:59:13.0884 6544 Wanarpv6 - ok
    13:59:13.0931 6544 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    13:59:13.0947 6544 WatAdminSvc - ok
    13:59:14.0009 6544 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    13:59:14.0009 6544 wbengine - ok
    13:59:14.0087 6544 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    13:59:14.0103 6544 WbioSrvc - ok
    13:59:14.0165 6544 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    13:59:14.0181 6544 wcncsvc - ok
    13:59:14.0212 6544 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    13:59:14.0228 6544 WcsPlugInService - ok
    13:59:14.0243 6544 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    13:59:14.0243 6544 Wd - ok
    13:59:14.0274 6544 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    13:59:14.0274 6544 Wdf01000 - ok
    13:59:14.0290 6544 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    13:59:14.0290 6544 WdiServiceHost - ok
    13:59:14.0306 6544 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    13:59:14.0306 6544 WdiSystemHost - ok
    13:59:14.0337 6544 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    13:59:14.0352 6544 WebClient - ok
    13:59:14.0399 6544 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    13:59:14.0415 6544 Wecsvc - ok
    13:59:14.0430 6544 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    13:59:14.0446 6544 wercplsupport - ok
    13:59:14.0462 6544 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    13:59:14.0462 6544 WerSvc - ok
    13:59:14.0540 6544 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    13:59:14.0540 6544 WfpLwf - ok
    13:59:14.0571 6544 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    13:59:14.0571 6544 WIMMount - ok
    13:59:14.0633 6544 WinDefend - ok
    13:59:14.0649 6544 WinHttpAutoProxySvc - ok
    13:59:14.0711 6544 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    13:59:14.0727 6544 Winmgmt - ok
    13:59:14.0820 6544 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    13:59:14.0883 6544 WinRM - ok
    13:59:15.0054 6544 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    13:59:15.0054 6544 WinUsb - ok
    13:59:15.0117 6544 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    13:59:15.0132 6544 Wlansvc - ok
    13:59:15.0226 6544 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    13:59:15.0226 6544 wlcrasvc - ok
    13:59:15.0382 6544 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    13:59:15.0398 6544 wlidsvc - ok
    13:59:15.0460 6544 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    13:59:15.0460 6544 WmiAcpi - ok
    13:59:15.0522 6544 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    13:59:15.0522 6544 wmiApSrv - ok
    13:59:15.0585 6544 WMPNetworkSvc - ok
    13:59:15.0678 6544 wordpressApache (82cb2dfa2a9bab64cb3a0c8b93085611) C:\PROGRA~1\BITNAM~1\apache2\bin\httpd.exe
    13:59:15.0678 6544 wordpressApache - ok
    13:59:15.0897 6544 wordpressMySQL (57541a9ab9366fb63326086aa74aa14c) C:\Program Files\BitNami WordPress Stack\mysql\bin\mysqld.exe
    13:59:15.0944 6544 wordpressMySQL - ok
    13:59:16.0053 6544 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    13:59:16.0068 6544 WPCSvc - ok
    13:59:16.0100 6544 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    13:59:16.0115 6544 WPDBusEnum - ok
    13:59:16.0193 6544 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    13:59:16.0193 6544 ws2ifsl - ok
    13:59:16.0224 6544 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
    13:59:16.0240 6544 wscsvc - ok
    13:59:16.0240 6544 WSearch - ok
    13:59:16.0334 6544 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    13:59:16.0396 6544 wuauserv - ok
    13:59:16.0474 6544 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    13:59:16.0474 6544 WudfPf - ok
    13:59:16.0490 6544 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    13:59:16.0490 6544 WUDFRd - ok
    13:59:16.0505 6544 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    13:59:16.0505 6544 wudfsvc - ok
    13:59:16.0536 6544 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    13:59:16.0583 6544 WwanSvc - ok
    13:59:16.0646 6544 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
    13:59:16.0661 6544 yukonw7 - ok
    13:59:16.0692 6544 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    13:59:16.0880 6544 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    13:59:16.0880 6544 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    13:59:16.0911 6544 Boot (0x1200) (090e8221348536bf8b73adb7e63f4a39) \Device\Harddisk0\DR0\Partition0
    13:59:16.0911 6544 \Device\Harddisk0\DR0\Partition0 - ok
    13:59:16.0911 6544 ============================================================
    13:59:16.0911 6544 Scan finished
    13:59:16.0911 6544 ============================================================
    13:59:16.0926 4664 Detected object count: 3
    13:59:16.0926 4664 Actual detected object count: 3
    13:59:40.0420 4664 c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll - copied to quarantine
    13:59:40.0420 4664 Akamai ( HiddenFile.Multi.Generic ) - User select action: Quarantine
    13:59:40.0748 4664 C:\Windows\System32\Drivers\sptd.sys - copied to quarantine
    13:59:40.0748 4664 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
    13:59:40.0779 4664 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
    13:59:40.0779 4664 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
    13:59:40.0779 4664 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
    13:59:40.0779 4664 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    13:59:40.0779 4664 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    13:59:40.0779 4664 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    13:59:40.0779 4664 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    13:59:40.0779 4664 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    13:59:40.0794 4664 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    13:59:40.0794 4664 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    13:59:40.0794 4664 \Device\Harddisk0\DR0\TDLFS\dkmks.tmp - copied to quarantine
    13:59:40.0794 4664 \Device\Harddisk0\DR0\TDLFS\r.dll - copied to quarantine
    13:59:40.0794 4664 \Device\Harddisk0\DR0\TDLFS\socks.dll - copied to quarantine
    13:59:40.0794 4664 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine
     
  7. norgalis

    norgalis Thread Starter

    Joined:
    Jul 5, 2006
    Messages:
    113
    3 suspicious items were found, do I delete or quarantine them?
     
  8. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    No everything looks good now with the TDSSKiller log. :)
    ---------

    Download Combofix from either of the links below, and save it to your desktop.
    Link 1
    Link 2

    **Note: It is important that it is saved directly to your desktop**
    If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


    --------------------------------------------------------------------

    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    --------------------------------------------------------------------

    Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt for further review.
     
  9. norgalis

    norgalis Thread Starter

    Joined:
    Jul 5, 2006
    Messages:
    113
    Yes sir, here it is!

    ComboFix 12-06-28.03 - Owner 06/30/2012 0:10.1.3 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2522 [GMT -7:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\users\Owner\AppData\Local\assembly\tmp
    c:\users\Owner\g2mdlhlpx.exe
    c:\users\Owner\GoToAssistDownloadHelper.exe
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\pthreadVC.dll
    c:\windows\SysWow64\WanPacket.dll
    c:\windows\SysWow64\wpcap.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-29 18:23 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE0073EE-8375-4CB4-857B-FFCC8731DD8C}\mpengine.dll
    2012-06-28 20:59 . 2012-06-28 20:59 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-06-28 19:08 . 2012-06-28 19:08 -------- d-----w- c:\programdata\GFI Software
    2012-06-25 17:41 . 2012-06-26 00:50 -------- d-----w- c:\program files\Core Temp
    2012-06-23 20:33 . 2012-06-23 20:33 -------- d-----w- c:\users\Owner\AppData\Local\Macromedia
    2012-06-22 17:47 . 2012-06-22 17:47 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-06-22 17:47 . 2012-06-22 17:47 -------- d-----w- c:\program files (x86)\Trend Micro
    2012-06-21 01:16 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 01:16 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 01:16 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 01:16 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 01:15 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-21 01:15 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-21 01:15 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 01:15 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 01:15 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-17 23:50 . 2012-06-28 19:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-06-17 23:50 . 2012-06-28 19:04 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2012-06-14 20:58 . 2012-06-14 20:58 -------- d-----w- c:\users\Owner\AppData\Local\adawarebp
    2012-06-14 04:54 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-14 04:54 . 2012-04-20 04:57 525312 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
    2012-06-14 04:54 . 2012-04-20 05:42 505344 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
    2012-06-14 04:52 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-14 04:52 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-14 04:52 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-14 04:52 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-14 04:52 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-14 04:52 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
    2012-06-14 04:52 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2012-06-14 04:52 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-14 04:52 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-14 04:52 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-14 04:52 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-06-14 04:52 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-06-14 04:52 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-06-11 21:55 . 2012-06-28 23:50 -------- d-----w- c:\users\Owner\AppData\Local\Spotify
    2012-06-11 21:54 . 2012-06-29 17:23 -------- d-----w- c:\users\Owner\AppData\Roaming\Spotify
    2012-06-11 01:50 . 2012-06-11 01:50 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-11 01:50 . 2012-06-11 01:50 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-23 03:03 . 2012-03-31 20:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-23 03:03 . 2011-05-15 21:56 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
    "Spotify Web Helper"="c:\users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-28 1192664]
    "Spotify"="c:\users\Owner\AppData\Roaming\Spotify\spotify.exe" [2012-06-28 7609560]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29 136176]
    R2 wordpressMySQL;wordpressMySQL;c:\program files\BitNami WordPress Stack\mysql\bin\mysqld.exe [2011-02-12 6107136]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29 136176]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-01-08 17152]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    R3 rt61x64;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x64.sys [2010-04-07 446304]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-07 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2011-11-02 341280]
    S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-11-02 68896]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
    S2 wordpressApache;wordpressApache;c:\progra~1\BITNAM~1\apache2\bin\httpd.exe [2011-05-20 20549]
    S3 ALSysIO;ALSysIO;c:\users\Owner\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys [2011-03-29 1254464]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    Akamai REG_MULTI_SZ Akamai
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
    2010-11-21 03:24 302592 ----a-w- c:\windows\System32\cmd.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 03:03]
    .
    2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29 21:03]
    .
    2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29 21:03]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://idp.socal.safemls.net/idp/Authn/UserPassword
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wbhqclo9.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.wikipedia.org/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&q=
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-SRS Audio Sandbox - c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-368456794-1414431617-1097662150-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-06-30 00:21:41
    ComboFix-quarantined-files.txt 2012-06-30 07:21
    ComboFix2.txt 2011-05-05 03:01
    ComboFix3.txt 2011-04-01 06:44
    ComboFix4.txt 2009-02-25 08:54
    ComboFix5.txt 2012-06-30 07:07
    .
    Pre-Run: 44,787,507,200 bytes free
    Post-Run: 47,380,828,160 bytes free
    .
    - - End Of File - - D8F2FBCCAB3675AC5CF9861510484B49
     
  10. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,
    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
      Code:
      ClearJavaCache::
      
      DDS::
      uStart Page = hxxp://idp.socal.safemls.net/idp/Authn/UserPassword
      uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
      TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
      TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
      
      Firefox::
      FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wbhqclo9.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - prefs.js: browser.startup.homepage - hxxp://www.wikipedia.org/
      FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&q=
      
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

      [​IMG]
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    ----------
     
  11. norgalis

    norgalis Thread Starter

    Joined:
    Jul 5, 2006
    Messages:
    113
    Here it is, sir. Thank you.

    ComboFix 12-06-28.03 - Owner 06/30/2012 17:39:38.2.3 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2115 [GMT -7:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    Command switches used :: c:\users\Owner\Desktop\CFScript.txt
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-01 00:46 . 2012-07-01 00:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-07-01 00:46 . 2012-07-01 00:46 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-07-01 00:46 . 2012-07-01 00:46 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-30 07:16 . 2012-06-30 07:16 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE0073EE-8375-4CB4-857B-FFCC8731DD8C}\offreg.dll
    2012-06-29 18:23 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE0073EE-8375-4CB4-857B-FFCC8731DD8C}\mpengine.dll
    2012-06-28 20:59 . 2012-06-28 20:59 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-06-28 19:08 . 2012-06-28 19:08 -------- d-----w- c:\programdata\GFI Software
    2012-06-25 17:41 . 2012-06-26 00:50 -------- d-----w- c:\program files\Core Temp
    2012-06-23 20:33 . 2012-06-23 20:33 -------- d-----w- c:\users\Owner\AppData\Local\Macromedia
    2012-06-22 17:47 . 2012-06-22 17:47 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-06-22 17:47 . 2012-06-22 17:47 -------- d-----w- c:\program files (x86)\Trend Micro
    2012-06-21 01:16 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 01:16 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 01:16 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 01:16 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 01:15 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-21 01:15 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-21 01:15 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 01:15 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 01:15 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-17 23:50 . 2012-06-28 19:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-06-17 23:50 . 2012-06-28 19:04 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2012-06-14 20:58 . 2012-06-14 20:58 -------- d-----w- c:\users\Owner\AppData\Local\adawarebp
    2012-06-14 04:54 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-14 04:54 . 2012-04-20 04:57 525312 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
    2012-06-14 04:54 . 2012-04-20 05:42 505344 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
    2012-06-14 04:52 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-14 04:52 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-14 04:52 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-14 04:52 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-14 04:52 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-14 04:52 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
    2012-06-14 04:52 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2012-06-14 04:52 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-14 04:52 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-14 04:52 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-14 04:52 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-06-14 04:52 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-06-14 04:52 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-06-11 21:55 . 2012-06-28 23:50 -------- d-----w- c:\users\Owner\AppData\Local\Spotify
    2012-06-11 21:54 . 2012-06-29 17:23 -------- d-----w- c:\users\Owner\AppData\Roaming\Spotify
    2012-06-11 01:50 . 2012-06-11 01:50 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-11 01:50 . 2012-06-11 01:50 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-23 03:03 . 2012-03-31 20:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-23 03:03 . 2011-05-15 21:56 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-06-30_07.18.50 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2011-05-07 20:47 . 2012-06-29 18:22 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-05-07 20:47 . 2012-06-30 12:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-05-07 20:47 . 2012-06-30 12:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-05-07 20:47 . 2012-06-29 18:22 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-06-29 18:22 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-06-30 12:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-05-07 22:04 . 2012-07-01 00:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-05-07 22:04 . 2012-06-30 07:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-05-07 22:04 . 2012-07-01 00:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-05-07 22:04 . 2012-06-30 07:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
    "Spotify Web Helper"="c:\users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-28 1192664]
    "Spotify"="c:\users\Owner\AppData\Roaming\Spotify\spotify.exe" [2012-06-28 7609560]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29 136176]
    R2 wordpressMySQL;wordpressMySQL;c:\program files\BitNami WordPress Stack\mysql\bin\mysqld.exe [2011-02-12 6107136]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29 136176]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-01-08 17152]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    R3 rt61x64;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x64.sys [2010-04-07 446304]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-07 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2011-11-02 341280]
    S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-11-02 68896]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
    S2 wordpressApache;wordpressApache;c:\progra~1\BITNAM~1\apache2\bin\httpd.exe [2011-05-20 20549]
    S3 ALSysIO;ALSysIO;c:\users\Owner\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys [2011-03-29 1254464]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    Akamai REG_MULTI_SZ Akamai
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
    2010-11-21 03:24 302592 ----a-w- c:\windows\System32\cmd.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 03:03]
    .
    2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29 21:03]
    .
    2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29 21:03]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wbhqclo9.default\
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-368456794-1414431617-1097662150-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-06-30 17:48:32
    ComboFix-quarantined-files.txt 2012-07-01 00:48
    ComboFix2.txt 2012-06-30 07:21
    ComboFix3.txt 2011-05-05 03:01
    ComboFix4.txt 2011-04-01 06:44
    ComboFix5.txt 2012-07-01 00:37
    .
    Pre-Run: 46,649,716,736 bytes free
    Post-Run: 46,377,558,016 bytes free
    .
    - - End Of File - - 6F894CF556BCBB7850F2B347C7DD3D84
     
  12. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

      [​IMG]
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.


    The log can also be found here:
    C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    ----------

    Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
    ----------
     
  13. norgalis

    norgalis Thread Starter

    Joined:
    Jul 5, 2006
    Messages:
    113
    Here's the MALWB log. I ran the online scanner (which found 7 items), but found that it didn't seem to create a folder under program files. I'm running the scanner again, I hope it does this time.

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.07.01.07
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Owner :: OWNER-PC [administrator]
    Protection: Enabled
    7/1/2012 11:33:20 AM
    mbam-log-2012-07-01 (11-33-20).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 256298
    Time elapsed: 3 minute(s), 6 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Users\Owner\Downloads\coretemp_1236.exe (PUP.BundleInstaller.IQ) -> Quarantined and deleted successfully.
    (end)
     
  14. norgalis

    norgalis Thread Starter

    Joined:
    Jul 5, 2006
    Messages:
    113
    It's currently scanning, but I found this - is this it?

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK
    esets_scanner_update returned -1 esets_gle=53251
     
  15. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    There should be a log created when it is complete if there is an infection found.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1058149