Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer Opens by itself.


  • This topic is locked This topic is locked
18 replies to this topic

#1 Paradoxx

Paradoxx

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 04 February 2012 - 11:23 PM

Hello technicians at Bleeping Computer. I have a problem I have been trying to fix but to no avail! At random, internet explorer will magically pop open without any doing on my part. It does not display any malicious sites just the MSN homepage. It does not do it constantly but, when it does occur, it will open like 3 or 4 of them. Also, I do not use Internet Explorer. I use firefox and chrome. I have tried numerous ad-ware and spyware scans but nothing has come up! I'd appreciate it if you folks could help me vanquish this menace! :)







.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Mw3 at 19:58:27 on 2012-02-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3559.1958 [GMT -8:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{94812007-AAFD-416A-BFD1-C831F87DC885} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{94812007-AAFD-416A-BFD1-C831F87DC885}\162736F57657563747 : DhcpNameServer = 165.196.111.200 165.196.14.200
TCP: Interfaces\{94812007-AAFD-416A-BFD1-C831F87DC885}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{94812007-AAFD-416A-BFD1-C831F87DC885}\E656564757 : DhcpNameServer = 10.0.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mw3\AppData\Roaming\Mozilla\Firefox\Profiles\nelydiei.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2012-1-23 1157240]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120203.002\IDSviA64.sys [2012-2-3 488568]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-31 652360]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [2011-10-19 130008]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-29 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-4-7 294328]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-3 138360]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-15 136176]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-15 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RTSUVSTOR.sys --> C:\windows\system32\Drivers\RTSUVSTOR.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 tepsrv;Tracks Eraser Service;C:\Program Files (x86)\Acesoft\Tracks Eraser Pro\tepsrv.exe [2012-2-4 32768]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-7-15 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-4-5 828336]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-04 23:19:33 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-02-04 08:26:01 277504 ----a-w- C:\windows\SysWow64\oestore.dll
2012-02-04 08:26:01 224016 ----a-w- C:\windows\SysWow64\TabCtl32.ocx
2012-02-04 08:26:01 132880 ----a-w- C:\windows\SysWow64\msinet.ocx
2012-02-04 08:26:01 -------- d-----w- C:\Program Files (x86)\Acesoft
2012-02-04 05:16:14 -------- d-----w- C:\Users\Mw3\AppData\Roaming\TweakNow RegCleaner 2011
2012-02-04 05:16:14 -------- d-----w- C:\Program Files (x86)\TweakNow RegCleaner 2011
2012-02-04 03:10:55 -------- d-----w- C:\Users\Mw3\AppData\Local\{FC4B2B48-C179-4A7D-B6BB-CC8B152593F3}
2012-02-04 03:10:36 -------- d-----w- C:\Users\Mw3\AppData\Local\{E874D937-360C-44A2-977C-1C4E086FCF19}
2012-02-04 03:10:24 -------- d-----w- C:\Users\Mw3\AppData\Local\{DBE76318-08E4-49CA-AF68-589A9AC2412E}
2012-02-03 14:33:07 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2EB6642F-7A3C-4560-A482-05C420CF7F81}\mpengine.dll
2012-02-03 14:28:53 -------- d-----w- C:\Users\Mw3\AppData\Local\{8FAF0AC8-EA13-4BDF-BB32-45230270E296}
2012-02-03 14:28:42 -------- d-----w- C:\Users\Mw3\AppData\Local\{BCE2DFA5-86C0-4D4A-9CE4-809F3C003AC7}
2012-02-03 14:28:32 -------- d-----w- C:\Users\Mw3\AppData\Local\{8A6539AE-E356-4890-BCB3-7E7FD46FAF0F}
2012-02-03 14:27:41 -------- d-----w- C:\Users\Mw3\AppData\Local\{B237B5EA-8E4B-4324-939B-D6B0C15FFC01}
2012-02-03 13:24:37 -------- d-----w- C:\Users\Mw3\AppData\Local\ElevatedDiagnostics
2012-02-02 18:46:29 -------- d-----w- C:\Users\Mw3\AppData\Local\{C2ECBCAB-BE64-4770-95A0-869D29EE1194}
2012-02-02 05:01:50 -------- d-----w- C:\Users\Mw3\AppData\Local\{0B04F2D6-389D-43E7-80B6-7E69C38382C6}
2012-02-02 05:01:38 -------- d-----w- C:\Users\Mw3\AppData\Local\{724547FA-89A2-4DD5-B25C-450A84F6B63D}
2012-02-01 06:52:00 -------- d-----w- C:\Users\Mw3\AppData\Local\{F45F88FD-C182-46DA-BF98-CDBE0CBBE0CF}
2012-02-01 06:51:48 -------- d-----w- C:\Users\Mw3\AppData\Local\{AA64D666-00E1-4060-981D-E457A77A5C8C}
2012-01-31 18:51:20 -------- d-----w- C:\Users\Mw3\AppData\Local\{9B915726-CBD9-43CB-94F0-6D381868F3FF}
2012-01-31 04:53:43 -------- d-----w- C:\Users\Mw3\AppData\Local\{246B9AD5-9608-4F6B-B306-B0687F5B4BBF}
2012-01-31 04:53:34 -------- d-----w- C:\Users\Mw3\AppData\Local\{ACA353E6-4D46-4F05-8D6F-825EFB96EB01}
2012-01-30 16:52:50 -------- d-----w- C:\Users\Mw3\AppData\Local\{7BE63617-3F86-4BF1-9BE0-139AA612CA7E}
2012-01-30 16:52:40 -------- d-----w- C:\Users\Mw3\AppData\Local\{0BF235CB-F9CB-4421-B60A-361C6930337B}
2012-01-30 16:52:30 -------- d-----w- C:\Users\Mw3\AppData\Local\{D2BE59DC-40E4-46FD-8681-C0353739E1A6}
2012-01-30 16:52:18 -------- d-----w- C:\Users\Mw3\AppData\Local\{F6C04A13-F4EA-4DCD-894E-F1E9C4D618C8}
2012-01-30 04:34:03 -------- d-----w- C:\Users\Mw3\AppData\Local\{01047F9F-04B1-4467-AD9D-5CB06B7D1ED8}
2012-01-30 04:33:53 -------- d-----w- C:\Users\Mw3\AppData\Local\{6D5BA23A-A359-403B-AF72-5412B30A24B2}
2012-01-29 16:01:49 -------- d-----w- C:\Users\Mw3\AppData\Local\{03688BE1-99E6-4C7A-9BE9-28FDE4CA9987}
2012-01-29 04:00:54 -------- d-----w- C:\Users\Mw3\AppData\Local\{E2E36FD7-336E-4544-BEDA-D36DBC413376}
2012-01-29 04:00:44 -------- d-----w- C:\Users\Mw3\AppData\Local\{B9956125-38C5-44EB-A100-8F7CFC4F6FF2}
2012-01-29 04:00:34 -------- d-----w- C:\Users\Mw3\AppData\Local\{A543EE7D-0E43-4713-9715-4223AF8F8B94}
2012-01-29 04:00:12 -------- d-----w- C:\Users\Mw3\AppData\Local\{810B749A-D138-4DCD-9C16-FF6BD1B99382}
2012-01-28 15:59:47 -------- d-----w- C:\Users\Mw3\AppData\Local\{0829C0AA-43EA-4F69-81CC-502546480F4B}
2012-01-27 14:44:19 -------- d-----w- C:\Users\Mw3\AppData\Local\{FB3B95D4-B4DB-4C3D-A39B-C2668C80B9BF}
2012-01-27 02:43:40 -------- d-----w- C:\Users\Mw3\AppData\Local\{52F882BE-E849-41A7-BF03-7C6025957520}
2012-01-26 13:45:09 -------- d-----w- C:\Users\Mw3\AppData\Local\{97907E2B-945D-4908-9456-19D7424673B0}
2012-01-26 13:44:59 -------- d-----w- C:\Users\Mw3\AppData\Local\{9A43D231-3569-40AE-940D-387240674F9C}
2012-01-26 01:03:25 -------- d-----w- C:\Users\Mw3\AppData\Local\{B9964C7E-74D6-44B0-ADD7-314BE55C0FD4}
2012-01-26 01:03:15 -------- d-----w- C:\Users\Mw3\AppData\Local\{A017EE5B-E406-40E0-A686-D15ABD066B7F}
2012-01-26 01:03:04 -------- d-----w- C:\Users\Mw3\AppData\Local\{A24315C3-B6F8-4C15-95EC-321BDB0280CF}
2012-01-26 01:01:48 -------- d-----w- C:\Users\Mw3\AppData\Local\{58823A05-4E3E-4689-A852-62DED3FBB424}
2012-01-25 07:01:39 -------- d-----w- C:\Users\Mw3\AppData\Local\{6B55EC1E-4A8C-47B5-BE38-6CC21806C784}
2012-01-24 06:38:06 -------- d-----w- C:\Users\Mw3\AppData\Local\{568BB35F-8B4A-49A2-AD52-B915C48F87AA}
2012-01-23 18:37:27 -------- d-----w- C:\Users\Mw3\AppData\Local\{D5970F79-3D86-4E8D-B8B6-A1605082F10E}
2012-01-23 06:36:45 -------- d-----w- C:\Users\Mw3\AppData\Local\{8BBB434D-DCA7-4EBC-9EDA-40E0E51A2771}
2012-01-22 06:35:21 -------- d-----w- C:\Users\Mw3\AppData\Local\{496D71C4-9D89-4DE6-B267-AA512BDEF560}
2012-01-21 18:34:37 -------- d-----w- C:\Users\Mw3\AppData\Local\{28FE5FD2-31D6-4F35-A3FA-592A58CB1FDC}
2012-01-21 12:30:59 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-21 12:30:59 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-21 12:30:58 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-21 12:30:58 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-21 06:33:55 -------- d-----w- C:\Users\Mw3\AppData\Local\{581ADCBB-6C27-4ED2-A228-8BFF0A50F898}
2012-01-20 18:33:10 -------- d-----w- C:\Users\Mw3\AppData\Local\{FD34F25E-4F9F-4FAA-BFF4-F79527937CB4}
2012-01-20 06:32:28 -------- d-----w- C:\Users\Mw3\AppData\Local\{8D3B8EB8-9382-4B0A-B75A-06C63E7CD92C}
2012-01-19 03:42:32 -------- d-----w- C:\Users\Mw3\AppData\Local\{F87A8782-729A-421F-AA24-CFEFC16F6B7A}
2012-01-18 15:42:06 -------- d-----w- C:\Users\Mw3\AppData\Local\{3267FA3C-367F-41D3-82D8-1F5571D07EF5}
2012-01-16 23:50:28 -------- d-----w- C:\Users\Mw3\AppData\Local\{BE2574C4-E34C-4705-A311-95849A951776}
2012-01-16 10:30:09 -------- d-----w- C:\Users\Mw3\AppData\Local\{DB6F97B9-BE48-4DE9-9BA6-200B17F83F83}
2012-01-15 22:29:30 -------- d-----w- C:\Users\Mw3\AppData\Local\{D652EF03-8493-469E-86D8-3ADA48EBD14E}
2012-01-15 09:54:08 -------- d-----w- C:\Users\Mw3\AppData\Local\{96C8E915-BAB0-4888-A290-73DC270E7698}
2012-01-14 21:53:24 -------- d-----w- C:\Users\Mw3\AppData\Local\{DF38D73D-E86D-4B6D-A569-36E9544BCEAF}
2012-01-14 21:53:15 -------- d-----w- C:\Users\Mw3\AppData\Local\{859C9998-F22F-48B1-A67A-B62E1C703A6D}
2012-01-14 08:00:09 -------- d-----w- C:\Users\Mw3\AppData\Local\{B3E48932-EE25-4453-8C20-2D1B5AD90F69}
2012-01-13 19:59:12 -------- d-----w- C:\Users\Mw3\AppData\Local\{ACFFB601-C6CC-48A8-B940-24504AD12109}
2012-01-13 19:59:02 -------- d-----w- C:\Users\Mw3\AppData\Local\{0351997A-5C8C-4DC6-BD86-5281B2DD7307}
2012-01-13 19:58:52 -------- d-----w- C:\Users\Mw3\AppData\Local\{DC7E0592-E02D-4483-84D6-EB82F3C6674A}
2012-01-13 19:58:29 -------- d-----w- C:\Users\Mw3\AppData\Local\{C480FDA9-A0F9-4D50-BCA3-EA3C7A69BEDE}
2012-01-13 07:57:58 -------- d-----w- C:\Users\Mw3\AppData\Local\{362D53C9-A526-40C9-9214-4CD8655A0FD6}
2012-01-12 19:57:18 -------- d-----w- C:\Users\Mw3\AppData\Local\{D30B765B-BA7F-458F-932F-4F4F5AB8B3A3}
2012-01-12 05:46:58 -------- d-----w- C:\Users\Mw3\AppData\Local\{FB8B4095-1AA0-4DC0-8327-9FF4BA488819}
2012-01-11 05:45:41 -------- d-----w- C:\Users\Mw3\AppData\Local\{A39257A1-1824-4F24-B02F-A3FD846255FF}
2012-01-10 17:45:01 -------- d-----w- C:\Users\Mw3\AppData\Local\{A8829882-2D7C-4B56-8CAF-D0FBF7D2AAFD}
2012-01-10 17:43:51 -------- d-----w- C:\Users\Mw3\AppData\Local\{720AEDA8-4F13-4516-8B0F-6BFE32A5E1ED}
2012-01-10 12:41:58 388096 ----a-r- C:\Users\Mw3\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-10 10:58:36 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-01-10 01:39:02 -------- d-----w- C:\Users\Mw3\AppData\Local\{A81A82E4-F584-47A0-B5DB-5358FB30CBF3}
2012-01-10 01:38:52 -------- d-----w- C:\Users\Mw3\AppData\Local\{A5E86CDF-0FEA-40BE-92F7-FF61745B79FB}
2012-01-09 10:51:10 -------- d-----w- C:\Users\Mw3\AppData\Local\{EC27CABB-3DE9-486A-8D72-1C7E22548BF4}
2012-01-09 10:51:00 -------- d-----w- C:\Users\Mw3\AppData\Local\{8C171674-828F-4436-B6D8-FE0C732F03B1}
2012-01-08 22:50:16 -------- d-----w- C:\Users\Mw3\AppData\Local\{A4C16AED-2E4B-4250-8F28-127CF1400686}
2012-01-08 22:50:05 -------- d-----w- C:\Users\Mw3\AppData\Local\{07BCCFDF-65BE-496D-8FF0-B5F91113E19B}
2012-01-08 22:49:55 -------- d-----w- C:\Users\Mw3\AppData\Local\{305F9B89-9CA9-428C-AE4B-6EF742F42CB2}
2012-01-08 22:49:42 -------- d-----w- C:\Users\Mw3\AppData\Local\{57EF28EF-8206-4CF1-937D-BCF0DEF736BE}
2012-01-08 10:04:27 -------- d-----w- C:\Users\Mw3\AppData\Local\{C174943F-D18F-4DDD-B3E1-2EA537190B68}
2012-01-08 07:28:17 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-01-08 07:26:09 230952 ----a-w- C:\windows\System32\drivers\PCTSD64.sys
2012-01-08 07:26:09 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-01-08 07:25:50 -------- d-----w- C:\ProgramData\PC Tools
2012-01-08 07:25:49 -------- d-----w- C:\Users\Mw3\AppData\Roaming\TestApp
2012-01-08 06:52:47 118784 ----a-w- C:\windows\SysWow64\MSSTDFMT.DLL
2012-01-08 06:52:47 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2012-01-07 22:03:59 -------- d-----w- C:\Users\Mw3\AppData\Local\{F6D329A4-A8CF-4203-86B2-15AD73C61A7A}
2012-01-07 08:24:02 -------- d-----w- C:\Users\Mw3\AppData\Local\{FD3618F4-1C4F-41F9-A4E3-113B4CF48228}
2012-01-07 08:23:52 -------- d-----w- C:\Users\Mw3\AppData\Local\{BCBDD0CE-93B2-4B82-9247-E1AA83B665E1}
2012-01-06 17:15:23 -------- d-----w- C:\Users\Mw3\AppData\Local\{B5B9E9F2-AFBF-4477-96FF-15D69F66A5ED}
2012-01-06 17:15:13 -------- d-----w- C:\Users\Mw3\AppData\Local\{5FF66AAC-54C3-4336-A500-066139400530}
2012-01-06 04:17:24 -------- d-----w- C:\Users\Mw3\AppData\Local\{7276A325-2854-4AB1-9569-5A751ADA77BC}
2012-01-06 04:17:14 -------- d-----w- C:\Users\Mw3\AppData\Local\{A9805B81-AAEB-4019-9734-3C39245A3C81}
.
==================== Find3M ====================
.
2012-01-27 08:52:58 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-01-10 10:34:38 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 23:24:08 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-11-24 04:52:09 3145216 ----a-w- C:\windows\System32\win32k.sys
2011-11-19 14:58:00 77312 ----a-w- C:\windows\System32\packager.dll
2011-11-19 14:01:00 67072 ----a-w- C:\windows\SysWow64\packager.dll
2011-11-17 06:49:14 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\windows\System32\drivers\cng.sys
2011-11-17 06:41:18 1731920 ----a-w- C:\windows\System32\ntdll.dll
2011-11-17 06:35:28 395776 ----a-w- C:\windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\windows\System32\lsass.exe
2011-11-17 05:38:39 1292080 ----a-w- C:\windows\SysWow64\ntdll.dll
2011-11-17 05:35:02 314880 ----a-w- C:\windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2011-11-10 13:54:13 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
.
============= FINISH: 19:59:24.34 ===============

Attached Files


Edited by Paradoxx, 05 February 2012 - 12:16 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:48 PM

Posted 05 February 2012 - 01:05 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Paradoxx

Paradoxx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 05 February 2012 - 02:45 AM

Sorry for the delay. Did not expect such a steadfast response with the heavy traffic and all. Ok, so I ran Combofix successfully ( No problems occurred.) As of now, I am having no troubles but Internet explorer would open pretty sporadically so I'm not sure of the final results. If need be, you can close the thread and I could re post if the problem does occur again.


Edit: Ok it did it Again!!!! Thought Combofix would Work. This bugger is a persistent one.

HERE IS THE LOG.


ComboFix 12-02-05.01 - Mw3 02/04/2012 23:13:20.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3559.2353 [GMT -8:00]
Running from: c:\users\Mw3\Downloads\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-05 to 2012-02-05 )))))))))))))))))))))))))))))))
.
.
2012-02-05 07:19 . 2012-02-05 07:19 -------- d-----w- c:\users\Mcx1-MW3-PC\AppData\Local\temp
2012-02-05 07:19 . 2012-02-05 07:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-05 07:00 . 2012-02-05 07:21 -------- d-----w- C:\32788R22FWJFW
2012-02-05 04:58 . 2012-02-05 04:58 -------- d-----w- c:\users\Mw3\AppData\Local\Toshiba Corporation
2012-02-05 04:13 . 2012-02-05 04:13 -------- d-----w- c:\users\Mw3\AppData\Local\Adobe
2012-02-04 23:19 . 2012-02-04 23:19 -------- d-----w- c:\programdata\Kaspersky Lab
2012-02-04 09:44 . 2012-02-04 09:44 -------- d-----w- c:\users\CaLB
2012-02-04 05:16 . 2012-02-04 07:50 -------- d-----w- c:\program files (x86)\TweakNow RegCleaner 2011
2012-02-04 05:16 . 2012-02-04 05:16 -------- d-----w- c:\users\Mw3\AppData\Roaming\TweakNow RegCleaner 2011
2012-02-03 14:33 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2EB6642F-7A3C-4560-A482-05C420CF7F81}\mpengine.dll
2012-02-03 13:24 . 2012-02-03 13:24 -------- d-----w- c:\users\Mw3\AppData\Local\ElevatedDiagnostics
2012-01-21 12:30 . 2012-01-21 12:30 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-21 12:30 . 2012-01-21 12:30 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-21 12:30 . 2012-01-21 12:30 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-21 12:30 . 2012-01-21 12:30 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-10 19:57 . 2012-01-10 19:57 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-01-10 12:41 . 2012-01-10 12:41 388096 ----a-r- c:\users\Mw3\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-08 07:28 . 2012-02-04 22:53 -------- d-----w- c:\program files (x86)\PC Tools
2012-01-08 07:26 . 2012-02-04 22:53 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-01-08 07:26 . 2012-01-12 00:19 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-01-08 07:25 . 2012-02-04 22:52 -------- d-----w- c:\programdata\PC Tools
2012-01-08 07:25 . 2012-01-08 07:25 -------- d-----w- c:\users\Mw3\AppData\Roaming\TestApp
2012-01-08 06:52 . 2012-02-03 18:17 -------- d-----w- c:\program files (x86)\SpywareBlaster
2012-01-08 06:52 . 2010-01-11 03:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 08:52 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-10 10:34 . 2011-09-27 01:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-18 23:45 . 2011-09-22 06:42 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-10 23:24 . 2011-10-15 16:38 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 02:22 . 2011-10-30 19:56 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-24 04:52 . 2011-12-14 03:00 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 13:54 . 2011-04-29 05:09 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-09 03:06 . 2011-09-22 06:42 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-11-09 03:05 . 2011-09-22 06:42 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-11-09 03:05 . 2011-09-22 06:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-04-06 828336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2011-12-01 1157240]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120203.002\IDSvia64.sys [2011-12-15 488568]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 17:50]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 17:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Mw3\AppData\Roaming\Mozilla\Firefox\Profiles\nelydiei.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-02-04 23:26:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-05 07:26
.
Pre-Run: 268,607,598,592 bytes free
Post-Run: 268,451,946,496 bytes free
.
- - End Of File - - E75EBC1B71D9F1ECB93A45BE7ADE4D8F

Edited by Paradoxx, 05 February 2012 - 03:15 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:48 PM

Posted 05 February 2012 - 03:17 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Paradoxx

Paradoxx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 05 February 2012 - 03:36 AM

Thank you for response. I did the scan but no Malicious or suspected items were detected. This is confusing my good man!!!


HERE IS THE LOG



00:22:36.0598 3300 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
00:22:38.0610 3300 ============================================================
00:22:38.0610 3300 Current date / time: 2012/02/05 00:22:38.0610
00:22:38.0610 3300 SystemInfo:
00:22:38.0610 3300
00:22:38.0610 3300 OS Version: 6.1.7601 ServicePack: 1.0
00:22:38.0610 3300 Product type: Workstation
00:22:38.0610 3300 ComputerName: MW3-PC
00:22:38.0610 3300 UserName: Mw3
00:22:38.0610 3300 Windows directory: C:\windows
00:22:38.0610 3300 System windows directory: C:\windows
00:22:38.0610 3300 Running under WOW64
00:22:38.0610 3300 Processor architecture: Intel x64
00:22:38.0610 3300 Number of processors: 4
00:22:38.0610 3300 Page size: 0x1000
00:22:38.0610 3300 Boot type: Normal boot
00:22:38.0610 3300 ============================================================
00:22:40.0607 3300 Initialize success
00:24:19.0034 3064 ============================================================
00:24:19.0034 3064 Scan started
00:24:19.0034 3064 Mode: Manual;
00:24:19.0034 3064 ============================================================
00:24:19.0440 3064 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
00:24:19.0440 3064 1394ohci - ok
00:24:19.0549 3064 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
00:24:19.0564 3064 ACPI - ok
00:24:19.0689 3064 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
00:24:19.0689 3064 AcpiPmi - ok
00:24:19.0798 3064 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
00:24:19.0814 3064 adp94xx - ok
00:24:19.0923 3064 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
00:24:19.0939 3064 adpahci - ok
00:24:20.0048 3064 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
00:24:20.0048 3064 adpu320 - ok
00:24:20.0188 3064 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
00:24:20.0204 3064 AFD - ok
00:24:20.0329 3064 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
00:24:20.0329 3064 agp440 - ok
00:24:20.0422 3064 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
00:24:20.0422 3064 aliide - ok
00:24:20.0516 3064 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
00:24:20.0532 3064 amdide - ok
00:24:20.0578 3064 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
00:24:20.0578 3064 AmdK8 - ok
00:24:20.0859 3064 amdkmdag (3ea481540bf571ce2ac422249c4e18a9) C:\windows\system32\DRIVERS\atikmdag.sys
00:24:21.0078 3064 amdkmdag - ok
00:24:21.0202 3064 amdkmdap (c5228c5fd5ca78002255089c4e74dc0e) C:\windows\system32\DRIVERS\atikmpag.sys
00:24:21.0218 3064 amdkmdap - ok
00:24:21.0249 3064 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
00:24:21.0249 3064 AmdPPM - ok
00:24:21.0343 3064 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
00:24:21.0343 3064 amdsata - ok
00:24:21.0374 3064 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
00:24:21.0390 3064 amdsbs - ok
00:24:21.0499 3064 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
00:24:21.0499 3064 amdxata - ok
00:24:21.0530 3064 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
00:24:21.0530 3064 AppID - ok
00:24:21.0655 3064 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
00:24:21.0670 3064 arc - ok
00:24:21.0780 3064 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
00:24:21.0780 3064 arcsas - ok
00:24:21.0889 3064 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
00:24:21.0889 3064 AsyncMac - ok
00:24:21.0982 3064 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
00:24:21.0982 3064 atapi - ok
00:24:22.0123 3064 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\windows\system32\DRIVERS\athrx.sys
00:24:22.0154 3064 athr - ok
00:24:22.0248 3064 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\windows\system32\drivers\AtihdW76.sys
00:24:22.0263 3064 AtiHDAudioService - ok
00:24:22.0388 3064 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
00:24:22.0404 3064 b06bdrv - ok
00:24:22.0513 3064 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
00:24:22.0513 3064 b57nd60a - ok
00:24:22.0762 3064 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
00:24:22.0762 3064 Beep - ok
00:24:22.0934 3064 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys
00:24:22.0965 3064 BHDrvx64 - ok
00:24:23.0074 3064 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
00:24:23.0074 3064 blbdrive - ok
00:24:23.0199 3064 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
00:24:23.0199 3064 bowser - ok
00:24:23.0308 3064 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
00:24:23.0324 3064 BrFiltLo - ok
00:24:23.0433 3064 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
00:24:23.0433 3064 BrFiltUp - ok
00:24:23.0542 3064 Bridge (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
00:24:23.0542 3064 Bridge - ok
00:24:23.0558 3064 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
00:24:23.0558 3064 BridgeMP - ok
00:24:23.0698 3064 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
00:24:23.0698 3064 Brserid - ok
00:24:23.0808 3064 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
00:24:23.0808 3064 BrSerWdm - ok
00:24:23.0901 3064 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
00:24:23.0917 3064 BrUsbMdm - ok
00:24:24.0010 3064 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
00:24:24.0026 3064 BrUsbSer - ok
00:24:24.0120 3064 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
00:24:24.0120 3064 BTHMODEM - ok
00:24:24.0244 3064 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
00:24:24.0244 3064 cdfs - ok
00:24:24.0354 3064 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
00:24:24.0354 3064 cdrom - ok
00:24:24.0463 3064 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
00:24:24.0463 3064 circlass - ok
00:24:24.0556 3064 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
00:24:24.0572 3064 CLFS - ok
00:24:24.0634 3064 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
00:24:24.0650 3064 CmBatt - ok
00:24:24.0744 3064 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
00:24:24.0744 3064 cmdide - ok
00:24:24.0868 3064 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
00:24:24.0868 3064 CNG - ok
00:24:25.0009 3064 CnxtHdAudService (66847c979893a11cfcc2280e772d7ea1) C:\windows\system32\drivers\CHDRT64.sys
00:24:25.0040 3064 CnxtHdAudService - ok
00:24:25.0149 3064 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
00:24:25.0149 3064 Compbatt - ok
00:24:25.0243 3064 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
00:24:25.0243 3064 CompositeBus - ok
00:24:25.0368 3064 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
00:24:25.0368 3064 crcdisk - ok
00:24:25.0492 3064 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
00:24:25.0492 3064 DfsC - ok
00:24:25.0617 3064 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
00:24:25.0617 3064 discache - ok
00:24:25.0726 3064 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
00:24:25.0726 3064 Disk - ok
00:24:25.0836 3064 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
00:24:25.0851 3064 drmkaud - ok
00:24:25.0914 3064 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
00:24:25.0945 3064 DXGKrnl - ok
00:24:26.0101 3064 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
00:24:26.0148 3064 ebdrv - ok
00:24:26.0226 3064 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
00:24:26.0241 3064 eeCtrl - ok
00:24:26.0382 3064 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
00:24:26.0397 3064 elxstor - ok
00:24:26.0460 3064 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:24:26.0460 3064 EraserUtilRebootDrv - ok
00:24:26.0600 3064 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
00:24:26.0600 3064 ErrDev - ok
00:24:26.0740 3064 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
00:24:26.0756 3064 exfat - ok
00:24:26.0881 3064 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
00:24:26.0881 3064 fastfat - ok
00:24:26.0990 3064 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
00:24:26.0990 3064 fdc - ok
00:24:27.0130 3064 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
00:24:27.0130 3064 FileInfo - ok
00:24:27.0255 3064 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
00:24:27.0255 3064 Filetrace - ok
00:24:27.0349 3064 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
00:24:27.0349 3064 flpydisk - ok
00:24:27.0505 3064 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
00:24:27.0505 3064 FltMgr - ok
00:24:27.0614 3064 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
00:24:27.0614 3064 FsDepends - ok
00:24:27.0708 3064 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\windows\system32\DRIVERS\fssfltr.sys
00:24:27.0708 3064 fssfltr - ok
00:24:27.0801 3064 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
00:24:27.0801 3064 Fs_Rec - ok
00:24:27.0848 3064 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
00:24:27.0848 3064 fvevol - ok
00:24:27.0910 3064 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
00:24:27.0910 3064 gagp30kx - ok
00:24:27.0973 3064 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
00:24:27.0988 3064 GEARAspiWDM - ok
00:24:28.0098 3064 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
00:24:28.0098 3064 hcw85cir - ok
00:24:28.0222 3064 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
00:24:28.0222 3064 HdAudAddService - ok
00:24:28.0332 3064 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
00:24:28.0332 3064 HDAudBus - ok
00:24:28.0425 3064 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
00:24:28.0425 3064 HidBatt - ok
00:24:28.0534 3064 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
00:24:28.0550 3064 HidBth - ok
00:24:28.0644 3064 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
00:24:28.0659 3064 HidIr - ok
00:24:28.0768 3064 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
00:24:28.0768 3064 HidUsb - ok
00:24:28.0893 3064 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
00:24:28.0893 3064 HpSAMD - ok
00:24:29.0018 3064 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
00:24:29.0034 3064 HTTP - ok
00:24:29.0127 3064 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
00:24:29.0143 3064 hwpolicy - ok
00:24:29.0236 3064 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
00:24:29.0252 3064 i8042prt - ok
00:24:29.0346 3064 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
00:24:29.0361 3064 iaStorV - ok
00:24:29.0486 3064 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120203.002\IDSvia64.sys
00:24:29.0502 3064 IDSVia64 - ok
00:24:29.0611 3064 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
00:24:29.0611 3064 iirsp - ok
00:24:29.0736 3064 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
00:24:29.0736 3064 intelide - ok
00:24:29.0845 3064 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
00:24:29.0845 3064 intelppm - ok
00:24:29.0954 3064 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
00:24:29.0954 3064 IpFilterDriver - ok
00:24:30.0063 3064 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
00:24:30.0079 3064 IPMIDRV - ok
00:24:30.0172 3064 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
00:24:30.0172 3064 IPNAT - ok
00:24:30.0282 3064 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
00:24:30.0282 3064 IRENUM - ok
00:24:30.0391 3064 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
00:24:30.0391 3064 isapnp - ok
00:24:30.0484 3064 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
00:24:30.0500 3064 iScsiPrt - ok
00:24:30.0594 3064 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
00:24:30.0594 3064 kbdclass - ok
00:24:30.0703 3064 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
00:24:30.0703 3064 kbdhid - ok
00:24:30.0812 3064 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
00:24:30.0812 3064 KSecDD - ok
00:24:30.0906 3064 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
00:24:30.0906 3064 KSecPkg - ok
00:24:31.0015 3064 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
00:24:31.0015 3064 ksthunk - ok
00:24:31.0108 3064 L1C (045fb70bc993b691517ce309045ff02d) C:\windows\system32\DRIVERS\L1C62x64.sys
00:24:31.0108 3064 L1C - ok
00:24:31.0233 3064 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
00:24:31.0233 3064 lltdio - ok
00:24:31.0342 3064 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
00:24:31.0342 3064 LSI_FC - ok
00:24:31.0483 3064 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
00:24:31.0483 3064 LSI_SAS - ok
00:24:31.0576 3064 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
00:24:31.0576 3064 LSI_SAS2 - ok
00:24:31.0701 3064 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
00:24:31.0701 3064 LSI_SCSI - ok
00:24:31.0732 3064 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
00:24:31.0732 3064 luafv - ok
00:24:31.0857 3064 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
00:24:31.0873 3064 MBAMProtector - ok
00:24:31.0982 3064 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
00:24:31.0998 3064 megasas - ok
00:24:32.0029 3064 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
00:24:32.0029 3064 MegaSR - ok
00:24:32.0122 3064 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
00:24:32.0138 3064 Modem - ok
00:24:32.0154 3064 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
00:24:32.0154 3064 monitor - ok
00:24:32.0247 3064 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
00:24:32.0247 3064 mouclass - ok
00:24:32.0263 3064 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
00:24:32.0263 3064 mouhid - ok
00:24:32.0372 3064 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
00:24:32.0372 3064 mountmgr - ok
00:24:32.0403 3064 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
00:24:32.0403 3064 mpio - ok
00:24:32.0497 3064 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
00:24:32.0497 3064 mpsdrv - ok
00:24:32.0528 3064 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
00:24:32.0544 3064 MRxDAV - ok
00:24:32.0637 3064 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
00:24:32.0653 3064 mrxsmb - ok
00:24:32.0762 3064 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
00:24:32.0762 3064 mrxsmb10 - ok
00:24:32.0871 3064 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
00:24:32.0871 3064 mrxsmb20 - ok
00:24:32.0949 3064 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
00:24:32.0949 3064 msahci - ok
00:24:32.0980 3064 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
00:24:32.0980 3064 msdsm - ok
00:24:33.0090 3064 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
00:24:33.0105 3064 Msfs - ok
00:24:33.0136 3064 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
00:24:33.0136 3064 mshidkmdf - ok
00:24:33.0230 3064 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
00:24:33.0246 3064 msisadrv - ok
00:24:33.0277 3064 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
00:24:33.0277 3064 MSKSSRV - ok
00:24:33.0355 3064 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
00:24:33.0370 3064 MSPCLOCK - ok
00:24:33.0386 3064 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
00:24:33.0386 3064 MSPQM - ok
00:24:33.0480 3064 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
00:24:33.0480 3064 MsRPC - ok
00:24:33.0511 3064 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
00:24:33.0511 3064 mssmbios - ok
00:24:33.0604 3064 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
00:24:33.0604 3064 MSTEE - ok
00:24:33.0636 3064 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
00:24:33.0636 3064 MTConfig - ok
00:24:33.0729 3064 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
00:24:33.0729 3064 Mup - ok
00:24:33.0776 3064 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
00:24:33.0792 3064 NativeWifiP - ok
00:24:33.0963 3064 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120203.036\ENG64.SYS
00:24:33.0963 3064 NAVENG - ok
00:24:34.0150 3064 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120203.036\EX64.SYS
00:24:34.0197 3064 NAVEX15 - ok
00:24:34.0306 3064 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
00:24:34.0322 3064 NDIS - ok
00:24:34.0416 3064 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
00:24:34.0431 3064 NdisCap - ok
00:24:34.0447 3064 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
00:24:34.0462 3064 NdisTapi - ok
00:24:34.0540 3064 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
00:24:34.0540 3064 Ndisuio - ok
00:24:34.0572 3064 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
00:24:34.0572 3064 NdisWan - ok
00:24:34.0665 3064 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
00:24:34.0665 3064 NDProxy - ok
00:24:34.0774 3064 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
00:24:34.0774 3064 NetBIOS - ok
00:24:34.0837 3064 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
00:24:34.0852 3064 NetBT - ok
00:24:34.0915 3064 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
00:24:34.0930 3064 nfrd960 - ok
00:24:34.0993 3064 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
00:24:34.0993 3064 Npfs - ok
00:24:35.0055 3064 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
00:24:35.0055 3064 nsiproxy - ok
00:24:35.0196 3064 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
00:24:35.0211 3064 Ntfs - ok
00:24:35.0305 3064 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
00:24:35.0305 3064 Null - ok
00:24:35.0336 3064 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
00:24:35.0352 3064 nvraid - ok
00:24:35.0461 3064 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
00:24:35.0461 3064 nvstor - ok
00:24:35.0554 3064 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
00:24:35.0570 3064 nv_agp - ok
00:24:35.0632 3064 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
00:24:35.0632 3064 ohci1394 - ok
00:24:35.0726 3064 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
00:24:35.0726 3064 Parport - ok
00:24:35.0788 3064 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
00:24:35.0788 3064 partmgr - ok
00:24:35.0851 3064 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
00:24:35.0851 3064 pci - ok
00:24:35.0944 3064 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
00:24:35.0944 3064 pciide - ok
00:24:35.0976 3064 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
00:24:35.0991 3064 pcmcia - ok
00:24:36.0085 3064 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
00:24:36.0085 3064 pcw - ok
00:24:36.0132 3064 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
00:24:36.0147 3064 PEAUTH - ok
00:24:36.0272 3064 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
00:24:36.0272 3064 PGEffect - ok
00:24:36.0397 3064 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
00:24:36.0397 3064 PptpMiniport - ok
00:24:36.0428 3064 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
00:24:36.0428 3064 Processor - ok
00:24:36.0537 3064 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
00:24:36.0537 3064 Psched - ok
00:24:36.0646 3064 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
00:24:36.0646 3064 QIOMem - ok
00:24:36.0771 3064 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
00:24:36.0802 3064 ql2300 - ok
00:24:36.0896 3064 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
00:24:36.0912 3064 ql40xx - ok
00:24:36.0943 3064 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
00:24:36.0943 3064 QWAVEdrv - ok
00:24:37.0036 3064 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
00:24:37.0036 3064 RasAcd - ok
00:24:37.0099 3064 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
00:24:37.0099 3064 RasAgileVpn - ok
00:24:37.0192 3064 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
00:24:37.0208 3064 Rasl2tp - ok
00:24:37.0255 3064 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
00:24:37.0270 3064 RasPppoe - ok
00:24:37.0364 3064 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
00:24:37.0364 3064 RasSstp - ok
00:24:37.0395 3064 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
00:24:37.0395 3064 rdbss - ok
00:24:37.0489 3064 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
00:24:37.0489 3064 rdpbus - ok
00:24:37.0504 3064 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
00:24:37.0504 3064 RDPCDD - ok
00:24:37.0598 3064 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
00:24:37.0598 3064 RDPENCDD - ok
00:24:37.0629 3064 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
00:24:37.0629 3064 RDPREFMP - ok
00:24:37.0660 3064 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
00:24:37.0660 3064 RDPWD - ok
00:24:37.0770 3064 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
00:24:37.0770 3064 rdyboost - ok
00:24:37.0926 3064 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
00:24:37.0926 3064 rspndr - ok
00:24:37.0988 3064 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys
00:24:38.0004 3064 RSUSBSTOR - ok
00:24:38.0097 3064 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RTSUVSTOR.sys
00:24:38.0097 3064 RSUSBVSTOR - ok
00:24:38.0238 3064 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
00:24:38.0253 3064 RTL8192Ce - ok
00:24:38.0394 3064 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
00:24:38.0394 3064 SASDIFSV - ok
00:24:38.0409 3064 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
00:24:38.0409 3064 SASKUTIL - ok
00:24:38.0503 3064 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
00:24:38.0503 3064 sbp2port - ok
00:24:38.0534 3064 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
00:24:38.0534 3064 scfilter - ok
00:24:38.0674 3064 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
00:24:38.0674 3064 secdrv - ok
00:24:38.0721 3064 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
00:24:38.0721 3064 Serenum - ok
00:24:38.0815 3064 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
00:24:38.0815 3064 Serial - ok
00:24:38.0846 3064 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
00:24:38.0846 3064 sermouse - ok
00:24:38.0955 3064 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
00:24:38.0955 3064 sffdisk - ok
00:24:39.0064 3064 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
00:24:39.0064 3064 sffp_mmc - ok
00:24:39.0080 3064 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
00:24:39.0096 3064 sffp_sd - ok
00:24:39.0205 3064 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
00:24:39.0205 3064 sfloppy - ok
00:24:39.0330 3064 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\windows\system32\DRIVERS\Sftfslh.sys
00:24:39.0345 3064 Sftfs - ok
00:24:39.0454 3064 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\windows\system32\DRIVERS\Sftplaylh.sys
00:24:39.0454 3064 Sftplay - ok
00:24:39.0564 3064 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\windows\system32\DRIVERS\Sftredirlh.sys
00:24:39.0564 3064 Sftredir - ok
00:24:39.0595 3064 Sftvol (393b22addd89979eb1c60898f51c3648) C:\windows\system32\DRIVERS\Sftvollh.sys
00:24:39.0595 3064 Sftvol - ok
00:24:39.0751 3064 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
00:24:39.0751 3064 SiSRaid2 - ok
00:24:39.0766 3064 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
00:24:39.0766 3064 SiSRaid4 - ok
00:24:39.0876 3064 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
00:24:39.0876 3064 Smb - ok
00:24:40.0000 3064 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
00:24:40.0016 3064 spldr - ok
00:24:40.0110 3064 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\N360x64\0501000.01D\SRTSP64.SYS
00:24:40.0125 3064 SRTSP - ok
00:24:40.0250 3064 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS
00:24:40.0250 3064 SRTSPX - ok
00:24:40.0344 3064 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
00:24:40.0359 3064 srv - ok
00:24:40.0468 3064 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
00:24:40.0468 3064 srv2 - ok
00:24:40.0609 3064 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
00:24:40.0624 3064 SrvHsfHDA - ok
00:24:40.0780 3064 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
00:24:40.0812 3064 SrvHsfV92 - ok
00:24:40.0952 3064 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
00:24:40.0968 3064 SrvHsfWinac - ok
00:24:41.0077 3064 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
00:24:41.0077 3064 srvnet - ok
00:24:41.0217 3064 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
00:24:41.0217 3064 stexstor - ok
00:24:41.0248 3064 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
00:24:41.0248 3064 swenum - ok
00:24:41.0389 3064 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS
00:24:41.0404 3064 SymDS - ok
00:24:41.0545 3064 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS
00:24:41.0560 3064 SymEFA - ok
00:24:41.0670 3064 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
00:24:41.0670 3064 SymEvent - ok
00:24:41.0794 3064 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS
00:24:41.0794 3064 SymIRON - ok
00:24:41.0919 3064 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS
00:24:41.0935 3064 SymNetS - ok
00:24:42.0075 3064 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
00:24:42.0106 3064 SynTP - ok
00:24:42.0278 3064 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
00:24:42.0294 3064 Tcpip - ok
00:24:42.0465 3064 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
00:24:42.0481 3064 TCPIP6 - ok
00:24:42.0574 3064 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
00:24:42.0574 3064 tcpipreg - ok
00:24:42.0684 3064 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
00:24:42.0684 3064 tdcmdpst - ok
00:24:42.0730 3064 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
00:24:42.0730 3064 TDPIPE - ok
00:24:42.0777 3064 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
00:24:42.0777 3064 TDTCP - ok
00:24:42.0855 3064 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
00:24:42.0855 3064 tdx - ok
00:24:42.0902 3064 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
00:24:42.0918 3064 TermDD - ok
00:24:43.0027 3064 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
00:24:43.0027 3064 tssecsrv - ok
00:24:43.0074 3064 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
00:24:43.0074 3064 TsUsbFlt - ok
00:24:43.0136 3064 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
00:24:43.0136 3064 TsUsbGD - ok
00:24:43.0198 3064 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
00:24:43.0198 3064 tunnel - ok
00:24:43.0276 3064 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
00:24:43.0276 3064 TVALZ - ok
00:24:43.0339 3064 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
00:24:43.0339 3064 TVALZFL - ok
00:24:43.0432 3064 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
00:24:43.0432 3064 uagp35 - ok
00:24:43.0479 3064 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
00:24:43.0479 3064 udfs - ok
00:24:43.0588 3064 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
00:24:43.0588 3064 uliagpkx - ok
00:24:43.0651 3064 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
00:24:43.0651 3064 umbus - ok
00:24:43.0713 3064 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
00:24:43.0713 3064 UmPass - ok
00:24:43.0776 3064 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
00:24:43.0776 3064 usbccgp - ok
00:24:43.0838 3064 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
00:24:43.0854 3064 usbcir - ok
00:24:43.0963 3064 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
00:24:43.0963 3064 usbehci - ok
00:24:43.0994 3064 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
00:24:44.0010 3064 usbhub - ok
00:24:44.0103 3064 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
00:24:44.0103 3064 usbohci - ok
00:24:44.0134 3064 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
00:24:44.0134 3064 usbprint - ok
00:24:44.0228 3064 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
00:24:44.0244 3064 USBSTOR - ok
00:24:44.0353 3064 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
00:24:44.0368 3064 usbuhci - ok
00:24:44.0431 3064 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
00:24:44.0431 3064 usbvideo - ok
00:24:44.0524 3064 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
00:24:44.0524 3064 vdrvroot - ok
00:24:44.0603 3064 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
00:24:44.0603 3064 vga - ok
00:24:44.0665 3064 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
00:24:44.0665 3064 VgaSave - ok
00:24:44.0727 3064 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
00:24:44.0743 3064 vhdmp - ok
00:24:44.0774 3064 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
00:24:44.0790 3064 viaide - ok
00:24:44.0837 3064 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
00:24:44.0852 3064 volmgr - ok
00:24:44.0899 3064 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
00:24:44.0915 3064 volmgrx - ok
00:24:45.0008 3064 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
00:24:45.0008 3064 volsnap - ok
00:24:45.0102 3064 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
00:24:45.0117 3064 vsmraid - ok
00:24:45.0242 3064 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
00:24:45.0242 3064 vwifibus - ok
00:24:45.0273 3064 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
00:24:45.0273 3064 vwififlt - ok
00:24:45.0367 3064 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
00:24:45.0367 3064 vwifimp - ok
00:24:45.0492 3064 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
00:24:45.0492 3064 WacomPen - ok
00:24:45.0523 3064 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
00:24:45.0523 3064 WANARP - ok
00:24:45.0523 3064 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
00:24:45.0539 3064 Wanarpv6 - ok
00:24:45.0648 3064 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
00:24:45.0648 3064 Wd - ok
00:24:45.0695 3064 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
00:24:45.0710 3064 Wdf01000 - ok
00:24:45.0819 3064 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
00:24:45.0819 3064 WfpLwf - ok
00:24:45.0851 3064 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
00:24:45.0851 3064 WIMMount - ok
00:24:45.0991 3064 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
00:24:45.0991 3064 WmiAcpi - ok
00:24:46.0116 3064 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
00:24:46.0116 3064 ws2ifsl - ok
00:24:46.0256 3064 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
00:24:46.0256 3064 WudfPf - ok
00:24:46.0287 3064 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
00:24:46.0287 3064 WUDFRd - ok
00:24:46.0365 3064 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
00:24:46.0428 3064 \Device\Harddisk0\DR0 - ok
00:24:46.0443 3064 Boot (0x1200) (8b02e463871cb06540780c9e91da15de) \Device\Harddisk0\DR0\Partition0
00:24:46.0443 3064 \Device\Harddisk0\DR0\Partition0 - ok
00:24:46.0443 3064 ============================================================
00:24:46.0443 3064 Scan finished
00:24:46.0443 3064 ============================================================
00:24:46.0459 3460 Detected object count: 0
00:24:46.0459 3460 Actual detected object count: 0
00:25:57.0214 4616 ============================================================
00:25:57.0214 4616 Scan started
00:25:57.0214 4616 Mode: Manual;
00:25:57.0214 4616 ============================================================
00:25:57.0573 4616 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
00:25:57.0573 4616 1394ohci - ok
00:25:57.0667 4616 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
00:25:57.0682 4616 ACPI - ok
00:25:57.0791 4616 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
00:25:57.0791 4616 AcpiPmi - ok
00:25:57.0901 4616 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
00:25:57.0916 4616 adp94xx - ok
00:25:58.0025 4616 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
00:25:58.0025 4616 adpahci - ok
00:25:58.0135 4616 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
00:25:58.0135 4616 adpu320 - ok
00:25:58.0259 4616 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
00:25:58.0259 4616 AFD - ok
00:25:58.0369 4616 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
00:25:58.0369 4616 agp440 - ok
00:25:58.0462 4616 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
00:25:58.0462 4616 aliide - ok
00:25:58.0525 4616 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
00:25:58.0525 4616 amdide - ok
00:25:58.0571 4616 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
00:25:58.0571 4616 AmdK8 - ok
00:25:58.0868 4616 amdkmdag (3ea481540bf571ce2ac422249c4e18a9) C:\windows\system32\DRIVERS\atikmdag.sys
00:25:58.0930 4616 amdkmdag - ok
00:25:59.0039 4616 amdkmdap (c5228c5fd5ca78002255089c4e74dc0e) C:\windows\system32\DRIVERS\atikmpag.sys
00:25:59.0039 4616 amdkmdap - ok
00:25:59.0102 4616 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
00:25:59.0102 4616 AmdPPM - ok
00:25:59.0211 4616 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
00:25:59.0211 4616 amdsata - ok
00:25:59.0258 4616 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
00:25:59.0258 4616 amdsbs - ok
00:25:59.0351 4616 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
00:25:59.0351 4616 amdxata - ok
00:25:59.0383 4616 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
00:25:59.0383 4616 AppID - ok
00:25:59.0492 4616 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
00:25:59.0492 4616 arc - ok
00:25:59.0601 4616 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
00:25:59.0601 4616 arcsas - ok
00:25:59.0710 4616 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
00:25:59.0710 4616 AsyncMac - ok
00:25:59.0804 4616 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
00:25:59.0804 4616 atapi - ok
00:25:59.0944 4616 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\windows\system32\DRIVERS\athrx.sys
00:25:59.0960 4616 athr - ok
00:26:00.0069 4616 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\windows\system32\drivers\AtihdW76.sys
00:26:00.0069 4616 AtiHDAudioService - ok
00:26:00.0256 4616 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
00:26:00.0256 4616 b06bdrv - ok
00:26:00.0365 4616 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
00:26:00.0365 4616 b57nd60a - ok
00:26:00.0490 4616 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
00:26:00.0490 4616 Beep - ok
00:26:00.0631 4616 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys
00:26:00.0662 4616 BHDrvx64 - ok
00:26:00.0755 4616 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
00:26:00.0771 4616 blbdrive - ok
00:26:00.0849 4616 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
00:26:00.0865 4616 bowser - ok
00:26:00.0958 4616 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
00:26:00.0958 4616 BrFiltLo - ok
00:26:01.0067 4616 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
00:26:01.0067 4616 BrFiltUp - ok
00:26:01.0177 4616 Bridge (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
00:26:01.0177 4616 Bridge - ok
00:26:01.0177 4616 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
00:26:01.0192 4616 BridgeMP - ok
00:26:01.0239 4616 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
00:26:01.0239 4616 Brserid - ok
00:26:01.0333 4616 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
00:26:01.0333 4616 BrSerWdm - ok
00:26:01.0457 4616 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
00:26:01.0457 4616 BrUsbMdm - ok
00:26:01.0567 4616 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
00:26:01.0567 4616 BrUsbSer - ok
00:26:01.0676 4616 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
00:26:01.0676 4616 BTHMODEM - ok
00:26:01.0785 4616 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
00:26:01.0785 4616 cdfs - ok
00:26:01.0894 4616 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
00:26:01.0894 4616 cdrom - ok
00:26:02.0003 4616 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
00:26:02.0003 4616 circlass - ok
00:26:02.0128 4616 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
00:26:02.0128 4616 CLFS - ok
00:26:02.0253 4616 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
00:26:02.0253 4616 CmBatt - ok
00:26:02.0347 4616 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
00:26:02.0347 4616 cmdide - ok
00:26:02.0471 4616 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
00:26:02.0487 4616 CNG - ok
00:26:02.0627 4616 CnxtHdAudService (66847c979893a11cfcc2280e772d7ea1) C:\windows\system32\drivers\CHDRT64.sys
00:26:02.0643 4616 CnxtHdAudService - ok
00:26:02.0752 4616 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
00:26:02.0752 4616 Compbatt - ok
00:26:02.0846 4616 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
00:26:02.0846 4616 CompositeBus - ok
00:26:02.0861 4616 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
00:26:02.0877 4616 crcdisk - ok
00:26:03.0002 4616 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
00:26:03.0002 4616 DfsC - ok
00:26:03.0127 4616 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
00:26:03.0127 4616 discache - ok
00:26:03.0236 4616 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
00:26:03.0236 4616 Disk - ok
00:26:03.0392 4616 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
00:26:03.0392 4616 drmkaud - ok
00:26:03.0501 4616 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
00:26:03.0517 4616 DXGKrnl - ok
00:26:03.0704 4616 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
00:26:03.0719 4616 ebdrv - ok
00:26:03.0813 4616 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
00:26:03.0813 4616 eeCtrl - ok
00:26:03.0953 4616 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
00:26:03.0969 4616 elxstor - ok
00:26:04.0031 4616 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:26:04.0047 4616 EraserUtilRebootDrv - ok
00:26:04.0141 4616 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
00:26:04.0141 4616 ErrDev - ok
00:26:04.0265 4616 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
00:26:04.0265 4616 exfat - ok
00:26:04.0375 4616 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
00:26:04.0375 4616 fastfat - ok
00:26:04.0484 4616 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
00:26:04.0484 4616 fdc - ok
00:26:04.0593 4616 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
00:26:04.0609 4616 FileInfo - ok
00:26:04.0702 4616 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
00:26:04.0702 4616 Filetrace - ok
00:26:04.0811 4616 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
00:26:04.0811 4616 flpydisk - ok
00:26:04.0921 4616 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
00:26:04.0921 4616 FltMgr - ok
00:26:05.0030 4616 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
00:26:05.0030 4616 FsDepends - ok
00:26:05.0123 4616 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\windows\system32\DRIVERS\fssfltr.sys
00:26:05.0123 4616 fssfltr - ok
00:26:05.0201 4616 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
00:26:05.0201 4616 Fs_Rec - ok
00:26:05.0311 4616 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
00:26:05.0311 4616 fvevol - ok
00:26:05.0420 4616 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
00:26:05.0420 4616 gagp30kx - ok
00:26:05.0513 4616 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
00:26:05.0513 4616 GEARAspiWDM - ok
00:26:05.0638 4616 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
00:26:05.0638 4616 hcw85cir - ok
00:26:05.0747 4616 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
00:26:05.0747 4616 HdAudAddService - ok
00:26:05.0872 4616 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
00:26:05.0872 4616 HDAudBus - ok
00:26:05.0966 4616 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
00:26:05.0966 4616 HidBatt - ok
00:26:06.0075 4616 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
00:26:06.0075 4616 HidBth - ok
00:26:06.0184 4616 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
00:26:06.0184 4616 HidIr - ok
00:26:06.0293 4616 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
00:26:06.0293 4616 HidUsb - ok
00:26:06.0418 4616 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
00:26:06.0418 4616 HpSAMD - ok
00:26:06.0543 4616 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
00:26:06.0559 4616 HTTP - ok
00:26:06.0668 4616 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
00:26:06.0668 4616 hwpolicy - ok
00:26:06.0777 4616 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
00:26:06.0777 4616 i8042prt - ok
00:26:06.0886 4616 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
00:26:06.0902 4616 iaStorV - ok
00:26:07.0058 4616 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120203.002\IDSvia64.sys
00:26:07.0058 4616 IDSVia64 - ok
00:26:07.0401 4616 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
00:26:07.0401 4616 iirsp - ok
00:26:07.0463 4616 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
00:26:07.0463 4616 intelide - ok
00:26:07.0526 4616 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
00:26:07.0526 4616 intelppm - ok
00:26:07.0635 4616 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
00:26:07.0635 4616 IpFilterDriver - ok
00:26:07.0729 4616 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
00:26:07.0729 4616 IPMIDRV - ok
00:26:07.0822 4616 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
00:26:07.0838 4616 IPNAT - ok
00:26:07.0916 4616 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
00:26:07.0916 4616 IRENUM - ok
00:26:07.0931 4616 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
00:26:07.0931 4616 isapnp - ok
00:26:08.0025 4616 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
00:26:08.0041 4616 iScsiPrt - ok
00:26:08.0072 4616 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
00:26:08.0072 4616 kbdclass - ok
00:26:08.0165 4616 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
00:26:08.0165 4616 kbdhid - ok
00:26:08.0212 4616 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
00:26:08.0212 4616 KSecDD - ok
00:26:08.0321 4616 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
00:26:08.0321 4616 KSecPkg - ok
00:26:08.0415 4616 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
00:26:08.0415 4616 ksthunk - ok
00:26:08.0462 4616 L1C (045fb70bc993b691517ce309045ff02d) C:\windows\system32\DRIVERS\L1C62x64.sys
00:26:08.0462 4616 L1C - ok
00:26:08.0587 4616 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
00:26:08.0587 4616 lltdio - ok
00:26:08.0696 4616 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
00:26:08.0696 4616 LSI_FC - ok
00:26:08.0727 4616 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
00:26:08.0727 4616 LSI_SAS - ok
00:26:08.0821 4616 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
00:26:08.0821 4616 LSI_SAS2 - ok
00:26:08.0836 4616 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
00:26:08.0852 4616 LSI_SCSI - ok
00:26:08.0945 4616 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
00:26:08.0945 4616 luafv - ok
00:26:09.0023 4616 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
00:26:09.0023 4616 MBAMProtector - ok
00:26:09.0086 4616 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
00:26:09.0086 4616 megasas - ok
00:26:09.0164 4616 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
00:26:09.0164 4616 MegaSR - ok
00:26:09.0226 4616 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
00:26:09.0226 4616 Modem - ok
00:26:09.0289 4616 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
00:26:09.0289 4616 monitor - ok
00:26:09.0335 4616 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
00:26:09.0335 4616 mouclass - ok
00:26:09.0398 4616 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
00:26:09.0398 4616 mouhid - ok
00:26:09.0445 4616 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
00:26:09.0460 4616 mountmgr - ok
00:26:09.0507 4616 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
00:26:09.0507 4616 mpio - ok
00:26:09.0569 4616 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
00:26:09.0569 4616 mpsdrv - ok
00:26:09.0632 4616 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
00:26:09.0632 4616 MRxDAV - ok
00:26:09.0710 4616 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
00:26:09.0710 4616 mrxsmb - ok
00:26:09.0819 4616 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
00:26:09.0819 4616 mrxsmb10 - ok
00:26:09.0928 4616 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
00:26:09.0928 4616 mrxsmb20 - ok
00:26:10.0022 4616 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
00:26:10.0022 4616 msahci - ok
00:26:10.0053 4616 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
00:26:10.0053 4616 msdsm - ok
00:26:10.0162 4616 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
00:26:10.0162 4616 Msfs - ok
00:26:10.0178 4616 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
00:26:10.0178 4616 mshidkmdf - ok
00:26:10.0271 4616 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
00:26:10.0271 4616 msisadrv - ok
00:26:10.0303 4616 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
00:26:10.0303 4616 MSKSSRV - ok
00:26:10.0396 4616 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
00:26:10.0396 4616 MSPCLOCK - ok
00:26:10.0459 4616 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
00:26:10.0459 4616 MSPQM - ok
00:26:10.0552 4616 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
00:26:10.0552 4616 MsRPC - ok
00:26:10.0615 4616 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
00:26:10.0615 4616 mssmbios - ok
00:26:10.0677 4616 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
00:26:10.0677 4616 MSTEE - ok
00:26:10.0724 4616 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
00:26:10.0724 4616 MTConfig - ok
00:26:10.0786 4616 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
00:26:10.0786 4616 Mup - ok
00:26:10.0849 4616 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
00:26:10.0864 4616 NativeWifiP - ok
00:26:11.0005 4616 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120203.036\ENG64.SYS
00:26:11.0005 4616 NAVENG - ok
00:26:11.0207 4616 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120203.036\EX64.SYS
00:26:11.0239 4616 NAVEX15 - ok
00:26:11.0348 4616 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
00:26:11.0363 4616 NDIS - ok
00:26:11.0457 4616 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
00:26:11.0473 4616 NdisCap - ok
00:26:11.0488 4616 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
00:26:11.0504 4616 NdisTapi - ok
00:26:11.0582 4616 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
00:26:11.0582 4616 Ndisuio - ok
00:26:11.0613 4616 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
00:26:11.0613 4616 NdisWan - ok
00:26:11.0707 4616 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
00:26:11.0707 4616 NDProxy - ok
00:26:11.0738 4616 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
00:26:11.0738 4616 NetBIOS - ok
00:26:11.0847 4616 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
00:26:11.0847 4616 NetBT - ok
00:26:11.0956 4616 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
00:26:11.0956 4616 nfrd960 - ok
00:26:11.0987 4616 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
00:26:11.0987 4616 Npfs - ok
00:26:12.0081 4616 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
00:26:12.0081 4616 nsiproxy - ok
00:26:12.0175 4616 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
00:26:12.0190 4616 Ntfs - ok
00:26:12.0284 4616 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
00:26:12.0284 4616 Null - ok
00:26:12.0315 4616 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
00:26:12.0315 4616 nvraid - ok
00:26:12.0424 4616 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
00:26:12.0424 4616 nvstor - ok
00:26:12.0518 4616 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
00:26:12.0533 4616 nv_agp - ok
00:26:12.0549 4616 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
00:26:12.0549 4616 ohci1394 - ok
00:26:12.0674 4616 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
00:26:12.0674 4616 Parport - ok
00:26:12.0689 4616 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
00:26:12.0689 4616 partmgr - ok
00:26:12.0783 4616 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
00:26:12.0783 4616 pci - ok
00:26:12.0814 4616 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
00:26:12.0814 4616 pciide - ok
00:26:12.0892 4616 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
00:26:12.0908 4616 pcmcia - ok
00:26:12.0923 4616 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
00:26:12.0923 4616 pcw - ok
00:26:13.0033 4616 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
00:26:13.0033 4616 PEAUTH - ok
00:26:13.0157 4616 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
00:26:13.0173 4616 PGEffect - ok
00:26:13.0235 4616 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
00:26:13.0235 4616 PptpMiniport - ok
00:26:13.0329 4616 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
00:26:13.0329 4616 Processor - ok
00:26:13.0360 4616 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
00:26:13.0360 4616 Psched - ok
00:26:13.0454 4616 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
00:26:13.0469 4616 QIOMem - ok
00:26:13.0594 4616 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
00:26:13.0610 4616 ql2300 - ok
00:26:13.0719 4616 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
00:26:13.0719 4616 ql40xx - ok
00:26:13.0797 4616 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
00:26:13.0813 4616 QWAVEdrv - ok
00:26:13.0828 4616 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
00:26:13.0828 4616 RasAcd - ok
00:26:13.0937 4616 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
00:26:13.0937 4616 RasAgileVpn - ok
00:26:14.0047 4616 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
00:26:14.0047 4616 Rasl2tp - ok
00:26:14.0062 4616 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
00:26:14.0078 4616 RasPppoe - ok
00:26:14.0171 4616 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
00:26:14.0171 4616 RasSstp - ok
00:26:14.0265 4616 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
00:26:14.0265 4616 rdbss - ok
00:26:14.0359 4616 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
00:26:14.0359 4616 rdpbus - ok
00:26:14.0390 4616 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
00:26:14.0390 4616 RDPCDD - ok
00:26:14.0468 4616 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
00:26:14.0483 4616 RDPENCDD - ok
00:26:14.0515 4616 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
00:26:14.0515 4616 RDPREFMP - ok
00:26:14.0608 4616 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
00:26:14.0608 4616 RDPWD - ok
00:26:14.0671 4616 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
00:26:14.0671 4616 rdyboost - ok
00:26:14.0749 4616 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
00:26:14.0749 4616 rspndr - ok
00:26:14.0827 4616 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys
00:26:14.0827 4616 RSUSBSTOR - ok
00:26:14.0889 4616 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RTSUVSTOR.sys
00:26:14.0889 4616 RSUSBVSTOR - ok
00:26:15.0029 4616 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
00:26:15.0045 4616 RTL8192Ce - ok
00:26:15.0107 4616 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
00:26:15.0107 4616 SASDIFSV - ok
00:26:15.0139 4616 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
00:26:15.0139 4616 SASKUTIL - ok
00:26:15.0232 4616 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
00:26:15.0248 4616 sbp2port - ok
00:26:15.0279 4616 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
00:26:15.0279 4616 scfilter - ok
00:26:15.0341 4616 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
00:26:15.0341 4616 secdrv - ok
00:26:15.0435 4616 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
00:26:15.0435 4616 Serenum - ok
00:26:15.0529 4616 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
00:26:15.0544 4616 Serial - ok
00:26:15.0622 4616 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
00:26:15.0622 4616 sermouse - ok
00:26:15.0669 4616 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
00:26:15.0669 4616 sffdisk - ok
00:26:15.0763 4616 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
00:26:15.0763 4616 sffp_mmc - ok
00:26:15.0794 4616 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
00:26:15.0794 4616 sffp_sd - ok
00:26:15.0887 4616 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
00:26:15.0887 4616 sfloppy - ok
00:26:15.0950 4616 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\windows\system32\DRIVERS\Sftfslh.sys
00:26:15.0965 4616 Sftfs - ok
00:26:16.0075 4616 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\windows\system32\DRIVERS\Sftplaylh.sys
00:26:16.0075 4616 Sftplay - ok
00:26:16.0168 4616 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\windows\system32\DRIVERS\Sftredirlh.sys
00:26:16.0168 4616 Sftredir - ok
00:26:16.0246 4616 Sftvol (393b22addd89979eb1c60898f51c3648) C:\windows\system32\DRIVERS\Sftvollh.sys
00:26:16.0246 4616 Sftvol - ok
00:26:16.0340 4616 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
00:26:16.0340 4616 SiSRaid2 - ok
00:26:16.0402 4616 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
00:26:16.0402 4616 SiSRaid4 - ok
00:26:16.0465 4616 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
00:26:16.0465 4616 Smb - ok
00:26:16.0543 4616 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
00:26:16.0543 4616 spldr - ok
00:26:16.0667 4616 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\N360x64\0501000.01D\SRTSP64.SYS
00:26:16.0667 4616 SRTSP - ok
00:26:16.0792 4616 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS
00:26:16.0792 4616 SRTSPX - ok
00:26:16.0886 4616 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
00:26:16.0901 4616 srv - ok
00:26:17.0011 4616 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
00:26:17.0011 4616 srv2 - ok
00:26:17.0120 4616 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
00:26:17.0120 4616 SrvHsfHDA - ok
00:26:17.0307 4616 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
00:26:17.0323 4616 SrvHsfV92 - ok
00:26:17.0447 4616 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
00:26:17.0463 4616 SrvHsfWinac - ok
00:26:17.0557 4616 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
00:26:17.0557 4616 srvnet - ok
00:26:17.0666 4616 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
00:26:17.0666 4616 stexstor - ok
00:26:17.0759 4616 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
00:26:17.0775 4616 swenum - ok
00:26:17.0915 4616 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS
00:26:17.0915 4616 SymDS - ok
00:26:18.0071 4616 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS
00:26:18.0087 4616 SymEFA - ok
00:26:18.0196 4616 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
00:26:18.0196 4616 SymEvent - ok
00:26:18.0321 4616 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS
00:26:18.0321 4616 SymIRON - ok
00:26:18.0461 4616 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS
00:26:18.0461 4616 SymNetS - ok
00:26:18.0602 4616 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
00:26:18.0617 4616 SynTP - ok
00:26:18.0773 4616 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
00:26:18.0805 4616 Tcpip - ok
00:26:18.0961 4616 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
00:26:18.0976 4616 TCPIP6 - ok
00:26:19.0070 4616 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
00:26:19.0085 4616 tcpipreg - ok
00:26:19.0179 4616 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
00:26:19.0179 4616 tdcmdpst - ok
00:26:19.0241 4616 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
00:26:19.0257 4616 TDPIPE - ok
00:26:19.0304 4616 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
00:26:19.0304 4616 TDTCP - ok
00:26:19.0366 4616 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
00:26:19.0366 4616 tdx - ok
00:26:19.0429 4616 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
00:26:19.0429 4616 TermDD - ok
00:26:19.0553 4616 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
00:26:19.0553 4616 tssecsrv - ok
00:26:19.0663 4616 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
00:26:19.0663 4616 TsUsbFlt - ok
00:26:19.0756 4616 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
00:26:19.0756 4616 TsUsbGD - ok
00:26:19.0787 4616 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
00:26:19.0787 4616 tunnel - ok
00:26:19.0881 4616 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
00:26:19.0881 4616 TVALZ - ok
00:26:19.0912 4616 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
00:26:19.0912 4616 TVALZFL - ok
00:26:20.0006 4616 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
00:26:20.0006 4616 uagp35 - ok
00:26:20.0053 4616 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
00:26:20.0053 4616 udfs - ok
00:26:20.0162 4616 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
00:26:20.0162 4616 uliagpkx - ok
00:26:20.0396 4616 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
00:26:20.0396 4616 umbus - ok
00:26:20.0489 4616 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
00:26:20.0489 4616 UmPass - ok
00:26:20.0567 4616 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
00:26:20.0567 4616 usbccgp - ok
00:26:20.0630 4616 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
00:26:20.0630 4616 usbcir - ok
00:26:20.0692 4616 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
00:26:20.0692 4616 usbehci - ok
00:26:20.0770 4616 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
00:26:20.0770 4616 usbhub - ok
00:26:20.0833 4616 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
00:26:20.0833 4616 usbohci - ok
00:26:20.0879 4616 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
00:26:20.0879 4616 usbprint - ok
00:26:20.0957 4616 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
00:26:20.0957 4616 USBSTOR - ok
00:26:21.0051 4616 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
00:26:21.0067 4616 usbuhci - ok
00:26:21.0129 4616 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
00:26:21.0129 4616 usbvideo - ok
00:26:21.0223 4616 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
00:26:21.0223 4616 vdrvroot - ok
00:26:21.0285 4616 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
00:26:21.0301 4616 vga - ok
00:26:21.0347 4616 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
00:26:21.0347 4616 VgaSave - ok
00:26:21.0410 4616 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
00:26:21.0425 4616 vhdmp - ok
00:26:21.0472 4616 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
00:26:21.0472 4616 viaide - ok
00:26:21.0535 4616 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
00:26:21.0535 4616 volmgr - ok
00:26:21.0581 4616 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
00:26:21.0597 4616 volmgrx - ok
00:26:21.0691 4616 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
00:26:21.0691 4616 volsnap - ok
00:26:21.0800 4616 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
00:26:21.0800 4616 vsmraid - ok
00:26:21.0893 4616 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
00:26:21.0893 4616 vwifibus - ok
00:26:21.0925 4616 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
00:26:21.0925 4616 vwififlt - ok
00:26:22.0018 4616 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
00:26:22.0018 4616 vwifimp - ok
00:26:22.0049 4616 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
00:26:22.0049 4616 WacomPen - ok
00:26:22.0143 4616 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
00:26:22.0159 4616 WANARP - ok
00:26:22.0159 4616 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
00:26:22.0159 4616 Wanarpv6 - ok
00:26:22.0268 4616 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
00:26:22.0283 4616 Wd - ok
00:26:22.0315 4616 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
00:26:22.0330 4616 Wdf01000 - ok
00:26:22.0455 4616 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
00:26:22.0455 4616 WfpLwf - ok
00:26:22.0486 4616 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
00:26:22.0486 4616 WIMMount - ok
00:26:22.0627 4616 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
00:26:22.0627 4616 WmiAcpi - ok
00:26:22.0720 4616 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
00:26:22.0720 4616 ws2ifsl - ok
00:26:22.0798 4616 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
00:26:22.0798 4616 WudfPf - ok
00:26:22.0861 4616 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
00:26:22.0861 4616 WUDFRd - ok
00:26:22.0907 4616 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
00:26:22.0970 4616 \Device\Harddisk0\DR0 - ok
00:26:22.0985 4616 Boot (0x1200) (8b02e463871cb06540780c9e91da15de) \Device\Harddisk0\DR0\Partition0
00:26:22.0985 4616 \Device\Harddisk0\DR0\Partition0 - ok
00:26:22.0985 4616 ============================================================
00:26:22.0985 4616 Scan finished
00:26:22.0985 4616 ============================================================
00:26:23.0017 4812 Detected object count: 0
00:26:23.0017 4812 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:48 PM

Posted 05 February 2012 - 03:39 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Paradoxx

Paradoxx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 05 February 2012 - 03:54 AM

Again, Thank You for assisting me. It means a lot to me!


HERE IS THE LOG.



aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-05 00:48:50
-----------------------------
00:48:50.504 OS Version: Windows x64 6.1.7601 Service Pack 1
00:48:50.505 Number of processors: 4 586 0x100
00:48:50.506 ComputerName: MW3-PC UserName: Mw3
00:48:52.048 Initialize success
00:50:32.576 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:50:32.581 Disk 0 Vendor: TOSHIBA_MK3275GSX GT001M Size: 305245MB BusType: 11
00:50:32.617 Disk 0 MBR read successfully
00:50:32.623 Disk 0 MBR scan
00:50:32.628 Disk 0 Windows VISTA default MBR code
00:50:32.640 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
00:50:32.662 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 289943 MB offset 3074048
00:50:32.690 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 13801 MB offset 596877312
00:50:32.699 Service scanning
00:50:34.017 Modules scanning
00:50:34.026 Disk 0 trace - called modules:
00:50:34.072 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
00:50:34.083 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004793790]
00:50:34.092 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80041d3680]
00:50:34.105 Scan finished successfully
00:51:38.600 Disk 0 MBR has been saved successfully to "C:\Users\Mw3\Music\Desktop\MBR.dat"
00:51:38.631 The log file has been saved successfully to "C:\Users\Mw3\Music\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:48 PM

Posted 05 February 2012 - 05:18 AM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Paradoxx

Paradoxx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 06 February 2012 - 12:38 AM

OK. I am back. Sorry for the delay. Work was a B****. I did as you asked. Didn't Look like there was much to see.

PICTURE IS ATTACHED BELOW.

Attached Files



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:48 PM

Posted 06 February 2012 - 12:42 AM

Hello

That looks good - is IE still opening on its own?



Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Paradoxx

Paradoxx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 06 February 2012 - 01:05 AM

Hello Again. Last time internet explorer randomly popped open was probably about a few hours ago. So If your asking since our previous meeting. Then yes. However, since I have ran puppy I have not seen it. Also, I'm not sure if this is relevant but when I use process monitor to watch the processes on my comp, it shows that the path way (In the Registry) for the I.E is something along the line of "ZoneMap\Domain\" with different web sites.


HERE IS THE LOG



OTL logfile created on: 2/5/2012 9:45:54 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mw3\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 59.55% Memory free
6.95 Gb Paging File | 5.42 Gb Available in Paging File | 77.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.15 Gb Total Space | 249.67 Gb Free Space | 88.18% Space Free | Partition Type: NTFS
Drive E: | 3.77 Gb Total Space | 3.65 Gb Free Space | 96.74% Space Free | Partition Type: FAT32

Computer Name: MW3-PC | User Name: Mw3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mw3\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys (Symantec Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys (Symantec Corporation)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys (Symantec Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (QIOMem) -- C:\Windows\SysNative\drivers\QIOMem.sys (TOSHIBA)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120204.023\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120204.023\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120203.002\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3969521273-2449864402-3574663854-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3969521273-2449864402-3574663854-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-3969521273-2449864402-3574663854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3969521273-2449864402-3574663854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/05 21:34:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2012/02/05 21:34:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/21 04:31:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/09/18 14:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mw3\AppData\Roaming\Mozilla\Extensions
[2012/02/04 14:28:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mw3\AppData\Roaming\Mozilla\Firefox\Profiles\nelydiei.default\extensions
[2011/05/17 19:23:12 | 000,003,295 | ---- | M] () -- C:\Users\Mw3\AppData\Roaming\Mozilla\Firefox\Profiles\nelydiei.default\searchplugins\search-results.xml
[2012/01/21 04:31:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/05 21:34:47 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN_2011_7_4_3
[2012/02/05 21:34:54 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
[2012/01/21 04:31:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/21 04:30:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/21 04:30:55 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Mw3\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Mw3\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\Mw3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/04 23:21:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3969521273-2449864402-3574663854-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3969521273-2449864402-3574663854-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-3969521273-2449864402-3574663854-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Mcx1-MW3-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3969521273-2449864402-3574663854-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3969521273-2449864402-3574663854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E658C9E-DB9A-4358-9C78-5C5D27C92399}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94812007-AAFD-416A-BFD1-C831F87DC885}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/05 12:29:54 | 004,754,944 | ---- | C] (Geza Kovacs) -- C:\Users\Mw3\Music\Desktop\unetbootin-windows-563.exe
[2012/02/05 00:23:24 | 000,000,000 | ---D | C] -- C:\Users\Mw3\Documents\tdsskiller
[2012/02/05 00:05:04 | 000,000,000 | ---D | C] -- C:\BleepingComp
[2012/02/04 23:26:50 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/02/04 23:21:56 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/02/04 23:11:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/02/04 23:11:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/02/04 23:11:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/02/04 23:11:24 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/02/04 23:00:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/04 23:00:03 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2012/02/04 20:58:12 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\Toshiba Corporation
[2012/02/04 20:13:13 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\Adobe
[2012/02/04 16:03:49 | 000,000,000 | R--D | C] -- C:\Users\Mw3\Music\Desktop\ARC
[2012/02/04 15:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/02/03 21:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakNow RegCleaner 2011
[2012/02/03 21:16:14 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Roaming\TweakNow RegCleaner 2011
[2012/02/03 21:16:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TweakNow RegCleaner 2011
[2012/02/03 19:10:55 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{FC4B2B48-C179-4A7D-B6BB-CC8B152593F3}
[2012/02/03 19:10:36 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{E874D937-360C-44A2-977C-1C4E086FCF19}
[2012/02/03 19:10:24 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{DBE76318-08E4-49CA-AF68-589A9AC2412E}
[2012/02/03 06:28:53 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{8FAF0AC8-EA13-4BDF-BB32-45230270E296}
[2012/02/03 06:28:42 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{BCE2DFA5-86C0-4D4A-9CE4-809F3C003AC7}
[2012/02/03 06:28:32 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{8A6539AE-E356-4890-BCB3-7E7FD46FAF0F}
[2012/02/03 06:27:41 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{B237B5EA-8E4B-4324-939B-D6B0C15FFC01}
[2012/02/03 05:24:37 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\ElevatedDiagnostics
[2012/02/02 10:46:29 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{C2ECBCAB-BE64-4770-95A0-869D29EE1194}
[2012/02/01 21:01:50 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{0B04F2D6-389D-43E7-80B6-7E69C38382C6}
[2012/02/01 21:01:38 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{724547FA-89A2-4DD5-B25C-450A84F6B63D}
[2012/01/31 22:52:00 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{F45F88FD-C182-46DA-BF98-CDBE0CBBE0CF}
[2012/01/31 22:51:48 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{AA64D666-00E1-4060-981D-E457A77A5C8C}
[2012/01/31 11:09:45 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/01/31 11:09:45 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2012/01/31 11:09:45 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2012/01/31 11:09:45 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2012/01/31 11:09:45 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2012/01/31 11:09:45 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2012/01/31 11:09:44 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2012/01/31 11:09:44 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/01/31 11:09:44 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2012/01/31 11:09:44 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2012/01/31 11:09:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/01/31 11:09:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/01/31 11:09:44 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieakeng.dll
[2012/01/31 11:09:44 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2012/01/31 11:09:44 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2012/01/31 11:09:44 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2012/01/31 11:09:44 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ie4uinit.exe
[2012/01/31 11:09:44 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2012/01/31 11:09:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2012/01/31 11:09:44 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2012/01/31 11:09:43 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2012/01/31 11:09:43 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2012/01/31 11:09:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/01/31 11:09:43 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2012/01/31 11:09:43 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2012/01/31 11:09:43 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/01/31 11:09:43 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2012/01/31 11:09:43 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2012/01/31 11:09:43 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2012/01/31 11:09:42 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieaksie.dll
[2012/01/31 11:09:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieakui.dll
[2012/01/31 11:09:42 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\admparse.dll
[2012/01/31 11:09:41 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2012/01/31 11:09:41 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2012/01/31 11:09:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/01/31 11:09:41 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2012/01/31 11:09:41 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2012/01/31 11:09:41 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2012/01/31 11:09:41 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2012/01/31 11:09:40 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2012/01/31 11:09:40 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/01/31 11:09:40 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/01/31 11:09:40 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2012/01/31 11:09:40 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2012/01/31 11:09:40 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2012/01/31 11:09:40 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieaksie.dll
[2012/01/31 11:09:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/01/31 11:09:40 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieakui.dll
[2012/01/31 11:09:40 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieakeng.dll
[2012/01/31 11:09:40 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2012/01/31 11:09:40 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2012/01/31 11:09:40 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\admparse.dll
[2012/01/31 11:09:40 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2012/01/31 11:09:40 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2012/01/31 11:09:40 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2012/01/31 11:09:40 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2012/01/31 11:09:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2012/01/31 11:09:40 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2012/01/31 11:09:39 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/01/31 11:09:39 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/01/31 11:09:39 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/01/31 11:09:39 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2012/01/31 11:09:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/01/31 11:09:39 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2012/01/31 11:09:39 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2012/01/31 11:09:39 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2012/01/31 11:09:39 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/01/31 11:09:39 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2012/01/31 11:09:39 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2012/01/31 11:09:39 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2012/01/31 11:09:39 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2012/01/31 11:09:39 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2012/01/31 10:51:20 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{9B915726-CBD9-43CB-94F0-6D381868F3FF}
[2012/01/30 20:53:43 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{246B9AD5-9608-4F6B-B306-B0687F5B4BBF}
[2012/01/30 20:53:34 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{ACA353E6-4D46-4F05-8D6F-825EFB96EB01}
[2012/01/30 08:52:50 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{7BE63617-3F86-4BF1-9BE0-139AA612CA7E}
[2012/01/30 08:52:40 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{0BF235CB-F9CB-4421-B60A-361C6930337B}
[2012/01/30 08:52:30 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{D2BE59DC-40E4-46FD-8681-C0353739E1A6}
[2012/01/30 08:52:18 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{F6C04A13-F4EA-4DCD-894E-F1E9C4D618C8}
[2012/01/29 20:34:03 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{01047F9F-04B1-4467-AD9D-5CB06B7D1ED8}
[2012/01/29 20:33:53 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{6D5BA23A-A359-403B-AF72-5412B30A24B2}
[2012/01/29 08:01:49 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{03688BE1-99E6-4C7A-9BE9-28FDE4CA9987}
[2012/01/28 20:00:54 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{E2E36FD7-336E-4544-BEDA-D36DBC413376}
[2012/01/28 20:00:44 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{B9956125-38C5-44EB-A100-8F7CFC4F6FF2}
[2012/01/28 20:00:34 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{A543EE7D-0E43-4713-9715-4223AF8F8B94}
[2012/01/28 20:00:12 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{810B749A-D138-4DCD-9C16-FF6BD1B99382}
[2012/01/28 07:59:47 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{0829C0AA-43EA-4F69-81CC-502546480F4B}
[2012/01/27 06:44:19 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{FB3B95D4-B4DB-4C3D-A39B-C2668C80B9BF}
[2012/01/26 18:43:40 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{52F882BE-E849-41A7-BF03-7C6025957520}
[2012/01/26 05:45:09 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{97907E2B-945D-4908-9456-19D7424673B0}
[2012/01/26 05:44:59 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{9A43D231-3569-40AE-940D-387240674F9C}
[2012/01/25 17:03:25 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{B9964C7E-74D6-44B0-ADD7-314BE55C0FD4}
[2012/01/25 17:03:15 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{A017EE5B-E406-40E0-A686-D15ABD066B7F}
[2012/01/25 17:03:04 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{A24315C3-B6F8-4C15-95EC-321BDB0280CF}
[2012/01/25 17:01:48 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{58823A05-4E3E-4689-A852-62DED3FBB424}
[2012/01/24 23:01:39 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{6B55EC1E-4A8C-47B5-BE38-6CC21806C784}
[2012/01/23 22:38:06 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{568BB35F-8B4A-49A2-AD52-B915C48F87AA}
[2012/01/23 10:37:27 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{D5970F79-3D86-4E8D-B8B6-A1605082F10E}
[2012/01/22 22:36:45 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{8BBB434D-DCA7-4EBC-9EDA-40E0E51A2771}
[2012/01/21 22:35:21 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{496D71C4-9D89-4DE6-B267-AA512BDEF560}
[2012/01/21 10:34:37 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{28FE5FD2-31D6-4F35-A3FA-592A58CB1FDC}
[2012/01/20 22:33:55 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{581ADCBB-6C27-4ED2-A228-8BFF0A50F898}
[2012/01/20 10:33:10 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{FD34F25E-4F9F-4FAA-BFF4-F79527937CB4}
[2012/01/19 22:32:28 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{8D3B8EB8-9382-4B0A-B75A-06C63E7CD92C}
[2012/01/19 00:19:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/01/18 19:42:32 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{F87A8782-729A-421F-AA24-CFEFC16F6B7A}
[2012/01/18 07:42:06 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{3267FA3C-367F-41D3-82D8-1F5571D07EF5}
[2012/01/16 15:50:28 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{BE2574C4-E34C-4705-A311-95849A951776}
[2012/01/16 02:30:09 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{DB6F97B9-BE48-4DE9-9BA6-200B17F83F83}
[2012/01/15 14:29:30 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{D652EF03-8493-469E-86D8-3ADA48EBD14E}
[2012/01/15 01:54:08 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{96C8E915-BAB0-4888-A290-73DC270E7698}
[2012/01/14 13:53:24 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{DF38D73D-E86D-4B6D-A569-36E9544BCEAF}
[2012/01/14 13:53:15 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{859C9998-F22F-48B1-A67A-B62E1C703A6D}
[2012/01/14 00:00:09 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{B3E48932-EE25-4453-8C20-2D1B5AD90F69}
[2012/01/13 11:59:12 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{ACFFB601-C6CC-48A8-B940-24504AD12109}
[2012/01/13 11:59:02 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{0351997A-5C8C-4DC6-BD86-5281B2DD7307}
[2012/01/13 11:58:52 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{DC7E0592-E02D-4483-84D6-EB82F3C6674A}
[2012/01/13 11:58:29 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{C480FDA9-A0F9-4D50-BCA3-EA3C7A69BEDE}
[2012/01/12 23:57:58 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{362D53C9-A526-40C9-9214-4CD8655A0FD6}
[2012/01/12 11:57:18 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{D30B765B-BA7F-458F-932F-4F4F5AB8B3A3}
[2012/01/11 21:46:58 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{FB8B4095-1AA0-4DC0-8327-9FF4BA488819}
[2012/01/10 21:45:41 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{A39257A1-1824-4F24-B02F-A3FD846255FF}
[2012/01/10 20:30:33 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\quartz.dll
[2012/01/10 20:30:33 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\quartz.dll
[2012/01/10 20:30:32 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[2012/01/10 20:30:32 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2012/01/10 20:30:29 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2012/01/10 20:30:29 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll
[2012/01/10 20:30:29 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll
[2012/01/10 20:30:29 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2012/01/10 20:30:29 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2012/01/10 20:30:29 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2012/01/10 20:30:23 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2012/01/10 20:30:21 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll
[2012/01/10 20:30:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\packager.dll
[2012/01/10 11:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/01/10 09:45:01 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{A8829882-2D7C-4B56-8CAF-D0FBF7D2AAFD}
[2012/01/10 09:43:51 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{720AEDA8-4F13-4516-8B0F-6BFE32A5E1ED}
[2012/01/10 04:41:58 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/01/09 17:39:02 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{A81A82E4-F584-47A0-B5DB-5358FB30CBF3}
[2012/01/09 17:38:52 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{A5E86CDF-0FEA-40BE-92F7-FF61745B79FB}
[2012/01/09 02:51:10 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{EC27CABB-3DE9-486A-8D72-1C7E22548BF4}
[2012/01/09 02:51:00 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{8C171674-828F-4436-B6D8-FE0C732F03B1}
[2012/01/09 00:42:35 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Mw3\Music\Desktop\ATF-Cleaner.exe
[2012/01/08 14:50:16 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{A4C16AED-2E4B-4250-8F28-127CF1400686}
[2012/01/08 14:50:05 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{07BCCFDF-65BE-496D-8FF0-B5F91113E19B}
[2012/01/08 14:49:55 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{305F9B89-9CA9-428C-AE4B-6EF742F42CB2}
[2012/01/08 14:49:42 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{57EF28EF-8206-4CF1-937D-BCF0DEF736BE}
[2012/01/08 02:04:27 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{C174943F-D18F-4DDD-B3E1-2EA537190B68}
[2012/01/07 23:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/01/07 23:26:09 | 000,230,952 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\PCTSD64.sys
[2012/01/07 23:26:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/01/07 23:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/07 23:25:49 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Roaming\TestApp
[2012/01/07 22:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/01/07 22:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/01/07 22:52:47 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSSTDFMT.DLL
[2012/01/07 22:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2012/01/07 14:03:59 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{F6D329A4-A8CF-4203-86B2-15AD73C61A7A}
[2012/01/07 00:24:02 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{FD3618F4-1C4F-41F9-A4E3-113B4CF48228}
[2012/01/07 00:23:52 | 000,000,000 | ---D | C] -- C:\Users\Mw3\AppData\Local\{BCBDD0CE-93B2-4B82-9247-E1AA83B665E1}
[2 C:\Users\Mw3\Music\Desktop\*.tmp files -> C:\Users\Mw3\Music\Desktop\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/05 21:41:22 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/05 21:41:22 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/05 21:39:24 | 000,727,182 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/02/05 21:39:24 | 000,624,936 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/02/05 21:39:24 | 000,107,208 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/02/05 21:34:21 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/05 21:33:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/02/05 21:33:52 | 2798,804,992 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/05 20:01:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/05 15:00:29 | 000,000,596 | ---- | M] () -- C:\Users\Mw3\Music\Desktop\slacko-5.3.1-SCSI-MAIN.zip
[2012/02/05 13:35:31 | 001,147,805 | ---- | M] () -- C:\Users\Mw3\Music\Desktop\KHOP-Application.pdf
[2012/02/05 13:01:42 | 000,000,692 | ---- | M] () -- C:\Users\Mw3\Music\Desktop\slacko-5.3.1-SCSI-MAIN.lnk
[2012/02/05 12:30:41 | 004,746,193 | ---- | M] () -- C:\unetbootin-windows-563.zip
[2012/02/05 12:29:54 | 004,754,944 | ---- | M] (Geza Kovacs) -- C:\Users\Mw3\Music\Desktop\unetbootin-windows-563.exe
[2012/02/05 00:52:19 | 002,112,170 | ---- | M] () -- C:\Users\Mw3\Music\Desktop\aswMBR.zip
[2012/02/05 00:51:38 | 000,000,512 | ---- | M] () -- C:\Users\Mw3\Music\Desktop\MBR.dat
[2012/02/05 00:07:46 | 004,392,750 | ---- | M] () -- C:\ComboFix.zip
[2012/02/05 00:06:11 | 000,001,152 | ---- | M] () -- C:\Users\Mw3\Music\Desktop\ComboFix - Shortcut.lnk
[2012/02/04 23:21:50 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/02/04 21:13:43 | 000,001,345 | ---- | M] () -- C:\Users\Mw3\Music\Desktop\Media Center.lnk
[2012/02/04 21:02:46 | 000,001,345 | ---- | M] () -- C:\Media Center.lnk
[2012/02/04 19:57:41 | 000,000,000 | ---- | M] () -- C:\Users\Mw3\defogger_reenable
[2012/02/04 14:35:12 | 001,520,894 | ---- | M] () -- C:\windows\SysNative\drivers\Cat.DB
[2012/02/03 21:16:17 | 000,002,058 | ---- | M] () -- C:\Users\Public\Desktop\TweakNow RegCleaner 2011.lnk
[2012/02/02 02:29:20 | 003,022,624 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Mw3\Music\Desktop\Procmon.exe
[2012/01/31 11:39:33 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/31 11:14:58 | 000,001,452 | ---- | M] () -- C:\Users\Mw3\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/31 11:09:45 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/01/31 11:09:45 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2012/01/31 11:09:45 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2012/01/31 11:09:45 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2012/01/31 11:09:45 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2012/01/31 11:09:45 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2012/01/31 11:09:44 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2012/01/31 11:09:44 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/01/31 11:09:44 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2012/01/31 11:09:44 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2012/01/31 11:09:44 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/01/31 11:09:44 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/01/31 11:09:44 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieakeng.dll
[2012/01/31 11:09:44 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2012/01/31 11:09:44 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2012/01/31 11:09:44 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2012/01/31 11:09:44 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ie4uinit.exe
[2012/01/31 11:09:44 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2012/01/31 11:09:44 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2012/01/31 11:09:44 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2012/01/31 11:09:44 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2012/01/31 11:09:43 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2012/01/31 11:09:43 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2012/01/31 11:09:43 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/01/31 11:09:43 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2012/01/31 11:09:43 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2012/01/31 11:09:43 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/01/31 11:09:43 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2012/01/31 11:09:43 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2012/01/31 11:09:43 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2012/01/31 11:09:42 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieaksie.dll
[2012/01/31 11:09:42 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieakui.dll
[2012/01/31 11:09:42 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\admparse.dll
[2012/01/31 11:09:41 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2012/01/31 11:09:41 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2012/01/31 11:09:41 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/01/31 11:09:41 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2012/01/31 11:09:41 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2012/01/31 11:09:41 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2012/01/31 11:09:41 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2012/01/31 11:09:40 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2012/01/31 11:09:40 | 002,309,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/01/31 11:09:40 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/01/31 11:09:40 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2012/01/31 11:09:40 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2012/01/31 11:09:40 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2012/01/31 11:09:40 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieaksie.dll
[2012/01/31 11:09:40 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/01/31 11:09:40 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieakui.dll
[2012/01/31 11:09:40 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieakeng.dll
[2012/01/31 11:09:40 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2012/01/31 11:09:40 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2012/01/31 11:09:40 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\admparse.dll
[2012/01/31 11:09:40 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2012/01/31 11:09:40 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2012/01/31 11:09:40 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2012/01/31 11:09:40 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2012/01/31 11:09:40 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2012/01/31 11:09:40 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2012/01/31 11:09:39 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/01/31 11:09:39 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/01/31 11:09:39 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/01/31 11:09:39 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2012/01/31 11:09:39 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/01/31 11:09:39 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2012/01/31 11:09:39 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2012/01/31 11:09:39 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2012/01/31 11:09:39 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/01/31 11:09:39 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2012/01/31 11:09:39 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2012/01/31 11:09:39 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2012/01/31 11:09:39 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2012/01/31 11:09:39 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2012/01/31 11:09:39 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2012/01/19 10:58:51 | 000,072,614 | ---- | M] () -- C:\Users\Mw3\Music\Desktop\PLBC-Letter-of-Recommendation-Form.pdf
[2012/01/19 00:19:26 | 000,002,223 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/01/11 16:19:08 | 000,230,952 | ---- | M] (PC Tools) -- C:\windows\SysNative\drivers\PCTSD64.sys
[2012/01/10 11:57:39 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/10 04:41:58 | 000,002,965 | ---- | M] () -- C:\Users\Mw3\Music\Desktop\HiJackThis.lnk
[2012/01/10 02:34:38 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/01/10 02:28:00 | 000,002,052 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/01/09 00:42:36 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Mw3\Music\Desktop\ATF-Cleaner.exe
[2012/01/07 22:52:51 | 000,001,018 | ---- | M] () -- C:\Users\Mw3\Music\Desktop\SpywareBlaster.lnk
[2 C:\Users\Mw3\Music\Desktop\*.tmp files -> C:\Users\Mw3\Music\Desktop\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/05 15:00:29 | 000,000,596 | ---- | C] () -- C:\Users\Mw3\Music\Desktop\slacko-5.3.1-SCSI-MAIN.zip
[2012/02/05 13:35:31 | 001,147,805 | ---- | C] () -- C:\Users\Mw3\Music\Desktop\KHOP-Application.pdf
[2012/02/05 13:01:42 | 000,000,692 | ---- | C] () -- C:\Users\Mw3\Music\Desktop\slacko-5.3.1-SCSI-MAIN.lnk
[2012/02/05 12:30:40 | 004,746,193 | ---- | C] () -- C:\unetbootin-windows-563.zip
[2012/02/05 00:52:19 | 002,112,170 | ---- | C] () -- C:\Users\Mw3\Music\Desktop\aswMBR.zip
[2012/02/05 00:51:38 | 000,000,512 | ---- | C] () -- C:\Users\Mw3\Music\Desktop\MBR.dat
[2012/02/05 00:07:59 | 004,392,750 | ---- | C] () -- C:\ComboFix.zip
[2012/02/05 00:06:11 | 000,001,152 | ---- | C] () -- C:\Users\Mw3\Music\Desktop\ComboFix - Shortcut.lnk
[2012/02/04 23:11:45 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/02/04 23:11:45 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/02/04 23:11:45 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/02/04 23:11:45 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/02/04 23:11:45 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/02/04 21:13:43 | 000,001,345 | ---- | C] () -- C:\Users\Mw3\Music\Desktop\Media Center.lnk
[2012/02/04 21:02:46 | 000,001,345 | ---- | C] () -- C:\Media Center.lnk
[2012/02/04 19:57:41 | 000,000,000 | ---- | C] () -- C:\Users\Mw3\defogger_reenable
[2012/02/03 21:16:17 | 000,002,058 | ---- | C] () -- C:\Users\Public\Desktop\TweakNow RegCleaner 2011.lnk
[2012/01/31 11:14:57 | 000,001,424 | ---- | C] () -- C:\Users\Mw3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/01/31 11:09:44 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2012/01/31 11:09:39 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2012/01/19 10:50:52 | 000,072,614 | ---- | C] () -- C:\Users\Mw3\Music\Desktop\PLBC-Letter-of-Recommendation-Form.pdf
[2012/01/19 00:19:26 | 000,002,223 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/01/10 11:57:39 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/10 11:57:39 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/10 04:41:58 | 000,002,965 | ---- | C] () -- C:\Users\Mw3\Music\Desktop\HiJackThis.lnk
[2012/01/10 02:28:00 | 000,002,052 | ---- | C] () -- C:\windows\epplauncher.mif
[2012/01/07 23:26:24 | 001,520,894 | ---- | C] () -- C:\windows\SysNative\drivers\Cat.DB
[2012/01/07 22:52:50 | 000,001,018 | ---- | C] () -- C:\Users\Mw3\Music\Desktop\SpywareBlaster.lnk
[2011/12/06 18:24:09 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/09/24 05:42:21 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2011/09/22 17:56:32 | 000,731,106 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/09/19 03:26:07 | 000,000,064 | ---- | C] () -- C:\Users\Mw3\AppData\Roaming\Statdisk.prefs
[2011/07/15 09:16:57 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/07/15 09:07:35 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/07/15 09:05:16 | 000,003,155 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/02/03 18:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:48 PM

Posted 06 February 2012 - 01:17 AM

Hello

line of "ZoneMap\Domain\" with different web sites.
this is spybots work and is ok


I won't be able to check this report until the morning as it is a larg report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Paradoxx

Paradoxx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 06 February 2012 - 01:46 AM

That's fine. You have been extremely helpful. Have a Good Night.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:48 PM

Posted 07 February 2012 - 08:03 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3969521273-2449864402-3574663854-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2  
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:48 PM

Posted 10 February 2012 - 12:16 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users