Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

problems: hijacked google searches, Lightroom4.1 start gives error 0xc000007b, scrolling jumps in some apps


  • This topic is locked This topic is locked
61 replies to this topic

#1 JackRivers

JackRivers

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 08 July 2012 - 07:45 PM

20% of all my Google searches get redirected for the past month or so (using Firefox 13.0.1). My new Adobe Lightroom4.1 now tries to start up, fails and gives me error 0cx000007b, though it worked for two weeks just fine. Some webpages scroll and jump on their own, without mouse input. Some text files scroll up then down without my input. Some text entry input fields scroll on their own in a sporadic manner.All other apps on my machine seem to work properly. My system files and apps are split between two drives, an SSD as C: and a SATA drive as D: with a subdir d:\tools holding some apps.

My actions:
Norton 360 v6.0
All Win7-64 files are current and updated.
Have run "sfc.exe /scannow" and no system files were detected as bad (none repaired)

GMER note:
The first eight items in the right menu were ghosted.
I ticked the check boxes for drives C: and D: because they both hold apps as noted above.

Thank you for your attention.

=========================================================================================
DDS.txt contents:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by bj at 18:05:03 on 2012-07-08
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16289.13331 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
D:\=Tools\Program Files (x86)\FantaMorph5\FantaUp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
C:\Windows\System32\igfxpers.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Belkin\Nostromo\nost_LM.exe
C:\Users\bj\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\crypserv.exe
D:\=Tools\Program Files\DAZ 3D\DAZ 3D CMS\ContentManagementServer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
D:\=Tools\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
D:\=Tools\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
D:\=Tools\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uWindow Title = The King's Things
uLocal Page = C:\Program Files\Boris FX, Inc\Boris RED 5\Documentation\wwhelp\wwhimpl\common\html\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - D:\=Tools\Program Files (x86)\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [EPSON WorkForce 320 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGJA.EXE /FU "C:\Windows\TEMP\E_SB78B.tmp" /EF "HKCU"
uRun: [Google Update] "C:\Users\bj\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [PowerPanel Personal Edition User Interaction] D:\=Tools\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [FPVCodecPackTrialInfo] "C:\Windows\WICCodecs\{A6D092A4-081A-4F0E-9356-DA167E87D922}\FPVCodecPackTrialInfo.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\bj\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\bj\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NOSTRO~1.LNK - C:\Windows\Installer\{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe
uPolicies-explorer: DisallowRun = 0 (0x0)
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with Mipony - file://D:\=Tools\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - D:\_TOOLS~1\PROGRA~1\Office12\EXCEL.EXE/3000
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - D:\_TOOLS~1\PROGRA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{9F1A653A-77C8-43A5-800B-AC46B1F7BCA3} : DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\=Tools\Program Files (x86)\Office12\GrooveSystemServices.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - D:\=Tools\Program Files (x86)\Office12\GrooveShellExtensions.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\=Tools\Program Files (x86)\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [PowerPanel Personal Edition User Interaction] D:\=Tools\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [FPVCodecPackTrialInfo] "C:\Windows\WICCodecs\{A6D092A4-081A-4F0E-9356-DA167E87D922}\FPVCodecPackTrialInfo.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun-x64: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\=Tools\Program Files (x86)\Office12\GrooveShellExtensions.dll
SEH-X64: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\bj\AppData\Roaming\Mozilla\Firefox\Profiles\8b85rv59.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\nppdf32.dll
FF - plugin: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Users\bj\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: D:\=Tools\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: D:\=Tools\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
============= SERVICES / DRIVERS ===============
.
R0 DSFKSVCS;Kernel Services for DSF;C:\Windows\system32\DRIVERS\dsfksvcs.sys --> C:\Windows\system32\DRIVERS\dsfksvcs.sys [?]
R0 dsfroot;root enumerated bus driver;C:\Windows\system32\DRIVERS\dsfroot.sys --> C:\Windows\system32\DRIVERS\dsfroot.sys [?]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\system32\DRIVERS\fltsrv.sys --> C:\Windows\system32\DRIVERS\fltsrv.sys [?]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\system32\DRIVERS\mv91cons.sys --> C:\Windows\system32\DRIVERS\mv91cons.sys [?]
R0 mvs91xx;mvs91xx;C:\Windows\system32\DRIVERS\mvs91xx.sys --> C:\Windows\system32\DRIVERS\mvs91xx.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [?]
R0 vididr;Acronis Virtual Disk;C:\Windows\system32\DRIVERS\vididr.sys --> C:\Windows\system32\DRIVERS\vididr.sys [?]
R0 vidsflt61;Acronis Disk Storage Filter (61);C:\Windows\system32\DRIVERS\vsflt61.sys --> C:\Windows\system32\DRIVERS\vsflt61.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-6-18 1161376]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [?]
R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\dddskx64.sys --> C:\Windows\system32\drivers\dddskx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120705.001\IDSviA64.sys [2012-7-5 509088]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.;Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.;D:\=Tools\Program Files (x86)\FantaMorph5\FantaUp.exe -PermissionManagerRun --> D:\=Tools\Program Files (x86)\FantaMorph5\FantaUp.exe -PermissionManagerRun [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-12-29 918448]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2011-9-29 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-12-29 586880]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 DAZContentManagementService;DAZ Content Management Service;D:\=Tools\Program Files\DAZ 3D\DAZ 3D CMS\ContentManagementServer.exe [2012-2-29 22528]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 20992]
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;D:\=Tools\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccsvchst.exe [2012-5-17 138232]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-2-22 66560]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-23 2348352]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 bcgame;Nostromo HID Device Minidriver;C:\Windows\system32\drivers\bcgame.sys --> C:\Windows\system32\drivers\bcgame.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]
R3 DrmRAudio;DrmRAudio;C:\Windows\system32\drivers\DrmRAudio.sys --> C:\Windows\system32\drivers\DrmRAudio.sys [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-31 138912]
R3 GenericMount;Generic Mount Driver;C:\Windows\system32\DRIVERS\GenericMount.sys --> C:\Windows\system32\DRIVERS\GenericMount.sys [?]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]
R3 HRMCFGSPC;DSF General Configuration Space Redirection Module;C:\Windows\system32\DRIVERS\HRMCFGSPC.SYS --> C:\Windows\system32\DRIVERS\HRMCFGSPC.SYS [?]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 softehci;Microsoft USB 2.0 Enhanced Host Controller Interface (EHCI) Simulator Driver";C:\Windows\system32\DRIVERS\softehci.sys --> C:\Windows\system32\DRIVERS\softehci.sys [?]
R3 SymSnapService;SymSnapService;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2009-9-21 2963960]
R3 usbehci_dsf;Microsoft DSF-enabled USB 2.0 Enhanced Host Controller Interface (EHCI) Miniport Driver;C:\Windows\system32\DRIVERS\usbehci_dsf.sys --> C:\Windows\system32\DRIVERS\usbehci_dsf.sys [?]
R3 VKbms;Razer Gaming Device;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-29 136176]
S2 RNX-MiniN111nCU;RNX-MiniN111nCU; [x]
S2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-12-16 5881952]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250056]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 cpuz134;cpuz134;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2011-9-29 21480]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-9-29 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-9-29 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-10-7 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-20 1431888]
S3 GenericMount Helper Service;GenericMount Helper Service;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2009-9-21 1571336]
S3 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2011-12-2 745472]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-29 136176]
S3 HRMINTS;DSF Interrupt Redirection Module;C:\Windows\system32\DRIVERS\HRMINTS.SYS --> C:\Windows\system32\DRIVERS\HRMINTS.SYS [?]
S3 HRMPORTS;DSF IO Port Redirection Module;C:\Windows\system32\DRIVERS\HRMPORTS.SYS --> C:\Windows\system32\DRIVERS\HRMPORTS.SYS [?]
S3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys --> C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [?]
S3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys --> C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SMServer;SMServer;C:\Windows\SysWOW64\snmvtsvc.exe [2011-12-2 243712]
S3 SOFTHIDUSBK;USB HID Layer;C:\Windows\system32\DRIVERS\SOFTHIDUSBK.SYS --> C:\Windows\system32\DRIVERS\SOFTHIDUSBK.SYS [?]
S3 SOFTUSBK;Generic USB device;C:\Windows\system32\DRIVERS\SOFTUSBK.SYS --> C:\Windows\system32\DRIVERS\SOFTUSBK.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\Windows\System32\dllhost.exe [2009-7-13 7168]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
.
=============== Created Last 30 ================
.
2012-07-08 21:00:43 -------- d-----w- C:\Users\bj\AppData\Roaming\SynthMaker
2012-07-08 21:00:40 -------- d-----w- C:\Users\bj\AppData\Roaming\Acoustica
2012-07-08 20:59:09 -------- d-----w- C:\Program Files (x86)\VST
2012-07-08 20:57:52 -------- d-----w- C:\ProgramData\Acoustica
2012-07-08 20:57:52 -------- d-----w- C:\Program Files (x86)\Acoustica Mixcraft 6
2012-07-08 18:19:18 -------- d-----w- C:\Users\bj\AppData\Roaming\Wise Registry Cleaner
2012-07-08 18:19:02 -------- d-----w- C:\Program Files (x86)\Wise
2012-07-08 17:40:13 -------- d-----w- C:\adobeTemp
2012-07-08 14:52:43 54016 ----a-w- C:\Windows\SysWow64\drivers\egqc.sys
2012-07-03 00:23:14 -------- d-----w- C:\Program Files (x86)\Antares Audio Technologies
2012-06-30 05:53:55 -------- d-----w- C:\Program Files (x86)\FLVPlayer
2012-06-19 11:57:21 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 11:57:20 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 11:57:20 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 11:57:20 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-19 00:00:16 -------- d-----w- C:\Users\bj\AppData\Local\Pop Art Studio 6.2
2012-06-18 18:40:21 -------- d-----w- C:\Users\bj\AppData\Roaming\Final Draft
2012-06-18 18:38:43 4169728 ----a-r- C:\Windows\SysWow64\cdintf400.dll
2012-06-18 18:38:41 -------- d-----w- C:\ProgramData\Final Draft
2012-06-18 18:38:41 -------- d-----w- C:\Program Files (x86)\Final Draft Tagger
2012-06-18 18:38:40 -------- d-----w- C:\Program Files (x86)\Final Draft 8
2012-06-13 22:55:07 -------- d-----w- C:\Program Files\iTunes
2012-06-13 22:55:07 -------- d-----w- C:\Program Files\iPod
2012-06-13 17:01:27 -------- d-----w- C:\Program Files (x86)\My Company Name
2012-06-12 20:35:57 -------- d-----w- C:\Users\bj\AppData\Local\Macromedia
2012-06-12 20:00:11 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
==================== Find3M ====================
.
2012-06-28 14:53:53 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-28 14:53:53 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-11 14:12:30 10503680 ----a-w- C:\Windows\System32\BCC8_3DObjects_AE.dll
2012-05-11 13:55:08 35250688 ----a-w- C:\Windows\System32\BCC8_AE_Float.dll
2012-05-11 13:44:24 34866176 ----a-w- C:\Windows\System32\BCC8_AE_8Bit.dll
2012-05-11 13:33:52 34906624 ----a-w- C:\Windows\System32\BCC8_AE_16Bit.dll
2012-05-11 13:27:58 1027072 ----a-w- C:\Windows\System32\BCC8_Common_AE.dll
2012-05-09 18:21:41 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-09 18:21:36 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-05 04:16:08 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 11:00:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 02:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 02:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 18:05:15.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:02:22 AM

Posted 12 July 2012 - 03:38 PM

Hello JackRivers and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. :)


Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


----------Step 3----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 4----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 JackRivers

JackRivers
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 12 July 2012 - 04:47 PM

Hello D-FRED-BROWN!!!

I followed all instructions, including turning off all Norton 360 features but Combofix reported its antispyware still running, no matter what I did within Norton 360v6. Continued with combofix and all other recommended procedures. I AM willing to uninstall Norton entirely to help resolve this problem. Is this what I should do? All requested logs are cited here (and attached to this email):

=======================================================================================================================================================================================
TDSSKiller's logfile:

15:03:04.0598 6412 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
15:03:05.0440 6412 ============================================================
15:03:05.0440 6412 Current date / time: 2012/07/12 15:03:05.0440
15:03:05.0440 6412 SystemInfo:
15:03:05.0440 6412
15:03:05.0440 6412 OS Version: 6.1.7601 ServicePack: 1.0
15:03:05.0440 6412 Product type: Workstation
15:03:05.0440 6412 ComputerName: MANTIS
15:03:05.0440 6412 UserName: bj
15:03:05.0440 6412 Windows directory: C:\Windows
15:03:05.0440 6412 System windows directory: C:\Windows
15:03:05.0440 6412 Running under WOW64
15:03:05.0440 6412 Processor architecture: Intel x64
15:03:05.0440 6412 Number of processors: 8
15:03:05.0440 6412 Page size: 0x1000
15:03:05.0440 6412 Boot type: Normal boot
15:03:05.0440 6412 ============================================================
15:03:05.0612 6412 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
15:03:05.0612 6412 Drive \Device\Harddisk3\DR3 - Size: 0x2BAA1476000 (2794.52 Gb), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:03:05.0612 6412 Drive \Device\Harddisk4\DR4 - Size: 0x2BAA1476000 (2794.52 Gb), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:03:05.0612 6412 Drive \Device\Harddisk2\DR2 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:03:05.0627 6412 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:03:05.0659 6412 ============================================================
15:03:05.0659 6412 \Device\Harddisk0\DR0:
15:03:05.0659 6412 MBR partitions:
15:03:05.0659 6412 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
15:03:05.0659 6412 \Device\Harddisk3\DR3:
15:03:05.0659 6412 GPT partitions:
15:03:05.0659 6412 \Device\Harddisk3\DR3\Partition0: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {B8FB79B6-0AE9-47C0-801F-7EEC7B2AAA4C}, Name: , StartLBA 0x22, BlocksNum 0x40000
15:03:05.0659 6412 \Device\Harddisk3\DR3\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {B3D29604-6829-4383-AA4F-3D4DCFCD0F1D}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x5D4C9800
15:03:05.0659 6412 MBR partitions:
15:03:05.0659 6412 \Device\Harddisk4\DR4:
15:03:05.0659 6412 GPT partitions:
15:03:05.0659 6412 \Device\Harddisk4\DR4\Partition0: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {A714FB5F-22B2-499F-B845-788B2788B503}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
15:03:05.0659 6412 \Device\Harddisk4\DR4\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {BC34D925-8373-44F6-AC2A-CED13BE29813}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x5D4C9800
15:03:05.0659 6412 MBR partitions:
15:03:05.0659 6412 \Device\Harddisk2\DR2:
15:03:05.0659 6412 MBR partitions:
15:03:05.0659 6412 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:03:05.0659 6412 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
15:03:05.0659 6412 \Device\Harddisk1\DR1:
15:03:05.0659 6412 MBR partitions:
15:03:05.0659 6412 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
15:03:05.0659 6412 ============================================================
15:03:05.0659 6412 C: <-> \Device\Harddisk2\DR2\Partition1
15:03:05.0674 6412 D: <-> \Device\Harddisk1\DR1\Partition0
15:03:05.0737 6412 F: <-> \Device\Harddisk3\DR3\Partition1
15:03:05.0768 6412 E: <-> \Device\Harddisk4\DR4\Partition1
15:03:05.0783 6412 G: <-> \Device\Harddisk0\DR0\Partition0
15:03:05.0783 6412 ============================================================
15:03:05.0783 6412 Initialize success
15:03:05.0783 6412 ============================================================
15:03:08.0014 6164 ============================================================
15:03:08.0014 6164 Scan started
15:03:08.0014 6164 Mode: Manual;
15:03:08.0014 6164 ============================================================
15:03:08.0701 6164 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:03:08.0701 6164 1394ohci - ok
15:03:08.0779 6164 Abrosoft: Abrosoft FantaMorph update permissions manager. 12810. - ok
15:03:08.0794 6164 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:03:08.0794 6164 ACPI - ok
15:03:08.0794 6164 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:03:08.0794 6164 AcpiPmi - ok
15:03:08.0810 6164 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:03:08.0810 6164 AdobeARMservice - ok
15:03:08.0841 6164 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:03:08.0841 6164 AdobeFlashPlayerUpdateSvc - ok
15:03:08.0872 6164 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:03:08.0872 6164 adp94xx - ok
15:03:08.0888 6164 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:03:08.0888 6164 adpahci - ok
15:03:08.0903 6164 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:03:08.0903 6164 adpu320 - ok
15:03:08.0903 6164 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:03:08.0903 6164 AeLookupSvc - ok
15:03:08.0919 6164 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:03:08.0935 6164 AFD - ok
15:03:08.0935 6164 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:03:08.0935 6164 agp440 - ok
15:03:08.0935 6164 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:03:08.0935 6164 ALG - ok
15:03:08.0935 6164 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:03:08.0935 6164 aliide - ok
15:03:08.0950 6164 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:03:08.0950 6164 amdide - ok
15:03:08.0950 6164 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:03:08.0950 6164 AmdK8 - ok
15:03:08.0950 6164 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:03:08.0950 6164 AmdPPM - ok
15:03:08.0950 6164 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:03:08.0950 6164 amdsata - ok
15:03:08.0966 6164 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:03:08.0966 6164 amdsbs - ok
15:03:08.0966 6164 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:03:08.0966 6164 amdxata - ok
15:03:08.0981 6164 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
15:03:08.0981 6164 AppHostSvc - ok
15:03:08.0981 6164 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:03:08.0981 6164 AppID - ok
15:03:08.0981 6164 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:03:08.0981 6164 AppIDSvc - ok
15:03:08.0981 6164 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:03:08.0997 6164 Appinfo - ok
15:03:08.0997 6164 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:03:08.0997 6164 Apple Mobile Device - ok
15:03:09.0013 6164 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:03:09.0013 6164 AppMgmt - ok
15:03:09.0075 6164 AR5416 (c7663dfbcf40f10fefe7218cb2b80021) C:\Windows\system32\DRIVERS\athwx.sys
15:03:09.0091 6164 AR5416 - ok
15:03:09.0137 6164 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:03:09.0137 6164 arc - ok
15:03:09.0137 6164 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:03:09.0137 6164 arcsas - ok
15:03:09.0184 6164 asComSvc (f7692e60147e56a1ceee144974f41830) C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
15:03:09.0184 6164 asComSvc - ok
15:03:09.0184 6164 ASFLTDrv.sys - ok
15:03:09.0215 6164 asHmComSvc (a63173897ea1a73a75d0e65036de5b15) C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
15:03:09.0231 6164 asHmComSvc - ok
15:03:09.0262 6164 AsIO (fef9dd9ea587f8886ade43c1befbdafe) C:\Windows\syswow64\drivers\AsIO.sys
15:03:09.0262 6164 AsIO - ok
15:03:09.0278 6164 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:03:09.0278 6164 aspnet_state - ok
15:03:09.0293 6164 AsSysCtrlService (5c31dfb196cb3a488a041881634d86d2) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
15:03:09.0309 6164 AsSysCtrlService - ok
15:03:09.0309 6164 AsUpIO (1392b92179b07b672720763d9b1028a5) C:\Windows\syswow64\drivers\AsUpIO.sys
15:03:09.0309 6164 AsUpIO - ok
15:03:09.0309 6164 ASUSFILTER (a5e4cdb420540095d1293c874b5f89aa) C:\Windows\syswow64\drivers\ASUSFILTER.sys
15:03:09.0309 6164 ASUSFILTER - ok
15:03:09.0340 6164 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:03:09.0340 6164 AsyncMac - ok
15:03:09.0340 6164 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:03:09.0340 6164 atapi - ok
15:03:09.0340 6164 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
15:03:09.0340 6164 AthBTPort - ok
15:03:09.0340 6164 ATHDFU (4119870b90e1b5e7797d6433d21f9216) C:\Windows\system32\Drivers\AthDfu.sys
15:03:09.0356 6164 ATHDFU - ok
15:03:09.0356 6164 AtherosSvc (21753130331188c4b474e1d3b396e629) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
15:03:09.0356 6164 AtherosSvc - ok
15:03:09.0418 6164 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
15:03:09.0418 6164 athr - ok
15:03:09.0481 6164 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:03:09.0481 6164 AudioEndpointBuilder - ok
15:03:09.0496 6164 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:03:09.0496 6164 AudioSrv - ok
15:03:09.0496 6164 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:03:09.0496 6164 AxInstSV - ok
15:03:09.0527 6164 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:03:09.0527 6164 b06bdrv - ok
15:03:09.0543 6164 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:03:09.0543 6164 b57nd60a - ok
15:03:09.0543 6164 bcgame (5be512e49c43c8466ab7b4740d1927d7) C:\Windows\system32\drivers\bcgame.sys
15:03:09.0543 6164 bcgame - ok
15:03:09.0559 6164 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:03:09.0559 6164 BDESVC - ok
15:03:09.0559 6164 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:03:09.0559 6164 Beep - ok
15:03:09.0590 6164 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:03:09.0590 6164 BFE - ok
15:03:09.0637 6164 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
15:03:09.0637 6164 BHDrvx64 - ok
15:03:09.0699 6164 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:03:09.0715 6164 BITS - ok
15:03:09.0715 6164 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:03:09.0715 6164 blbdrive - ok
15:03:09.0746 6164 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:03:09.0746 6164 Bonjour Service - ok
15:03:09.0746 6164 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:03:09.0746 6164 bowser - ok
15:03:09.0746 6164 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:03:09.0746 6164 BrFiltLo - ok
15:03:09.0761 6164 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:03:09.0761 6164 BrFiltUp - ok
15:03:09.0761 6164 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:03:09.0761 6164 Browser - ok
15:03:09.0777 6164 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:03:09.0777 6164 Brserid - ok
15:03:09.0777 6164 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:03:09.0777 6164 BrSerWdm - ok
15:03:09.0777 6164 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:03:09.0777 6164 BrUsbMdm - ok
15:03:09.0777 6164 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:03:09.0777 6164 BrUsbSer - ok
15:03:09.0793 6164 BTATH_A2DP (fe70889a85c57a9268101b2db0474509) C:\Windows\system32\drivers\btath_a2dp.sys
15:03:09.0793 6164 BTATH_A2DP - ok
15:03:09.0793 6164 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
15:03:09.0793 6164 BTATH_BUS - ok
15:03:09.0808 6164 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
15:03:09.0808 6164 BTATH_HCRP - ok
15:03:09.0824 6164 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
15:03:09.0824 6164 BTATH_LWFLT - ok
15:03:09.0824 6164 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
15:03:09.0824 6164 BTATH_RCP - ok
15:03:09.0839 6164 BtFilter (aa0f5afcf077c5246589b32eceeae566) C:\Windows\system32\DRIVERS\btfilter.sys
15:03:09.0839 6164 BtFilter - ok
15:03:09.0839 6164 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:03:09.0839 6164 BthEnum - ok
15:03:09.0855 6164 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:03:09.0855 6164 BTHMODEM - ok
15:03:09.0855 6164 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:03:09.0855 6164 BthPan - ok
15:03:09.0871 6164 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
15:03:09.0871 6164 BTHPORT - ok
15:03:09.0886 6164 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:03:09.0886 6164 bthserv - ok
15:03:09.0886 6164 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
15:03:09.0886 6164 BTHUSB - ok
15:03:09.0902 6164 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys
15:03:09.0902 6164 ccSet_N360 - ok
15:03:09.0902 6164 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:03:09.0902 6164 cdfs - ok
15:03:09.0902 6164 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:03:09.0917 6164 cdrom - ok
15:03:09.0917 6164 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:03:09.0917 6164 CertPropSvc - ok
15:03:09.0917 6164 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:03:09.0917 6164 circlass - ok
15:03:09.0933 6164 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:03:09.0933 6164 CLFS - ok
15:03:09.0949 6164 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:03:09.0949 6164 clr_optimization_v2.0.50727_32 - ok
15:03:09.0949 6164 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:03:09.0949 6164 clr_optimization_v2.0.50727_64 - ok
15:03:09.0964 6164 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:03:09.0964 6164 clr_optimization_v4.0.30319_32 - ok
15:03:09.0980 6164 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:03:09.0980 6164 clr_optimization_v4.0.30319_64 - ok
15:03:09.0980 6164 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:03:09.0980 6164 CmBatt - ok
15:03:09.0980 6164 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:03:09.0980 6164 cmdide - ok
15:03:09.0995 6164 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:03:09.0995 6164 CNG - ok
15:03:10.0011 6164 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:03:10.0011 6164 Compbatt - ok
15:03:10.0011 6164 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:03:10.0011 6164 CompositeBus - ok
15:03:10.0011 6164 COMSysApp - ok
15:03:10.0042 6164 cphs (f08c6020e57f5e5bf2fd034db10bedfb) C:\Windows\SysWow64\IntelCpHeciSvc.exe
15:03:10.0042 6164 cphs - ok
15:03:10.0058 6164 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
15:03:10.0058 6164 cpudrv64 - ok
15:03:10.0058 6164 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys
15:03:10.0058 6164 cpuz134 - ok
15:03:10.0058 6164 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:03:10.0058 6164 crcdisk - ok
15:03:10.0058 6164 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
15:03:10.0058 6164 Creative ALchemy AL6 Licensing Service - ok
15:03:10.0073 6164 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
15:03:10.0073 6164 Creative Audio Engine Licensing Service - ok
15:03:10.0073 6164 Creative Media Toolbox 6 Licensing Service (d03466c36ef0e5c7694ff38b45271d9d) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
15:03:10.0073 6164 Creative Media Toolbox 6 Licensing Service - ok
15:03:10.0073 6164 Crypkey License - ok
15:03:10.0089 6164 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:03:10.0089 6164 CryptSvc - ok
15:03:10.0105 6164 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:03:10.0105 6164 CSC - ok
15:03:10.0136 6164 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:03:10.0151 6164 CscService - ok
15:03:10.0151 6164 CT20XUT (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\system32\drivers\CT20XUT.SYS
15:03:10.0151 6164 CT20XUT - ok
15:03:10.0151 6164 CT20XUT.SYS (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\System32\drivers\CT20XUT.SYS
15:03:10.0151 6164 CT20XUT.SYS - ok
15:03:10.0183 6164 ctac32k (397fbd4454e5b2fb77e55d1013df548c) C:\Windows\system32\drivers\ctac32k.sys
15:03:10.0183 6164 ctac32k - ok
15:03:10.0214 6164 ctaud2k (50a8cd4df066fe57d0c473a2645988cc) C:\Windows\system32\drivers\ctaud2k.sys
15:03:10.0214 6164 ctaud2k - ok
15:03:10.0229 6164 CTAudSvcService (5ce3d0e1d1b3832ee052cfc442eee0fa) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
15:03:10.0229 6164 CTAudSvcService - ok
15:03:10.0276 6164 CTEXFIFX (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\system32\drivers\CTEXFIFX.SYS
15:03:10.0292 6164 CTEXFIFX - ok
15:03:10.0370 6164 CTEXFIFX.SYS (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\System32\drivers\CTEXFIFX.SYS
15:03:10.0370 6164 CTEXFIFX.SYS - ok
15:03:10.0401 6164 CTHWIUT (ae78ca7ee865a28ac841211db655acf3) C:\Windows\system32\drivers\CTHWIUT.SYS
15:03:10.0401 6164 CTHWIUT - ok
15:03:10.0401 6164 CTHWIUT.SYS (ae78ca7ee865a28ac841211db655acf3) C:\Windows\System32\drivers\CTHWIUT.SYS
15:03:10.0401 6164 CTHWIUT.SYS - ok
15:03:10.0401 6164 ctprxy2k (757776e207ca5e71e4a16bd1260ae1f2) C:\Windows\system32\drivers\ctprxy2k.sys
15:03:10.0417 6164 ctprxy2k - ok
15:03:10.0417 6164 ctsfm2k (9b111ee2f488a8d9c21a13ed4c777795) C:\Windows\system32\drivers\ctsfm2k.sys
15:03:10.0417 6164 ctsfm2k - ok
15:03:10.0417 6164 danewFltr (003626f7ca17c204f16cd5047af0703a) C:\Windows\system32\drivers\danew.sys
15:03:10.0417 6164 danewFltr - ok
15:03:10.0619 6164 DAZContentManagementService (958ef96991abccfdac0953c4a24081dc) D:\=Tools\Program Files\DAZ 3D\DAZ 3D CMS\ContentManagementServer.exe
15:03:10.0619 6164 DAZContentManagementService - ok
15:03:10.0651 6164 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:03:10.0651 6164 DcomLaunch - ok
15:03:10.0666 6164 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:03:10.0666 6164 defragsvc - ok
15:03:10.0682 6164 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:03:10.0682 6164 DfsC - ok
15:03:10.0697 6164 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:03:10.0697 6164 Dhcp - ok
15:03:10.0697 6164 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:03:10.0697 6164 discache - ok
15:03:10.0697 6164 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:03:10.0697 6164 Disk - ok
15:03:10.0713 6164 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:03:10.0713 6164 Dnscache - ok
15:03:10.0713 6164 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:03:10.0713 6164 dot3svc - ok
15:03:10.0729 6164 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:03:10.0729 6164 DPS - ok
15:03:10.0744 6164 DragonSvc (f7bda38afbda04f0a89deba767eeda79) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
15:03:10.0744 6164 DragonSvc - ok
15:03:10.0744 6164 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:03:10.0744 6164 drmkaud - ok
15:03:10.0760 6164 DrmRAudio (6646fa7546daf423549d5285bb6009bd) C:\Windows\system32\drivers\DrmRAudio.sys
15:03:10.0760 6164 DrmRAudio - ok
15:03:10.0775 6164 DSFKSVCS (4c639a503201e3f9fb001b840b934a3f) C:\Windows\system32\DRIVERS\dsfksvcs.sys
15:03:10.0791 6164 DSFKSVCS - ok
15:03:10.0791 6164 dsfroot (13699ba0680d8eeef67945f5a405610c) C:\Windows\system32\DRIVERS\dsfroot.sys
15:03:10.0791 6164 dsfroot - ok
15:03:10.0838 6164 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:03:10.0838 6164 DXGKrnl - ok
15:03:10.0853 6164 e1cexpress (471612d324d8682b98b267bd091d2219) C:\Windows\system32\DRIVERS\e1c62x64.sys
15:03:10.0853 6164 e1cexpress - ok
15:03:10.0869 6164 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:03:10.0869 6164 EapHost - ok
15:03:10.0978 6164 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:03:10.0994 6164 ebdrv - ok
15:03:11.0025 6164 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:03:11.0025 6164 eeCtrl - ok
15:03:11.0056 6164 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:03:11.0056 6164 EFS - ok
15:03:11.0056 6164 ElRawDisk (4778eeecb75c6fb419745beed3530b9d) C:\Windows\system32\drivers\dddskx64.sys
15:03:11.0056 6164 ElRawDisk - ok
15:03:11.0087 6164 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:03:11.0087 6164 elxstor - ok
15:03:11.0087 6164 emupia (683dcaf0d4efc3f95a32e8924849202d) C:\Windows\system32\drivers\emupia2k.sys
15:03:11.0087 6164 emupia - ok
15:03:11.0103 6164 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:03:11.0103 6164 EraserUtilRebootDrv - ok
15:03:11.0103 6164 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:03:11.0103 6164 ErrDev - ok
15:03:11.0119 6164 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:03:11.0119 6164 EventSystem - ok
15:03:11.0119 6164 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:03:11.0134 6164 exfat - ok
15:03:11.0134 6164 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:03:11.0134 6164 fastfat - ok
15:03:11.0134 6164 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:03:11.0134 6164 fdc - ok
15:03:11.0134 6164 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:03:11.0134 6164 fdPHost - ok
15:03:11.0134 6164 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:03:11.0134 6164 FDResPub - ok
15:03:11.0150 6164 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:03:11.0150 6164 FileInfo - ok
15:03:11.0150 6164 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:03:11.0150 6164 Filetrace - ok
15:03:11.0212 6164 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
15:03:11.0212 6164 FLEXnet Licensing Service 64 - ok
15:03:11.0243 6164 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:03:11.0243 6164 flpydisk - ok
15:03:11.0259 6164 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:03:11.0259 6164 FltMgr - ok
15:03:11.0275 6164 fltsrv (e94e042bc24bb301767a8125d529b705) C:\Windows\system32\DRIVERS\fltsrv.sys
15:03:11.0275 6164 fltsrv - ok
15:03:11.0321 6164 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:03:11.0321 6164 FontCache - ok
15:03:11.0321 6164 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:03:11.0321 6164 FontCache3.0.0.0 - ok
15:03:11.0337 6164 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:03:11.0337 6164 FsDepends - ok
15:03:11.0337 6164 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:03:11.0337 6164 Fs_Rec - ok
15:03:11.0353 6164 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:03:11.0353 6164 fvevol - ok
15:03:11.0353 6164 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:03:11.0353 6164 gagp30kx - ok
15:03:11.0353 6164 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:03:11.0353 6164 GEARAspiWDM - ok
15:03:11.0368 6164 GenericMount (022807b149127b8faa3dbeb13a7d9b41) C:\Windows\system32\DRIVERS\GenericMount.sys
15:03:11.0368 6164 GenericMount - ok
15:03:11.0431 6164 GenericMount Helper Service (33f0619afba455581916b1e3dc84b109) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
15:03:11.0431 6164 GenericMount Helper Service - ok
15:03:11.0493 6164 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:03:11.0493 6164 gpsvc - ok
15:03:11.0555 6164 GSService (f37ca947357ce4db9fbca6d8fc6ce7d4) C:\Windows\SysWOW64\GSService.exe
15:03:11.0555 6164 GSService - ok
15:03:11.0571 6164 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:03:11.0571 6164 gupdate - ok
15:03:11.0571 6164 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:03:11.0571 6164 gupdatem - ok
15:03:11.0649 6164 ha20x22k (076f366b87575adc7d152c7a34acb3dc) C:\Windows\system32\drivers\ha20x22k.sys
15:03:11.0665 6164 ha20x22k - ok
15:03:11.0743 6164 ha20x2k (4a7533eb52dc9d1847e7f78dee1ce322) C:\Windows\system32\drivers\ha20x2k.sys
15:03:11.0758 6164 ha20x2k - ok
15:03:11.0789 6164 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:03:11.0789 6164 hcw85cir - ok
15:03:11.0805 6164 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:03:11.0805 6164 HdAudAddService - ok
15:03:11.0821 6164 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:03:11.0821 6164 HDAudBus - ok
15:03:11.0821 6164 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:03:11.0821 6164 HidBatt - ok
15:03:11.0821 6164 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:03:11.0821 6164 HidBth - ok
15:03:11.0836 6164 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:03:11.0836 6164 HidIr - ok
15:03:11.0836 6164 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:03:11.0836 6164 hidserv - ok
15:03:11.0836 6164 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:03:11.0836 6164 HidUsb - ok
15:03:11.0836 6164 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:03:11.0836 6164 hkmsvc - ok
15:03:11.0852 6164 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:03:11.0852 6164 HomeGroupListener - ok
15:03:11.0867 6164 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:03:11.0867 6164 HomeGroupProvider - ok
15:03:11.0867 6164 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:03:11.0867 6164 HpSAMD - ok
15:03:11.0867 6164 HRMACPI - ok
15:03:11.0883 6164 HRMCFGSPC (1696a06c0ef55dfcd540b32556d3819a) C:\Windows\system32\DRIVERS\HRMCFGSPC.SYS
15:03:11.0883 6164 HRMCFGSPC - ok
15:03:11.0883 6164 HRMINTS (f58f8f2a11ce4a695c9333c416d0321f) C:\Windows\system32\DRIVERS\HRMINTS.SYS
15:03:11.0883 6164 HRMINTS - ok
15:03:11.0899 6164 HRMPORTS (6bc42dc759d42a4edca7452b4d08d870) C:\Windows\system32\DRIVERS\HRMPORTS.SYS
15:03:11.0899 6164 HRMPORTS - ok
15:03:11.0914 6164 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:03:11.0930 6164 HTTP - ok
15:03:11.0930 6164 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:03:11.0930 6164 hwpolicy - ok
15:03:11.0930 6164 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:03:11.0930 6164 i8042prt - ok
15:03:11.0961 6164 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\DRIVERS\iaStor.sys
15:03:11.0961 6164 iaStor - ok
15:03:11.0992 6164 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:03:11.0992 6164 iaStorV - ok
15:03:11.0992 6164 ICCWDT (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys
15:03:11.0992 6164 ICCWDT - ok
15:03:12.0023 6164 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:03:12.0023 6164 idsvc - ok
15:03:12.0055 6164 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120711.001\IDSvia64.sys
15:03:12.0055 6164 IDSVia64 - ok
15:03:12.0429 6164 igfx (371d7f91c0d2314eb984a4a6cbeabc92) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:03:12.0507 6164 igfx - ok
15:03:12.0523 6164 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:03:12.0523 6164 iirsp - ok
15:03:12.0554 6164 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:03:12.0554 6164 IKEEXT - ok
15:03:12.0569 6164 Intel® PROSet Monitoring Service (7a3f838f2d7c8fd8e8cff480384a798c) C:\Windows\system32\IProsetMonitor.exe
15:03:12.0569 6164 Intel® PROSet Monitoring Service - ok
15:03:12.0569 6164 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:03:12.0569 6164 intelide - ok
15:03:12.0569 6164 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:03:12.0569 6164 intelppm - ok
15:03:12.0569 6164 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:03:12.0585 6164 IPBusEnum - ok
15:03:12.0585 6164 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:03:12.0585 6164 IpFilterDriver - ok
15:03:12.0601 6164 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:03:12.0616 6164 iphlpsvc - ok
15:03:12.0616 6164 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:03:12.0616 6164 IPMIDRV - ok
15:03:12.0616 6164 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:03:12.0616 6164 IPNAT - ok
15:03:12.0647 6164 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
15:03:12.0647 6164 iPod Service - ok
15:03:12.0663 6164 iprip (11fe7637a49b67d9b1f895b2ad4d982f) C:\Windows\System32\iprip.dll
15:03:12.0663 6164 iprip - ok
15:03:12.0663 6164 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:03:12.0663 6164 IRENUM - ok
15:03:12.0663 6164 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:03:12.0663 6164 isapnp - ok
15:03:12.0679 6164 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:03:12.0679 6164 iScsiPrt - ok
15:03:12.0694 6164 ISODrive (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
15:03:12.0694 6164 ISODrive - ok
15:03:12.0694 6164 JRAID (79a55e8907f34ab569029505418c35ef) C:\Windows\system32\DRIVERS\jraid.sys
15:03:12.0694 6164 JRAID - ok
15:03:12.0694 6164 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:03:12.0694 6164 kbdclass - ok
15:03:12.0710 6164 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:03:12.0710 6164 kbdhid - ok
15:03:12.0710 6164 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:03:12.0710 6164 KeyIso - ok
15:03:12.0710 6164 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:03:12.0710 6164 KSecDD - ok
15:03:12.0725 6164 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:03:12.0725 6164 KSecPkg - ok
15:03:12.0725 6164 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:03:12.0725 6164 ksthunk - ok
15:03:12.0741 6164 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:03:12.0741 6164 KtmRm - ok
15:03:12.0757 6164 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:03:12.0757 6164 LanmanServer - ok
15:03:12.0772 6164 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:03:12.0772 6164 LanmanWorkstation - ok
15:03:12.0772 6164 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:03:12.0772 6164 lltdio - ok
15:03:12.0788 6164 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:03:12.0788 6164 lltdsvc - ok
15:03:12.0788 6164 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:03:12.0788 6164 lmhosts - ok
15:03:12.0803 6164 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:03:12.0803 6164 LSI_FC - ok
15:03:12.0803 6164 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:03:12.0803 6164 LSI_SAS - ok
15:03:12.0803 6164 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:03:12.0803 6164 LSI_SAS2 - ok
15:03:12.0819 6164 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:03:12.0819 6164 LSI_SCSI - ok
15:03:12.0819 6164 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:03:12.0819 6164 luafv - ok
15:03:12.0819 6164 MADFULEGACYKEYBOARD (f0dcd0fd9d79668e34a660f49c8c00bc) C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys
15:03:12.0835 6164 MADFULEGACYKEYBOARD - ok
15:03:12.0835 6164 MAUSBLEGACYKEYBOARD (faedbee189a877e302b023bd24faebf8) C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys
15:03:12.0835 6164 MAUSBLEGACYKEYBOARD - ok
15:03:12.0850 6164 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
15:03:12.0866 6164 MDM - ok
15:03:12.0866 6164 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:03:12.0866 6164 megasas - ok
15:03:12.0881 6164 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:03:12.0881 6164 MegaSR - ok
15:03:12.0881 6164 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
15:03:12.0881 6164 MEIx64 - ok
15:03:12.0975 6164 mi-raysat_3dsmax2012_64 (0af89452a8ce3928168f4e5b2208c68b) D:\=Tools\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
15:03:12.0975 6164 mi-raysat_3dsmax2012_64 - ok
15:03:12.0991 6164 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) D:\=Tools\Program Files (x86)\Office12\GrooveAuditService.exe
15:03:13.0006 6164 Microsoft Office Groove Audit Service - ok
15:03:13.0006 6164 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:03:13.0006 6164 MMCSS - ok
15:03:13.0006 6164 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:03:13.0006 6164 Modem - ok
15:03:13.0006 6164 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:03:13.0006 6164 monitor - ok
15:03:13.0006 6164 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:03:13.0022 6164 mouclass - ok
15:03:13.0022 6164 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:03:13.0022 6164 mouhid - ok
15:03:13.0022 6164 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:03:13.0022 6164 mountmgr - ok
15:03:13.0037 6164 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:03:13.0037 6164 MozillaMaintenance - ok
15:03:13.0037 6164 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:03:13.0037 6164 mpio - ok
15:03:13.0037 6164 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:03:13.0037 6164 mpsdrv - ok
15:03:13.0084 6164 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:03:13.0084 6164 MpsSvc - ok
15:03:13.0084 6164 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:03:13.0100 6164 MRxDAV - ok
15:03:13.0100 6164 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:03:13.0100 6164 mrxsmb - ok
15:03:13.0115 6164 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:03:13.0115 6164 mrxsmb10 - ok
15:03:13.0131 6164 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:03:13.0131 6164 mrxsmb20 - ok
15:03:13.0131 6164 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:03:13.0131 6164 msahci - ok
15:03:13.0131 6164 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:03:13.0131 6164 msdsm - ok
15:03:13.0147 6164 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:03:13.0147 6164 MSDTC - ok
15:03:13.0147 6164 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:03:13.0147 6164 Msfs - ok
15:03:13.0147 6164 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:03:13.0147 6164 mshidkmdf - ok
15:03:13.0147 6164 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:03:13.0147 6164 msisadrv - ok
15:03:13.0162 6164 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:03:13.0162 6164 MSiSCSI - ok
15:03:13.0162 6164 msiserver - ok
15:03:13.0162 6164 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:03:13.0162 6164 MSKSSRV - ok
15:03:13.0162 6164 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:03:13.0162 6164 MSPCLOCK - ok
15:03:13.0162 6164 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:03:13.0162 6164 MSPQM - ok
15:03:13.0193 6164 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:03:13.0193 6164 MsRPC - ok
15:03:13.0193 6164 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:03:13.0193 6164 mssmbios - ok
15:03:13.0193 6164 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:03:13.0193 6164 MSTEE - ok
15:03:13.0193 6164 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:03:13.0193 6164 MTConfig - ok
15:03:13.0209 6164 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:03:13.0209 6164 Mup - ok
15:03:13.0209 6164 mv91cons (baa293f089077fe71f855ba5649648d9) C:\Windows\system32\DRIVERS\mv91cons.sys
15:03:13.0209 6164 mv91cons - ok
15:03:13.0209 6164 mvs91xx (a986dc81534582fa478c286e8f57a877) C:\Windows\system32\DRIVERS\mvs91xx.sys
15:03:13.0225 6164 mvs91xx - ok
15:03:13.0225 6164 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
15:03:13.0225 6164 N360 - ok
15:03:13.0256 6164 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:03:13.0256 6164 napagent - ok
15:03:13.0271 6164 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:03:13.0271 6164 NativeWifiP - ok
15:03:13.0287 6164 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120711.018\ENG64.SYS
15:03:13.0287 6164 NAVENG - ok
15:03:13.0334 6164 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120711.018\EX64.SYS
15:03:13.0349 6164 NAVEX15 - ok
15:03:13.0412 6164 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:03:13.0427 6164 NDIS - ok
15:03:13.0427 6164 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:03:13.0427 6164 NdisCap - ok
15:03:13.0427 6164 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:03:13.0427 6164 NdisTapi - ok
15:03:13.0427 6164 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:03:13.0427 6164 Ndisuio - ok
15:03:13.0443 6164 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:03:13.0443 6164 NdisWan - ok
15:03:13.0443 6164 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:03:13.0443 6164 NDProxy - ok
15:03:13.0443 6164 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:03:13.0443 6164 NetBIOS - ok
15:03:13.0459 6164 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:03:13.0459 6164 NetBT - ok
15:03:13.0459 6164 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:03:13.0459 6164 Netlogon - ok
15:03:13.0474 6164 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:03:13.0490 6164 Netman - ok
15:03:13.0490 6164 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:03:13.0505 6164 NetMsmqActivator - ok
15:03:13.0505 6164 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:03:13.0505 6164 NetPipeActivator - ok
15:03:13.0521 6164 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:03:13.0521 6164 netprofm - ok
15:03:13.0521 6164 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:03:13.0521 6164 NetTcpActivator - ok
15:03:13.0521 6164 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:03:13.0521 6164 NetTcpPortSharing - ok
15:03:13.0537 6164 NetworkX (2263727032e9b19231a706046b8c82d3) C:\Windows\system32\ckldrv.sys
15:03:13.0537 6164 NetworkX - ok
15:03:13.0537 6164 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:03:13.0537 6164 nfrd960 - ok
15:03:13.0552 6164 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:03:13.0552 6164 NlaSvc - ok
15:03:13.0583 6164 nlsX86cc (b1ef4686961986dffb7fe8f18e6fcb5b) C:\Windows\SysWOW64\nlssrv32.exe
15:03:13.0583 6164 nlsX86cc - ok
15:03:13.0755 6164 Norton Ghost (4ad196a3cfa4d546068e24477a720948) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
15:03:13.0786 6164 Norton Ghost - ok
15:03:13.0817 6164 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:03:13.0817 6164 Npfs - ok
15:03:13.0817 6164 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:03:13.0817 6164 nsi - ok
15:03:13.0817 6164 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:03:13.0817 6164 nsiproxy - ok
15:03:13.0880 6164 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:03:13.0895 6164 Ntfs - ok
15:03:13.0927 6164 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:03:13.0927 6164 Null - ok
15:03:13.0927 6164 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
15:03:13.0927 6164 nusb3hub - ok
15:03:13.0942 6164 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:03:13.0942 6164 nusb3xhc - ok
15:03:13.0942 6164 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
15:03:13.0958 6164 NVHDA - ok
15:03:14.0457 6164 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:03:14.0535 6164 nvlddmkm - ok
15:03:14.0566 6164 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:03:14.0566 6164 nvraid - ok
15:03:14.0566 6164 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:03:14.0566 6164 nvstor - ok
15:03:14.0597 6164 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
15:03:14.0613 6164 nvsvc - ok
15:03:14.0707 6164 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:03:14.0722 6164 nvUpdatusService - ok
15:03:14.0753 6164 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:03:14.0753 6164 nv_agp - ok
15:03:14.0769 6164 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:03:14.0769 6164 odserv - ok
15:03:14.0785 6164 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:03:14.0785 6164 ohci1394 - ok
15:03:14.0785 6164 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:03:14.0785 6164 ose - ok
15:03:14.0800 6164 ossrv (a29a80a1cf63d0dc27eefcaf27d34664) C:\Windows\system32\drivers\ctoss2k.sys
15:03:14.0800 6164 ossrv - ok
15:03:14.0816 6164 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:03:14.0816 6164 p2pimsvc - ok
15:03:14.0831 6164 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:03:14.0831 6164 p2psvc - ok
15:03:14.0847 6164 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:03:14.0847 6164 Parport - ok
15:03:14.0847 6164 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:03:14.0847 6164 partmgr - ok
15:03:14.0863 6164 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:03:14.0863 6164 PcaSvc - ok
15:03:14.0878 6164 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:03:14.0878 6164 pci - ok
15:03:14.0878 6164 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:03:14.0878 6164 pciide - ok
15:03:14.0894 6164 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:03:14.0894 6164 pcmcia - ok
15:03:14.0894 6164 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:03:14.0894 6164 pcw - ok
15:03:14.0925 6164 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:03:14.0925 6164 PEAUTH - ok
15:03:14.0972 6164 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:03:14.0987 6164 PeerDistSvc - ok
15:03:15.0019 6164 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:03:15.0019 6164 PerfHost - ok
15:03:15.0097 6164 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:03:15.0097 6164 pla - ok
15:03:15.0112 6164 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:03:15.0112 6164 PlugPlay - ok
15:03:15.0128 6164 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:03:15.0128 6164 PNRPAutoReg - ok
15:03:15.0128 6164 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:03:15.0143 6164 PNRPsvc - ok
15:03:15.0159 6164 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:03:15.0159 6164 PolicyAgent - ok
15:03:15.0159 6164 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:03:15.0159 6164 Power - ok
15:03:15.0221 6164 ppped (2f8f37bc4a29726c65aedc3bade242a6) D:\=Tools\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
15:03:15.0221 6164 ppped - ok
15:03:15.0237 6164 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:03:15.0237 6164 PptpMiniport - ok
15:03:15.0237 6164 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:03:15.0237 6164 Processor - ok
15:03:15.0253 6164 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:03:15.0253 6164 ProfSvc - ok
15:03:15.0253 6164 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:03:15.0253 6164 ProtectedStorage - ok
15:03:15.0253 6164 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:03:15.0253 6164 Psched - ok
15:03:15.0268 6164 PSI_SVC_2_x64 (788cb65d49d1162c5ee6814afe5b0a70) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
15:03:15.0268 6164 PSI_SVC_2_x64 - ok
15:03:15.0284 6164 PxHlpa64 (bc08f7f3c53cbee68670ed1314e290fd) C:\Windows\system32\Drivers\PxHlpa64.sys
15:03:15.0284 6164 PxHlpa64 - ok
15:03:15.0331 6164 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:03:15.0346 6164 ql2300 - ok
15:03:15.0377 6164 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:03:15.0377 6164 ql40xx - ok
15:03:15.0393 6164 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:03:15.0393 6164 QWAVE - ok
15:03:15.0393 6164 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:03:15.0393 6164 QWAVEdrv - ok
15:03:15.0393 6164 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:03:15.0393 6164 RasAcd - ok
15:03:15.0409 6164 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:03:15.0409 6164 RasAgileVpn - ok
15:03:15.0409 6164 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:03:15.0409 6164 RasAuto - ok
15:03:15.0424 6164 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:03:15.0424 6164 Rasl2tp - ok
15:03:15.0440 6164 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:03:15.0440 6164 RasMan - ok
15:03:15.0440 6164 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:03:15.0440 6164 RasPppoe - ok
15:03:15.0455 6164 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:03:15.0455 6164 RasSstp - ok
15:03:15.0471 6164 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:03:15.0471 6164 rdbss - ok
15:03:15.0471 6164 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:03:15.0471 6164 rdpbus - ok
15:03:15.0471 6164 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:03:15.0471 6164 RDPCDD - ok
15:03:15.0471 6164 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:03:15.0487 6164 RDPDR - ok
15:03:15.0487 6164 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:03:15.0487 6164 RDPENCDD - ok
15:03:15.0487 6164 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:03:15.0487 6164 RDPREFMP - ok
15:03:15.0487 6164 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
15:03:15.0487 6164 RdpVideoMiniport - ok
15:03:15.0502 6164 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:03:15.0502 6164 RDPWD - ok
15:03:15.0518 6164 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:03:15.0518 6164 rdyboost - ok
15:03:15.0518 6164 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:03:15.0518 6164 RemoteAccess - ok
15:03:15.0533 6164 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:03:15.0533 6164 RemoteRegistry - ok
15:03:15.0533 6164 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:03:15.0549 6164 RFCOMM - ok
15:03:15.0549 6164 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:03:15.0549 6164 RpcEptMapper - ok
15:03:15.0549 6164 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:03:15.0549 6164 RpcLocator - ok
15:03:15.0565 6164 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:03:15.0580 6164 RpcSs - ok
15:03:15.0580 6164 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:03:15.0580 6164 rspndr - ok
15:03:15.0596 6164 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:03:15.0611 6164 RTL8167 - ok
15:03:15.0611 6164 RTL8192cu - ok
15:03:15.0611 6164 rtlss - ok
15:03:15.0611 6164 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:03:15.0611 6164 s3cap - ok
15:03:15.0611 6164 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:03:15.0611 6164 SamSs - ok
15:03:15.0627 6164 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:03:15.0627 6164 sbp2port - ok
15:03:15.0627 6164 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:03:15.0627 6164 SCardSvr - ok
15:03:15.0643 6164 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:03:15.0643 6164 scfilter - ok
15:03:15.0674 6164 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:03:15.0689 6164 Schedule - ok
15:03:15.0689 6164 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:03:15.0689 6164 SCPolicySvc - ok
15:03:15.0705 6164 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:03:15.0705 6164 SDRSVC - ok
15:03:15.0705 6164 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:03:15.0705 6164 secdrv - ok
15:03:15.0721 6164 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:03:15.0721 6164 seclogon - ok
15:03:15.0721 6164 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:03:15.0721 6164 SENS - ok
15:03:15.0721 6164 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:03:15.0721 6164 SensrSvc - ok
15:03:15.0721 6164 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:03:15.0721 6164 Serenum - ok
15:03:15.0736 6164 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:03:15.0736 6164 Serial - ok
15:03:15.0736 6164 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:03:15.0736 6164 sermouse - ok
15:03:15.0752 6164 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:03:15.0752 6164 SessionEnv - ok
15:03:15.0752 6164 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:03:15.0752 6164 sffdisk - ok
15:03:15.0752 6164 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:03:15.0752 6164 sffp_mmc - ok
15:03:15.0752 6164 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:03:15.0752 6164 sffp_sd - ok
15:03:15.0752 6164 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:03:15.0752 6164 sfloppy - ok
15:03:15.0767 6164 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:03:15.0767 6164 SharedAccess - ok
15:03:15.0799 6164 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:03:15.0799 6164 ShellHWDetection - ok
15:03:15.0799 6164 simptcp (e9e830d540ededed650f906628468548) C:\Windows\System32\tcpsvcs.exe
15:03:15.0799 6164 simptcp - ok
15:03:15.0799 6164 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:03:15.0799 6164 SiSRaid2 - ok
15:03:15.0799 6164 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:03:15.0799 6164 SiSRaid4 - ok
15:03:15.0814 6164 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:03:15.0814 6164 Smb - ok
15:03:15.0845 6164 SMServer (8e584eb3c3cbb555b34af8c3bf420fb5) C:\Windows\SysWOW64\snmvtsvc.exe
15:03:15.0861 6164 SMServer - ok
15:03:15.0861 6164 SNMP (ca62ae004e98374bf7f082cd765eea02) C:\Windows\System32\snmp.exe
15:03:15.0861 6164 SNMP - ok
15:03:15.0861 6164 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:03:15.0861 6164 SNMPTRAP - ok
15:03:15.0877 6164 softehci (5da8039e58b3a557c6a744e476cdeb7f) C:\Windows\system32\DRIVERS\softehci.sys
15:03:15.0892 6164 softehci - ok
15:03:15.0892 6164 SOFTHIDUSBK (26d2b0ff718219809c0bc3a8b061c6ec) C:\Windows\system32\DRIVERS\SOFTHIDUSBK.SYS
15:03:15.0892 6164 SOFTHIDUSBK - ok
15:03:15.0923 6164 SOFTUSBK (e1702bbe8d31b6edd5c6881c80f123a8) C:\Windows\system32\DRIVERS\SOFTUSBK.SYS
15:03:15.0923 6164 SOFTUSBK - ok
15:03:15.0923 6164 SOFTUSBTESTHUB - ok
15:03:15.0923 6164 SOFTWADP - ok
15:03:15.0923 6164 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:03:15.0923 6164 spldr - ok
15:03:15.0955 6164 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:03:15.0955 6164 Spooler - ok
15:03:16.0111 6164 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:03:16.0126 6164 sppsvc - ok
15:03:16.0173 6164 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:03:16.0173 6164 sppuinotify - ok
15:03:16.0204 6164 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS
15:03:16.0220 6164 SRTSP - ok
15:03:16.0220 6164 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS
15:03:16.0220 6164 SRTSPX - ok
15:03:16.0235 6164 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:03:16.0235 6164 srv - ok
15:03:16.0251 6164 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:03:16.0267 6164 srv2 - ok
15:03:16.0267 6164 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:03:16.0267 6164 srvnet - ok
15:03:16.0282 6164 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:03:16.0282 6164 SSDPSRV - ok
15:03:16.0282 6164 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:03:16.0282 6164 SstpSvc - ok
15:03:16.0298 6164 Steam Client Service - ok
15:03:16.0313 6164 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:03:16.0313 6164 Stereo Service - ok
15:03:16.0313 6164 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:03:16.0313 6164 stexstor - ok
15:03:16.0345 6164 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:03:16.0345 6164 stisvc - ok
15:03:16.0360 6164 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:03:16.0360 6164 storflt - ok
15:03:16.0360 6164 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:03:16.0360 6164 storvsc - ok
15:03:16.0360 6164 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:03:16.0360 6164 swenum - ok
15:03:16.0376 6164 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:03:16.0376 6164 SwitchBoard - ok
15:03:16.0407 6164 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:03:16.0407 6164 swprv - ok
15:03:16.0407 6164 Symantec SymSnap VSS Provider - ok
15:03:16.0423 6164 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS
15:03:16.0423 6164 SymDS - ok
15:03:16.0454 6164 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS
15:03:16.0454 6164 SymEFA - ok
15:03:16.0469 6164 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:03:16.0469 6164 SymEvent - ok
15:03:16.0469 6164 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS
15:03:16.0469 6164 SymIRON - ok
15:03:16.0485 6164 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS
15:03:16.0485 6164 SymNetS - ok
15:03:16.0485 6164 symsnap (2d9b2746f7dea46d1572b84a06311566) C:\Windows\system32\DRIVERS\symsnap.sys
15:03:16.0501 6164 symsnap - ok
15:03:16.0594 6164 SymSnapService (ea1a479651ca2e0409c29d586c91901d) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
15:03:16.0610 6164 SymSnapService - ok
15:03:16.0781 6164 syncagentsrv (d9c742a07e8c500b9497abddfd118d07) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
15:03:16.0813 6164 syncagentsrv - ok
15:03:16.0844 6164 Synth3dVsc - ok
15:03:16.0891 6164 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:03:16.0906 6164 SysMain - ok
15:03:16.0937 6164 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:03:16.0937 6164 TabletInputService - ok
15:03:16.0953 6164 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:03:16.0953 6164 TapiSrv - ok
15:03:16.0969 6164 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:03:16.0969 6164 TBS - ok
15:03:17.0031 6164 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:03:17.0047 6164 Tcpip - ok
15:03:17.0140 6164 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:03:17.0156 6164 TCPIP6 - ok
15:03:17.0187 6164 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:03:17.0187 6164 tcpipreg - ok
15:03:17.0187 6164 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:03:17.0187 6164 TDPIPE - ok
15:03:17.0234 6164 tdrpman (9c1a823d4e729c965167b6e71e984296) C:\Windows\system32\DRIVERS\tdrpman.sys
15:03:17.0249 6164 tdrpman - ok
15:03:17.0249 6164 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:03:17.0249 6164 TDTCP - ok
15:03:17.0249 6164 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:03:17.0249 6164 tdx - ok
15:03:17.0265 6164 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:03:17.0265 6164 TermDD - ok
15:03:17.0281 6164 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:03:17.0296 6164 TermService - ok
15:03:17.0296 6164 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:03:17.0296 6164 Themes - ok
15:03:17.0296 6164 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:03:17.0296 6164 THREADORDER - ok
15:03:17.0312 6164 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:03:17.0312 6164 TrkWks - ok
15:03:17.0312 6164 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:03:17.0312 6164 TrustedInstaller - ok
15:03:17.0327 6164 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:03:17.0327 6164 tssecsrv - ok
15:03:17.0327 6164 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:03:17.0327 6164 TsUsbFlt - ok
15:03:17.0327 6164 tsusbhub - ok
15:03:17.0343 6164 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:03:17.0343 6164 tunnel - ok
15:03:17.0343 6164 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:03:17.0343 6164 uagp35 - ok
15:03:17.0359 6164 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:03:17.0359 6164 udfs - ok
15:03:17.0359 6164 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:03:17.0359 6164 UI0Detect - ok
15:03:17.0359 6164 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:03:17.0359 6164 uliagpkx - ok
15:03:17.0374 6164 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:03:17.0374 6164 umbus - ok
15:03:17.0374 6164 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:03:17.0374 6164 UmPass - ok
15:03:17.0374 6164 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:03:17.0390 6164 UmRdpService - ok
15:03:17.0390 6164 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys
15:03:17.0390 6164 UnlockerDriver5 - ok
15:03:17.0405 6164 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:03:17.0405 6164 upnphost - ok
15:03:17.0405 6164 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
15:03:17.0405 6164 USBAAPL64 - ok
15:03:17.0405 6164 usbbus - ok
15:03:17.0421 6164 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:03:17.0421 6164 usbccgp - ok
15:03:17.0421 6164 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:03:17.0421 6164 usbcir - ok
15:03:17.0437 6164 UsbDiag - ok
15:03:17.0437 6164 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:03:17.0437 6164 usbehci - ok
15:03:17.0437 6164 usbehci_dsf (dc2b97b8865042fc17c82381ac426d1c) C:\Windows\system32\DRIVERS\usbehci_dsf.sys
15:03:17.0437 6164 usbehci_dsf - ok
15:03:17.0437 6164 UsbGps - ok
15:03:17.0452 6164 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:03:17.0452 6164 usbhub - ok
15:03:17.0452 6164 USBModem - ok
15:03:17.0468 6164 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:03:17.0468 6164 usbohci - ok
15:03:17.0468 6164 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:03:17.0468 6164 usbprint - ok
15:03:17.0468 6164 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:03:17.0468 6164 usbscan - ok
15:03:17.0468 6164 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:03:17.0483 6164 USBSTOR - ok
15:03:17.0483 6164 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:03:17.0483 6164 usbuhci - ok
15:03:17.0483 6164 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:03:17.0483 6164 UxSms - ok
15:03:17.0483 6164 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:03:17.0483 6164 VaultSvc - ok
15:03:17.0483 6164 VDiskBus - ok
15:03:17.0499 6164 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:03:17.0499 6164 vdrvroot - ok
15:03:17.0515 6164 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:03:17.0515 6164 vds - ok
15:03:17.0530 6164 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:03:17.0530 6164 vga - ok
15:03:17.0530 6164 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:03:17.0530 6164 VgaSave - ok
15:03:17.0530 6164 VGPU - ok
15:03:17.0546 6164 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:03:17.0546 6164 vhdmp - ok
15:03:17.0546 6164 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:03:17.0546 6164 viaide - ok
15:03:17.0546 6164 vididr (ee12faffdd1fb13be0d6ef67cb0d1617) C:\Windows\system32\DRIVERS\vididr.sys
15:03:17.0561 6164 vididr - ok
15:03:17.0561 6164 vidsflt61 (2dfd1eb9de564460003de1605a275e8d) C:\Windows\system32\DRIVERS\vsflt61.sys
15:03:17.0561 6164 vidsflt61 - ok
15:03:17.0561 6164 VKbms (3b59bb6d10cf969dbe4db93d9ead7fb4) C:\Windows\system32\DRIVERS\VKbms.sys
15:03:17.0561 6164 VKbms - ok
15:03:17.0577 6164 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:03:17.0577 6164 vmbus - ok
15:03:17.0577 6164 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:03:17.0577 6164 VMBusHID - ok
15:03:17.0593 6164 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:03:17.0593 6164 volmgr - ok
15:03:17.0608 6164 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:03:17.0608 6164 volmgrx - ok
15:03:17.0624 6164 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:03:17.0624 6164 volsnap - ok
15:03:17.0624 6164 VProEventMonitor (8b7454930230db4bc4ba35a467be09aa) C:\Windows\system32\DRIVERS\vproeventmonitor.sys
15:03:17.0624 6164 VProEventMonitor - ok
15:03:17.0639 6164 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:03:17.0639 6164 vsmraid - ok
15:03:17.0702 6164 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:03:17.0717 6164 VSS - ok
15:03:17.0749 6164 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:03:17.0749 6164 vwifibus - ok
15:03:17.0749 6164 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:03:17.0749 6164 vwififlt - ok
15:03:17.0764 6164 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:03:17.0764 6164 W32Time - ok
15:03:17.0780 6164 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:03:17.0780 6164 WacomPen - ok
15:03:17.0780 6164 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:03:17.0780 6164 WANARP - ok
15:03:17.0780 6164 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:03:17.0780 6164 Wanarpv6 - ok
15:03:17.0795 6164 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
15:03:17.0811 6164 WAS - ok
15:03:17.0858 6164 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:03:17.0858 6164 WatAdminSvc - ok
15:03:17.0920 6164 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:03:17.0936 6164 wbengine - ok
15:03:17.0967 6164 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:03:17.0967 6164 WbioSrvc - ok
15:03:17.0983 6164 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:03:17.0983 6164 wcncsvc - ok
15:03:17.0998 6164 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:03:17.0998 6164 WcsPlugInService - ok
15:03:17.0998 6164 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:03:17.0998 6164 Wd - ok
15:03:18.0029 6164 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:03:18.0029 6164 Wdf01000 - ok
15:03:18.0045 6164 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:03:18.0045 6164 WdiServiceHost - ok
15:03:18.0045 6164 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:03:18.0045 6164 WdiSystemHost - ok
15:03:18.0045 6164 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:03:18.0061 6164 WebClient - ok
15:03:18.0061 6164 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:03:18.0061 6164 Wecsvc - ok
15:03:18.0076 6164 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:03:18.0076 6164 wercplsupport - ok
15:03:18.0076 6164 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:03:18.0076 6164 WerSvc - ok
15:03:18.0092 6164 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:03:18.0092 6164 WfpLwf - ok
15:03:18.0092 6164 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
15:03:18.0092 6164 WimFltr - ok
15:03:18.0092 6164 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:03:18.0092 6164 WIMMount - ok
15:03:18.0107 6164 WinDefend - ok
15:03:18.0107 6164 WinHttpAutoProxySvc - ok
15:03:18.0123 6164 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:03:18.0123 6164 Winmgmt - ok
15:03:18.0185 6164 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:03:18.0201 6164 WinRM - ok
15:03:18.0248 6164 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:03:18.0248 6164 WinUsb - ok
15:03:18.0279 6164 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:03:18.0279 6164 Wlansvc - ok
15:03:18.0373 6164 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:03:18.0388 6164 wlidsvc - ok
15:03:18.0419 6164 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:03:18.0419 6164 WmiAcpi - ok
15:03:18.0435 6164 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:03:18.0435 6164 wmiApSrv - ok
15:03:18.0435 6164 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:03:18.0435 6164 WPCSvc - ok
15:03:18.0451 6164 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:03:18.0451 6164 WPDBusEnum - ok
15:03:18.0451 6164 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:03:18.0451 6164 ws2ifsl - ok
15:03:18.0451 6164 WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
15:03:18.0451 6164 WsAudio_DeviceS(1) - ok
15:03:18.0451 6164 WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
15:03:18.0451 6164 WsAudio_DeviceS(2) - ok
15:03:18.0466 6164 WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
15:03:18.0466 6164 WsAudio_DeviceS(3) - ok
15:03:18.0466 6164 WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
15:03:18.0466 6164 WsAudio_DeviceS(4) - ok
15:03:18.0466 6164 WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
15:03:18.0466 6164 WsAudio_DeviceS(5) - ok
15:03:18.0466 6164 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:03:18.0466 6164 wscsvc - ok
15:03:18.0482 6164 WSearch - ok
15:03:18.0482 6164 WSOFTUSBK - ok
15:03:18.0560 6164 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:03:18.0575 6164 wuauserv - ok
15:03:18.0607 6164 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:03:18.0607 6164 WudfPf - ok
15:03:18.0622 6164 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:03:18.0622 6164 WUDFRd - ok
15:03:18.0622 6164 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:03:18.0622 6164 wudfsvc - ok
15:03:18.0638 6164 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:03:18.0638 6164 WwanSvc - ok
15:03:18.0653 6164 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:03:18.0653 6164 \Device\Harddisk0\DR0 - ok
15:03:18.0653 6164 MBR (0x1B8) (5f8b5082f3482cc06b72ec5806598ae9) \Device\Harddisk3\DR3
15:03:18.0794 6164 \Device\Harddisk3\DR3 - ok
15:03:18.0794 6164 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk4\DR4
15:03:18.0794 6164 \Device\Harddisk4\DR4 - ok
15:03:18.0794 6164 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
15:03:18.0950 6164 \Device\Harddisk2\DR2 - ok
15:03:18.0981 6164 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
15:03:18.0981 6164 \Device\Harddisk1\DR1 - ok
15:03:18.0981 6164 Boot (0x1200) (1d63eeb4053608ee1229e2c6976abba5) \Device\Harddisk0\DR0\Partition0
15:03:18.0981 6164 \Device\Harddisk0\DR0\Partition0 - ok
15:03:18.0981 6164 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk3\DR3\Partition0
15:03:18.0981 6164 \Device\Harddisk3\DR3\Partition0 - ok
15:03:18.0981 6164 Boot (0x1200) (2d3811ac59fcccd1e3275ebedf6ad53d) \Device\Harddisk3\DR3\Partition1
15:03:18.0981 6164 \Device\Harddisk3\DR3\Partition1 - ok
15:03:18.0981 6164 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk4\DR4\Partition0
15:03:18.0981 6164 \Device\Harddisk4\DR4\Partition0 - ok
15:03:18.0981 6164 Boot (0x1200) (8316cb3eedcfff67ae73dbe5e041f75d) \Device\Harddisk4\DR4\Partition1
15:03:18.0981 6164 \Device\Harddisk4\DR4\Partition1 - ok
15:03:18.0981 6164 Boot (0x1200) (53bb7ea8ba2479100fa49908db609707) \Device\Harddisk2\DR2\Partition0
15:03:18.0981 6164 \Device\Harddisk2\DR2\Partition0 - ok
15:03:18.0981 6164 Boot (0x1200) (90148413ab5a7ceb177b63a5c65b0136) \Device\Harddisk2\DR2\Partition1
15:03:18.0981 6164 \Device\Harddisk2\DR2\Partition1 - ok
15:03:18.0981 6164 Boot (0x1200) (c9f0e91f423192fa7643b390b4651653) \Device\Harddisk1\DR1\Partition0
15:03:18.0997 6164 \Device\Harddisk1\DR1\Partition0 - ok
15:03:18.0997 6164 ============================================================
15:03:18.0997 6164 Scan finished
15:03:18.0997 6164 ============================================================
15:03:18.0997 1888 Detected object count: 0
15:03:18.0997 1888 Actual detected object count: 0
15:03:27.0563 6888 Deinitialize success

=========================================================================================================================================================================================

ComboFix's report (C:\ComboFix.txt):

ComboFix 12-07-12.02 - bj 07/12/2012 15:23:30.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16289.11981 [GMT -6:00]
Running from: c:\users\bj\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\bj\AppData\Roaming\inst.exe
c:\users\bj\AppData\Roaming\Microsoft\Windows\Templates\1028.msi
c:\users\bj\AppData\Roaming\Microsoft\Windows\Templates\1031.msi
c:\users\bj\AppData\Roaming\Microsoft\Windows\Templates\1033.msi
c:\users\bj\AppData\Roaming\Microsoft\Windows\Templates\1036.msi
c:\users\bj\AppData\Roaming\Microsoft\Windows\Templates\1041.msi
c:\users\bj\AppData\Roaming\Microsoft\Windows\Templates\2052.msi
c:\users\bj\AppData\Roaming\vso_ts_preview.xml
c:\windows\Install
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-12 21:13 . 2012-07-12 21:13 -------- d-----w- C:\temp
2012-07-12 18:21 . 2012-07-12 18:21 -------- d-----w- c:\users\bj\AppData\Roaming\AKVIS LLC
2012-07-12 18:10 . 2012-07-12 18:10 -------- d-----w- c:\program files (x86)\AKVIS
2012-07-08 21:00 . 2012-07-08 21:00 -------- d-----w- c:\users\bj\AppData\Roaming\SynthMaker
2012-07-08 21:00 . 2012-07-08 21:00 -------- d-----w- c:\users\bj\AppData\Roaming\Acoustica
2012-07-08 20:59 . 2012-07-08 20:59 -------- d-----w- c:\program files (x86)\VST
2012-07-08 20:57 . 2012-07-08 20:59 -------- d-----w- c:\program files (x86)\Acoustica Mixcraft 6
2012-07-08 20:57 . 2012-07-08 20:59 -------- d-----w- c:\programdata\Acoustica
2012-07-08 18:19 . 2012-07-08 18:22 -------- d-----w- c:\users\bj\AppData\Roaming\Wise Registry Cleaner
2012-07-08 18:19 . 2012-07-08 18:19 -------- d-----w- c:\program files (x86)\Wise
2012-07-08 17:40 . 2012-07-08 17:40 -------- d-----w- C:\adobeTemp
2012-07-08 14:52 . 2012-07-08 14:52 54016 ----a-w- c:\windows\SysWow64\drivers\egqc.sys
2012-07-03 00:23 . 2012-07-03 00:23 -------- d-----w- c:\program files (x86)\Antares Audio Technologies
2012-06-30 05:53 . 2012-06-30 05:53 -------- d-----w- c:\program files (x86)\FLVPlayer
2012-06-19 11:57 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 11:57 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 11:57 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 11:57 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 11:57 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 11:57 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 11:57 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 11:57 . 2012-06-02 21:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 11:57 . 2012-06-02 21:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 00:00 . 2012-06-19 00:00 -------- d-----w- c:\users\bj\AppData\Local\Pop Art Studio 6.2
2012-06-18 18:40 . 2012-06-18 18:40 -------- d-----w- c:\users\bj\AppData\Roaming\Final Draft
2012-06-18 18:38 . 2009-05-14 16:32 4169728 ----a-r- c:\windows\SysWow64\cdintf400.dll
2012-06-18 18:38 . 2012-06-18 18:39 -------- d-----w- c:\programdata\Final Draft
2012-06-18 18:38 . 2012-06-18 18:38 -------- d-----w- c:\program files (x86)\Final Draft Tagger
2012-06-18 18:38 . 2012-06-18 18:38 -------- d-----w- c:\program files (x86)\Final Draft 8
2012-06-13 22:55 . 2012-06-13 22:55 -------- d-----w- c:\program files\iTunes
2012-06-13 22:55 . 2012-06-13 22:55 -------- d-----w- c:\program files\iPod
2012-06-13 17:01 . 2012-06-13 17:01 -------- d-----w- c:\program files (x86)\My Company Name
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 05:08 . 2012-04-03 06:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 05:08 . 2011-10-16 05:20 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-18 02:06 . 2012-06-12 20:21 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-05-18 01:59 . 2012-06-12 20:21 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-05-18 01:58 . 2012-06-12 20:21 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-18 01:55 . 2012-06-12 20:21 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-18 01:51 . 2012-06-12 20:21 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-17 22:45 . 2012-06-12 20:21 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-05-17 22:35 . 2012-06-12 20:21 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-17 22:35 . 2012-06-12 20:21 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29 . 2012-06-12 20:21 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24 . 2012-06-12 20:21 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32 . 2012-06-12 20:00 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:12 . 2012-05-11 14:12 10503680 ----a-w- c:\windows\system32\BCC8_3DObjects_AE.dll
2012-05-11 13:55 . 2012-05-11 13:55 35250688 ----a-w- c:\windows\system32\BCC8_AE_Float.dll
2012-05-11 13:44 . 2012-05-11 13:44 34866176 ----a-w- c:\windows\system32\BCC8_AE_8Bit.dll
2012-05-11 13:33 . 2012-05-11 13:33 34906624 ----a-w- c:\windows\system32\BCC8_AE_16Bit.dll
2012-05-11 13:27 . 2012-05-11 13:27 1027072 ----a-w- c:\windows\system32\BCC8_Common_AE.dll
2012-05-09 18:21 . 2012-04-29 16:50 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-09 18:21 . 2011-10-17 04:52 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-12 20:00 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-12 20:21 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-12 20:00 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 20:00 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-12 20:21 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-05-01 05:40 . 2012-06-12 20:00 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 05:32 . 2012-06-12 20:00 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:55 . 2012-06-12 20:00 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-12 20:00 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-12 20:00 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-12 20:00 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-12 20:00 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-12 20:00 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-12 20:00 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-12 20:00 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-12 20:00 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-12 20:00 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-19 02:56 . 2012-04-19 02:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 02:56 . 2012-04-19 02:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\bj\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\bj\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\bj\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\bj\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-11-14 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-08 43608]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-29 113288]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"PowerPanel Personal Edition User Interaction"="d:\=tools\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2010-08-03 349632]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Norton Ghost 15.0"="c:\program files (x86)\Norton Ghost\Agent\VProTray.exe" [2009-10-02 2596712]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"FPVCodecPackTrialInfo"="c:\windows\WICCodecs\{A6D092A4-081A-4F0E-9356-DA167E87D922}\FPVCodecPackTrialInfo.exe" [2012-04-29 325352]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2012-01-14 248832]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\users\bj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\bj\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Nostromo Loadout Manager.lnk - c:\windows\Installer\{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe [2011-10-5 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 VDiskBus;ASUS Disk Unlocker;c:\windows\system32\DRIVERS\VDiskBus64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-30 136176]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R2 RNX-MiniN111nCU;RNX-MiniN111nCU; [x]
R2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-12-16 5881952]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 ASFLTDrv.sys;ASFLTDrv.sys; [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 51872]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-09-30 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-09-30 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-10-08 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-08 230488]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-08 95320]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-21 1431888]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2009-09-22 1571336]
R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe [2011-03-21 745472]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-30 136176]
R3 HRMACPI;DSF ACPI Redirection Module;c:\windows\system32\DRIVERS\HRMACPI.SYS [x]
R3 HRMINTS;DSF Interrupt Redirection Module;c:\windows\system32\DRIVERS\HRMINTS.SYS [2010-02-09 128504]
R3 HRMPORTS;DSF IO Port Redirection Module;c:\windows\system32\DRIVERS\HRMPORTS.SYS [2010-02-09 148360]
R3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [2010-02-09 28680]
R3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [2010-02-09 196616]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [x]
R3 rtlss;Service for enabling selective suspend to RTL device;c:\windows\system32\Drivers\rtlss.sys [x]
R3 SMServer;SMServer;c:\windows\SysWOW64\snmvtsvc.exe [2011-03-21 243712]
R3 SOFTHIDUSBK;USB HID Layer;c:\windows\system32\DRIVERS\SOFTHIDUSBK.SYS [2010-02-09 206848]
R3 SOFTUSBK;Generic USB device;c:\windows\system32\DRIVERS\SOFTUSBK.SYS [2010-02-09 675328]
R3 SOFTUSBTESTHUB;Generic USB Test Hub;c:\windows\system32\DRIVERS\SOFTUSBTESTHUB.SYS [x]
R3 SOFTWADP;Wireless adapter devices;c:\windows\system32\DRIVERS\SOFTWADP.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-30 1255736]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 29288]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 29288]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 29288]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 29288]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 29288]
R3 WSOFTUSBK;Generic wireless USB device;c:\windows\system32\DRIVERS\WSOFTUSBK.SYS [x]
S0 DSFKSVCS;Kernel Services for DSF;c:\windows\system32\DRIVERS\dsfksvcs.sys [2010-02-09 676232]
S0 dsfroot;root enumerated bus driver;c:\windows\system32\DRIVERS\dsfroot.sys [2010-02-09 35832]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-02-17 133728]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2011-03-14 24880]
S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [2011-03-14 313136]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2011-08-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2011-11-24 1092728]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-02-17 211040]
S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [2012-02-17 142944]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-04 167048]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\dddskx64.sys [2009-02-12 26024]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120711.001\IDSvia64.sys [2012-06-14 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2011-11-17 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2011-11-17 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.;Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.;d:\=tools\Program Files (x86)\FantaMorph5\FantaUp.exe [2010-11-19 224176]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-22 586880]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-01-17 164520]
S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;d:\=tools\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2012-02-23 66560]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2007-08-14 35328]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-08 230488]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-08 95320]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-03-23 12032]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2011-03-22 34040]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-09-29 328368]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2009-09-22 54320]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-08 1612888]
S3 HRMCFGSPC;DSF General Configuration Space Redirection Module;c:\windows\system32\DRIVERS\HRMCFGSPC.SYS [2010-02-09 133512]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-18 26136]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-29 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-29 181248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 softehci;Microsoft USB 2.0 Enhanced Host Controller Interface (EHCI) Simulator Driver;c:\windows\system32\DRIVERS\softehci.sys [2010-02-09 366592]
S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2009-09-22 2963960]
S3 usbehci_dsf;Microsoft DSF-enabled USB 2.0 Enhanced Host Controller Interface (EHCI) Miniport Driver;c:\windows\system32\DRIVERS\usbehci_dsf.sys [2010-02-09 52736]
S3 VKbms;Razer Gaming Device;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 05:08]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-30 04:06]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-30 04:06]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3288252528-373665740-3723732635-1000Core.job
- c:\users\bj\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14 00:55]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3288252528-373665740-3723732635-1000UA.job
- c:\users\bj\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14 00:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\bj\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\bj\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\bj\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\bj\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\program files\Boris FX, Inc\Boris RED 5\Documentation\wwhelp\wwhimpl\common\html\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with Mipony - file://d:\=tools\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - d:\_tools~1\PROGRA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\bj\AppData\Roaming\Mozilla\Firefox\Profiles\8b85rv59.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
"ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.]
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DSFKSVCS\MofImagePath]
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3288252528-373665740-3723732635-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{48F0B1B3-178B-E663-BFA6-C29142ADCA55}*]
"namkacldboockfaalefaabiiegpe"=hex:6a,61,6f,66,6e,65,6b,6e,65,6e,6a,65,69,65,
68,63,66,69,67,64,00,6f
"gbgmhonehgipepmaaiojdndmddmhhcmnceighahlncanac"=hex:67,61,6e,6d,6e,63,63,6e,
6c,70,64,6f,67,67,00,00
"bbejbpidloglfodniecfmgclejiaiibghlke"=hex:68,62,6f,6b,6b,62,62,6f,6d,70,6f,6f,
65,62,6d,67,6a,62,66,6d,65,70,61,66,6e,65,62,62,64,6a,62,65,62,61,67,66,6e,\
.
[HKEY_USERS\S-1-5-21-3288252528-373665740-3723732635-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C0C616A4-5E45-C26C-00ED-125D4C3AA2AB}*]
"hapbgecnhjgabjkn"=hex:6e,61,70,61,66,62,68,64,63,63,62,69,6e,61,6d,67,69,69,
68,68,6e,6f,64,6c,6c,67,6c,69,00,31
"jaacdekfncjlebnbfpmo"=hex:6f,61,61,62,70,6c,6f,70,67,63,70,6c,61,6f,6b,62,62,
67,62,70,63,6e,68,6f,69,6b,6d,6d,6c,69,00,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:1b,a9,b0,e2,c2,97,a0,9f,8e,15,ed,8b,2a,78,4d,6e,d6,3f,13,f7,41,
70,86,7b,07,18,cd,dd,c0,06,1b,c1,35,8e,c0,73,28,89,78,45,1d,2c,97,c8,f3,d4,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{03223D4D-1B28-4325-9A96-9C5A4C8EA8BC}*]
@=hex:3e,b3,c9,76,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{11D741B8-DD31-4707-B06A-7A68E3D84884}*]
@=hex:56,24,9d,76,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{1A493EAC-93D3-4646-B911-4697A475FF4B}*]
@=hex:a8,b6,fb,78,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{20EF7B60-CE85-4048-A409-02CB203268EE}*]
@=hex:4a,6a,af,78,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{242E582C-66A8-478C-8BCA-0AF9F1D38D39}*]
@=hex:b3,28,7a,78,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{29638F0C-042B-4B50-A2D2-8E8E7CA71E4F}*]
@=hex:77,88,ee,77,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3B84C2D7-708C-48EF-8ED7-0C5FC0F030C6}*]
@=hex:eb,3c,ab,77,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3B8C523D-E999-4C87-BB58-E03B7F5C67F8}*]
@=hex:eb,a9,51,77,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3D619A54-A36D-4F10-8380-B598CA94D916}*]
@=hex:0d,2f,e3,76,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
@=hex:1b,3a,16,7b,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{787E3340-6D04-4BF3-BCC2-2AD3630471CE}*]
@=hex:a4,b6,8f,76,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{861F5797-5F25-43E6-9510-527D056BC13C}*]
@=hex:03,bd,64,77,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{92561398-2ED8-42AF-86E2-66FA8E9DC46E}*]
@=hex:ff,6c,0e,78,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
@=hex:a1,63,31,7b,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
@=hex:95,70,47,77,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{B67DA794-42D6-4DFE-AE29-0334338228C9}*]
@=hex:a3,7f,fe,76,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]
@=hex:c3,a2,4b,7b,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C514227C-0AF4-44BB-816A-E9483A4302C9}*]
@=hex:1e,5d,4e,78,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C55AC07F-5B51-486C-811A-750184298D58}*]
@=hex:93,28,d8,78,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C7A40493-BF23-4B53-AB2A-4A923B3EE34B}*]
@=hex:3f,01,28,77,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{E14E55A7-29C8-4389-8E5A-3EF964510FCA}*]
@=hex:d8,c6,d0,77,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{F5E30566-7C8F-4037-A8FF-A7382E251C56}*]
@=hex:a0,e9,30,78,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:1b,a9,b0,e2,c2,97,a0,9f,8e,15,ed,8b,2a,78,4d,6e,d6,3f,13,f7,41,
70,86,7b,07,18,cd,dd,c0,06,1b,c1,35,8e,c0,73,28,89,78,45,1d,2c,97,c8,f3,d4,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\windows\system32\crypserv.exe
c:\program files (x86)\Belkin\Nostromo\nost_LM.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SysWOW64\CTXFISPI.EXE
c:\program files (x86)\Norton Ghost\Agent\VProSvc.exe
d:\=tools\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
c:\program files (x86)\Razer\DeathAdder\razertra.exe
c:\program files (x86)\Razer\DeathAdder\razerofa.exe
c:\program files (x86)\Razer\DeathAdder\vdDaemon.exe
.
**************************************************************************
.
Completion time: 2012-07-12 15:29:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-12 21:29
.
Pre-Run: 46,469,816,320 bytes free
Post-Run: 46,247,297,024 bytes free
.
- - End Of File - - 660B880823444ECD0CB09B91EC475867

====================================================================================================================================================================================

Security Check checkup.txt:

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Norton Ghost
Wise Registry Cleaner 7.34
Java™ 6 Update 33
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 20% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

=================================================================================================================================================================

P.S. My c: drive is SSD Corsair Force so it never gets defraged, based on manufacturer's recommendation.
D-FRED-BROWN, thank you for your help with this terror.

Attached Files



#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:02:22 AM

Posted 12 July 2012 - 10:09 PM

I followed all instructions, including turning off all Norton 360 features but Combofix reported its antispyware still running, no matter what I did within Norton 360v6. Continued with combofix and all other recommended procedures. I AM willing to uninstall Norton entirely to help resolve this problem. Is this what I should do? All requested logs are cited here (and attached to this email):

Sure, go ahead and uninstall Norton 360 as a precautionary measure for now- the last thing we'd want is for it to accidentally conflict with something we're attempting to remove. :wink:

After you've uninstalled it, go ahead and run ComboFix once again. Please post the newly-created log in your next reply, and let me know of any news.

Edited by D-FRED-BROWN, 12 July 2012 - 10:09 PM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#5 JackRivers

JackRivers
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 13 July 2012 - 11:34 AM

Hi D-FRED-BROWN! I did as you said and uninstalled Norton360 v6, then ran the NEW combofix. Log cited below (and attached.)
===========================================================================================================================
2nd-combofix.txt

ComboFix 12-07-13.03 - bj 07/13/2012 10:25:46.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16289.14277 [GMT -6:00]
Running from: c:\users\bj\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-13 16:28 . 2012-07-13 16:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-13 16:28 . 2012-07-13 16:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 16:28 . 2012-07-13 16:28 -------- d-----w- c:\users\bj\AppData\Local\temp
2012-07-12 22:00 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 21:13 . 2012-07-13 00:49 -------- d-----w- C:\temp
2012-07-12 18:21 . 2012-07-12 18:21 -------- d-----w- c:\users\bj\AppData\Roaming\AKVIS LLC
2012-07-12 18:10 . 2012-07-12 18:10 -------- d-----w- c:\program files (x86)\AKVIS
2012-07-08 21:00 . 2012-07-08 21:00 -------- d-----w- c:\users\bj\AppData\Roaming\SynthMaker
2012-07-08 21:00 . 2012-07-08 21:00 -------- d-----w- c:\users\bj\AppData\Roaming\Acoustica
2012-07-08 20:59 . 2012-07-08 20:59 -------- d-----w- c:\program files (x86)\VST
2012-07-08 20:57 . 2012-07-08 20:59 -------- d-----w- c:\program files (x86)\Acoustica Mixcraft 6
2012-07-08 20:57 . 2012-07-08 20:59 -------- d-----w- c:\programdata\Acoustica
2012-07-08 18:19 . 2012-07-08 18:22 -------- d-----w- c:\users\bj\AppData\Roaming\Wise Registry Cleaner
2012-07-08 18:19 . 2012-07-08 18:19 -------- d-----w- c:\program files (x86)\Wise
2012-07-08 17:40 . 2012-07-08 17:40 -------- d-----w- C:\adobeTemp
2012-07-08 14:52 . 2012-07-08 14:52 54016 ----a-w- c:\windows\SysWow64\drivers\egqc.sys
2012-07-03 00:23 . 2012-07-03 00:23 -------- d-----w- c:\program files (x86)\Antares Audio Technologies
2012-06-30 05:53 . 2012-06-30 05:53 -------- d-----w- c:\program files (x86)\FLVPlayer
2012-06-19 11:57 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 11:57 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 11:57 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 11:57 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 11:57 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 11:57 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 11:57 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 11:57 . 2012-06-02 21:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 11:57 . 2012-06-02 21:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 00:00 . 2012-06-19 00:00 -------- d-----w- c:\users\bj\AppData\Local\Pop Art Studio 6.2
2012-06-18 18:40 . 2012-06-18 18:40 -------- d-----w- c:\users\bj\AppData\Roaming\Final Draft
2012-06-18 18:38 . 2009-05-14 16:32 4169728 ----a-r- c:\windows\SysWow64\cdintf400.dll
2012-06-18 18:38 . 2012-06-18 18:39 -------- d-----w- c:\programdata\Final Draft
2012-06-18 18:38 . 2012-06-18 18:38 -------- d-----w- c:\program files (x86)\Final Draft Tagger
2012-06-18 18:38 . 2012-06-18 18:38 -------- d-----w- c:\program files (x86)\Final Draft 8
2012-06-13 22:55 . 2012-06-13 22:55 -------- d-----w- c:\program files\iTunes
2012-06-13 22:55 . 2012-06-13 22:55 -------- d-----w- c:\program files\iPod
2012-06-13 17:01 . 2012-06-13 17:01 -------- d-----w- c:\program files (x86)\My Company Name
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 05:08 . 2012-04-03 06:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 05:08 . 2011-10-16 05:20 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-11 14:12 . 2012-05-11 14:12 10503680 ----a-w- c:\windows\system32\BCC8_3DObjects_AE.dll
2012-05-11 13:55 . 2012-05-11 13:55 35250688 ----a-w- c:\windows\system32\BCC8_AE_Float.dll
2012-05-11 13:44 . 2012-05-11 13:44 34866176 ----a-w- c:\windows\system32\BCC8_AE_8Bit.dll
2012-05-11 13:33 . 2012-05-11 13:33 34906624 ----a-w- c:\windows\system32\BCC8_AE_16Bit.dll
2012-05-11 13:27 . 2012-05-11 13:27 1027072 ----a-w- c:\windows\system32\BCC8_Common_AE.dll
2012-05-09 18:21 . 2012-04-29 16:50 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-09 18:21 . 2011-10-17 04:52 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-12 20:00 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-12 20:21 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-12 20:00 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 20:00 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-12 20:21 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-05-01 05:40 . 2012-06-12 20:00 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 05:32 . 2012-06-12 20:00 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:55 . 2012-06-12 20:00 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-12 20:00 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-12 20:00 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-12 20:00 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-12 20:00 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-12 20:00 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-12 20:00 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-12 20:00 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-12 20:00 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-12 20:00 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-19 02:56 . 2012-04-19 02:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 02:56 . 2012-04-19 02:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-12_21.28.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-12 21:57 . 2012-06-02 04:34 96768 c:\windows\SysWOW64\sspicli.dll
- 2012-01-11 04:56 . 2011-11-17 05:28 96768 c:\windows\SysWOW64\sspicli.dll
+ 2012-07-12 21:57 . 2012-06-02 04:40 22016 c:\windows\SysWOW64\secur32.dll
- 2012-01-11 04:56 . 2011-11-17 05:34 22016 c:\windows\SysWOW64\secur32.dll
- 2012-06-12 20:21 . 2012-05-17 22:25 73216 c:\windows\SysWOW64\mshtmled.dll
+ 2012-07-12 21:58 . 2012-06-02 08:17 73216 c:\windows\SysWOW64\mshtmled.dll
- 2012-06-12 20:21 . 2012-05-17 22:31 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-07-12 21:58 . 2012-06-02 08:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-06-12 20:21 . 2012-05-17 22:31 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-07-12 21:58 . 2012-06-02 08:21 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2009-07-14 05:10 . 2012-07-13 16:25 56752 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-29 20:20 . 2012-07-13 16:25 30146 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3288252528-373665740-3723732635-1000_UserData.bin
+ 2012-07-12 21:58 . 2012-06-02 11:57 96768 c:\windows\system32\mshtmled.dll
- 2012-06-12 20:21 . 2012-05-18 01:51 96768 c:\windows\system32\mshtmled.dll
+ 2012-07-12 21:58 . 2012-06-02 12:03 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2012-06-12 20:21 . 2012-05-18 01:56 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-07-12 21:58 . 2012-06-02 12:03 85504 c:\windows\system32\jsproxy.dll
- 2012-06-12 20:21 . 2012-05-18 01:56 85504 c:\windows\system32\jsproxy.dll
- 2012-01-11 04:56 . 2011-11-17 06:49 95600 c:\windows\system32\drivers\ksecdd.sys
+ 2012-07-12 21:57 . 2012-06-02 05:48 95600 c:\windows\system32\drivers\ksecdd.sys
- 2011-09-30 21:09 . 2012-07-12 05:08 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-30 21:09 . 2012-07-13 02:16 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-30 21:09 . 2012-07-12 05:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-30 21:09 . 2012-07-13 02:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-12 05:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-13 02:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-07-13 01:28 83296 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-10-04 21:59 . 2012-07-12 22:00 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-10-04 21:59 . 2012-06-12 20:26 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-10-04 21:59 . 2012-06-12 20:26 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-10-04 21:59 . 2012-07-12 22:00 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2011-10-04 21:59 . 2012-06-12 20:26 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-10-04 21:59 . 2012-07-12 22:00 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-07-20 12:28 . 2011-07-20 12:28 54104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\SCANOST.EXE
+ 2011-07-20 12:28 . 2011-07-20 12:28 75624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\RM.DLL
+ 2011-07-20 12:28 . 2011-07-20 12:28 38248 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\RECALL.DLL
+ 2011-05-27 02:18 . 2011-05-27 02:18 52088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLVBA.DLL
+ 2011-07-20 12:28 . 2011-07-20 12:28 34208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\DUMPSTER.DLL
- 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\SysWOW64\msxml3r.dll
+ 2012-07-12 21:57 . 2010-06-26 03:24 2048 c:\windows\SysWOW64\msxml3r.dll
+ 2012-07-12 21:57 . 2010-06-26 03:55 2048 c:\windows\system32\msxml3r.dll
- 2009-07-14 00:41 . 2009-07-14 01:30 2048 c:\windows\system32\msxml3r.dll
+ 2012-07-13 16:23 . 2012-07-13 16:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-12 21:28 . 2012-07-12 21:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-13 16:23 . 2012-07-13 16:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-12 20:21 . 2012-05-17 22:33 231936 c:\windows\SysWOW64\url.dll
+ 2012-07-12 21:58 . 2012-06-02 08:23 231936 c:\windows\SysWOW64\url.dll
+ 2012-07-12 21:57 . 2012-06-02 04:40 225280 c:\windows\SysWOW64\schannel.dll
- 2009-07-13 23:33 . 2009-07-14 01:16 219136 c:\windows\SysWOW64\ncrypt.dll
+ 2012-07-12 21:57 . 2012-06-02 04:39 219136 c:\windows\SysWOW64\ncrypt.dll
- 2012-06-12 20:21 . 2012-05-17 22:29 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-07-12 21:58 . 2012-06-02 08:19 716800 c:\windows\SysWOW64\jscript.dll
- 2012-06-12 20:21 . 2012-05-17 22:29 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-07-12 21:58 . 2012-06-02 08:20 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2012-06-12 20:21 . 2012-05-17 22:20 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-07-12 21:58 . 2012-06-02 08:14 176640 c:\windows\SysWOW64\ieui.dll
- 2011-10-03 19:29 . 2010-11-20 10:18 805376 c:\windows\SysWOW64\cdosys.dll
+ 2012-07-12 21:57 . 2012-06-06 05:03 805376 c:\windows\SysWOW64\cdosys.dll
+ 2011-09-29 20:20 . 2012-07-13 01:27 169362 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2012-06-12 20:21 . 2012-05-18 01:58 237056 c:\windows\system32\url.dll
+ 2012-07-12 21:58 . 2012-06-02 12:04 237056 c:\windows\system32\url.dll
- 2012-01-11 04:56 . 2011-11-17 06:35 340992 c:\windows\system32\schannel.dll
+ 2012-07-12 21:57 . 2012-06-02 05:45 340992 c:\windows\system32\schannel.dll
+ 2009-07-14 02:36 . 2012-07-13 16:28 692820 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-10 18:51 692820 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-13 16:28 133948 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-10 18:51 133948 c:\windows\system32\perfc009.dat
- 2009-07-13 23:49 . 2009-07-14 01:41 307200 c:\windows\system32\ncrypt.dll
+ 2012-07-12 21:57 . 2012-06-02 05:44 307200 c:\windows\system32\ncrypt.dll
- 2012-06-12 20:21 . 2012-05-18 01:55 818688 c:\windows\system32\jscript.dll
+ 2012-07-12 21:58 . 2012-06-02 12:00 818688 c:\windows\system32\jscript.dll
- 2012-06-12 20:21 . 2012-05-18 01:55 173056 c:\windows\system32\ieUnatt.exe
+ 2012-07-12 21:58 . 2012-06-02 12:01 173056 c:\windows\system32\ieUnatt.exe
+ 2012-07-12 21:58 . 2012-06-02 11:54 248320 c:\windows\system32\ieui.dll
- 2012-06-12 20:21 . 2012-05-18 01:47 248320 c:\windows\system32\ieui.dll
+ 2012-07-12 21:57 . 2012-06-02 05:48 151920 c:\windows\system32\drivers\ksecpkg.sys
+ 2012-07-12 21:57 . 2012-06-02 05:50 458704 c:\windows\system32\drivers\cng.sys
- 2009-07-14 05:01 . 2012-07-12 21:27 417404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-13 16:22 417404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-10-04 21:59 . 2012-06-12 20:26 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-10-04 21:59 . 2012-07-12 22:00 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-10-04 21:59 . 2012-06-12 20:26 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-10-04 21:59 . 2012-07-12 22:00 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2011-10-04 21:59 . 2012-06-12 20:26 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-10-04 21:59 . 2012-07-12 22:00 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-10-04 21:59 . 2012-07-12 22:00 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2011-10-04 21:59 . 2012-06-12 20:26 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-10-04 21:59 . 2012-07-12 22:00 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2011-10-04 21:59 . 2012-06-12 20:26 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2011-10-04 21:59 . 2012-07-12 22:00 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2011-10-04 21:59 . 2012-06-12 20:26 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2011-10-04 21:59 . 2012-06-12 20:26 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-10-04 21:59 . 2012-07-12 22:00 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-07-20 12:28 . 2011-07-20 12:28 282032 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\SCNPST64.DLL
+ 2011-07-20 12:28 . 2011-07-20 12:28 273832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\SCNPST32.DLL
+ 2011-07-20 12:28 . 2011-07-20 12:28 421736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\PSTPRX32.DLL
+ 2011-07-27 10:55 . 2011-07-27 10:55 596888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLMIME.DLL
+ 2011-05-27 02:18 . 2011-05-27 02:18 136536 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLCTL.DLL
+ 2011-07-27 12:03 . 2011-07-27 12:03 194448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OMSXP32.DLL
+ 2011-07-27 12:03 . 2011-07-27 12:03 661888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OMSMAIN.DLL
+ 2011-07-20 12:28 . 2011-07-20 12:28 340320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MIMEDIR.DLL
+ 2011-07-20 12:28 . 2011-07-20 12:28 138088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IMPMAIL.DLL
+ 2011-05-27 02:18 . 2011-05-27 02:18 115584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\EMABLT32.DLL
+ 2011-07-27 10:55 . 2011-07-27 10:55 128376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\CONTAB32.DLL
- 2012-06-12 20:21 . 2012-05-17 22:35 1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-07-12 21:58 . 2012-06-02 08:25 1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-07-12 21:58 . 2012-06-02 08:26 1103872 c:\windows\SysWOW64\urlmon.dll
- 2012-06-12 20:21 . 2012-05-17 22:36 1103872 c:\windows\SysWOW64\urlmon.dll
+ 2012-07-12 21:57 . 2012-06-06 05:05 1390080 c:\windows\SysWOW64\msxml6.dll
- 2011-10-03 19:29 . 2010-11-20 10:19 1390080 c:\windows\SysWOW64\msxml6.dll
- 2011-10-03 19:29 . 2010-11-20 10:19 1236992 c:\windows\SysWOW64\msxml3.dll
+ 2012-07-12 21:57 . 2012-06-06 05:05 1236992 c:\windows\SysWOW64\msxml3.dll
+ 2012-07-12 21:58 . 2012-06-02 08:33 1800192 c:\windows\SysWOW64\jscript9.dll
- 2012-06-12 20:21 . 2012-05-17 22:45 1800192 c:\windows\SysWOW64\jscript9.dll
- 2012-06-12 20:21 . 2012-05-17 22:27 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-07-12 21:58 . 2012-06-02 08:19 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-07-12 21:58 . 2012-06-02 08:43 9737728 c:\windows\SysWOW64\ieframe.dll
- 2012-06-12 20:21 . 2012-05-17 22:48 9737728 c:\windows\SysWOW64\ieframe.dll
+ 2012-07-12 21:58 . 2012-06-02 12:05 1392128 c:\windows\system32\wininet.dll
- 2012-06-12 20:21 . 2012-05-18 01:59 1392128 c:\windows\system32\wininet.dll
+ 2012-07-12 21:58 . 2012-06-02 12:05 1346048 c:\windows\system32\urlmon.dll
- 2012-06-12 20:21 . 2012-05-18 01:59 1346048 c:\windows\system32\urlmon.dll
- 2011-10-03 19:29 . 2010-11-20 11:27 2004480 c:\windows\system32\msxml6.dll
+ 2012-07-12 21:57 . 2012-06-06 06:06 2004480 c:\windows\system32\msxml6.dll
+ 2012-07-12 21:57 . 2012-06-06 06:06 1881600 c:\windows\system32\msxml3.dll
+ 2012-07-12 21:58 . 2012-06-02 12:12 2311680 c:\windows\system32\jscript9.dll
- 2012-06-12 20:21 . 2012-05-18 02:06 2311680 c:\windows\system32\jscript9.dll
+ 2012-07-12 21:58 . 2012-06-02 11:59 2144768 c:\windows\system32\iertutil.dll
- 2012-06-12 20:21 . 2012-05-18 01:54 2144768 c:\windows\system32\iertutil.dll
- 2011-10-27 13:25 . 2012-07-08 22:14 4934056 c:\windows\system32\FNTCACHE.DAT
+ 2011-10-27 13:25 . 2012-07-13 01:25 4934056 c:\windows\system32\FNTCACHE.DAT
- 2011-10-03 19:29 . 2010-11-20 11:25 1133568 c:\windows\system32\cdosys.dll
+ 2012-07-12 21:57 . 2012-06-06 06:02 1133568 c:\windows\system32\cdosys.dll
+ 2009-07-14 04:45 . 2012-07-13 01:28 5829347 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-06-21 06:33 5829347 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-05-30 13:18 . 2012-05-30 13:18 1739264 c:\windows\Installer\1b6da5.msp
+ 2012-06-19 18:54 . 2012-06-19 18:54 2239488 c:\windows\Installer\1b6d98.msp
+ 2012-06-19 18:54 . 2012-06-19 18:54 5009920 c:\windows\Installer\1b6d7e.msp
+ 2012-04-05 04:37 . 2012-04-05 04:37 2540544 c:\windows\Installer\1b6d64.msp
+ 2012-04-05 04:37 . 2012-04-05 04:37 3149824 c:\windows\Installer\1b6d4a.msp
+ 2011-10-04 21:59 . 2012-07-12 22:00 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-10-04 21:59 . 2012-06-12 20:26 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-10-04 21:59 . 2012-06-12 20:26 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-10-04 21:59 . 2012-07-12 22:00 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-07-27 10:55 . 2011-07-27 10:55 3004800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OLMAPI32.DLL
+ 2011-07-27 11:09 . 2011-07-27 11:09 5310848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IPEDITOR.DLL
+ 2012-07-12 21:57 . 2012-06-09 04:41 12873728 c:\windows\SysWOW64\shell32.dll
- 2012-06-12 20:21 . 2012-05-17 23:11 12314624 c:\windows\SysWOW64\mshtml.dll
+ 2012-07-12 21:58 . 2012-06-02 09:07 12314624 c:\windows\SysWOW64\mshtml.dll
- 2009-07-14 02:34 . 2012-06-19 12:08 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-07-13 01:24 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-07-12 21:57 . 2012-06-09 05:43 14172672 c:\windows\system32\shell32.dll
- 2012-02-14 22:03 . 2012-01-04 10:44 14172672 c:\windows\system32\shell32.dll
- 2012-06-12 20:21 . 2012-05-18 02:47 17807360 c:\windows\system32\mshtml.dll
+ 2012-07-12 21:58 . 2012-06-02 12:49 17807360 c:\windows\system32\mshtml.dll
+ 2011-09-29 20:11 . 2012-07-12 21:58 59701280 c:\windows\system32\MRT.exe
+ 2012-07-12 21:58 . 2012-06-02 12:17 10924032 c:\windows\system32\ieframe.dll
- 2012-06-12 20:21 . 2012-05-18 02:16 10924032 c:\windows\system32\ieframe.dll
+ 2011-09-30 05:25 . 2012-07-13 16:22 48983956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3288252528-373665740-3723732635-1000-12288.dat
+ 2012-05-30 13:18 . 2012-05-30 13:18 11885056 c:\windows\Installer\1b6dd8.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\bj\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\bj\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\bj\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\bj\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-11-14 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-08 43608]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-29 113288]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"PowerPanel Personal Edition User Interaction"="d:\=tools\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2010-08-03 349632]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Norton Ghost 15.0"="c:\program files (x86)\Norton Ghost\Agent\VProTray.exe" [2009-10-02 2596712]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"FPVCodecPackTrialInfo"="c:\windows\WICCodecs\{A6D092A4-081A-4F0E-9356-DA167E87D922}\FPVCodecPackTrialInfo.exe" [2012-04-29 325352]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2012-01-14 248832]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\users\bj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\bj\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Nostromo Loadout Manager.lnk - c:\windows\Installer\{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe [2011-10-5 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
[BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 VDiskBus;ASUS Disk Unlocker;c:\windows\system32\DRIVERS\VDiskBus64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-30 136176]
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;d:\=tools\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]
R2 RNX-MiniN111nCU;RNX-MiniN111nCU; [x]
R2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-12-16 5881952]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 ASFLTDrv.sys;ASFLTDrv.sys; [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 51872]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-09-30 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-09-30 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-10-08 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-08 230488]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-08 95320]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-21 1431888]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2009-09-22 1571336]
R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe [2011-03-21 745472]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-30 136176]
R3 HRMACPI;DSF ACPI Redirection Module;c:\windows\system32\DRIVERS\HRMACPI.SYS [x]
R3 HRMINTS;DSF Interrupt Redirection Module;c:\windows\system32\DRIVERS\HRMINTS.SYS [2010-02-09 128504]
R3 HRMPORTS;DSF IO Port Redirection Module;c:\windows\system32\DRIVERS\HRMPORTS.SYS [2010-02-09 148360]
R3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [2010-02-09 28680]
R3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [2010-02-09 196616]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [x]
R3 rtlss;Service for enabling selective suspend to RTL device;c:\windows\system32\Drivers\rtlss.sys [x]
R3 SMServer;SMServer;c:\windows\SysWOW64\snmvtsvc.exe [2011-03-21 243712]
R3 SOFTHIDUSBK;USB HID Layer;c:\windows\system32\DRIVERS\SOFTHIDUSBK.SYS [2010-02-09 206848]
R3 SOFTUSBK;Generic USB device;c:\windows\system32\DRIVERS\SOFTUSBK.SYS [2010-02-09 675328]
R3 SOFTUSBTESTHUB;Generic USB Test Hub;c:\windows\system32\DRIVERS\SOFTUSBTESTHUB.SYS [x]
R3 SOFTWADP;Wireless adapter devices;c:\windows\system32\DRIVERS\SOFTWADP.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-30 1255736]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 29288]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 29288]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 29288]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 29288]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 29288]
R3 WSOFTUSBK;Generic wireless USB device;c:\windows\system32\DRIVERS\WSOFTUSBK.SYS [x]
S0 DSFKSVCS;Kernel Services for DSF;c:\windows\system32\DRIVERS\dsfksvcs.sys [2010-02-09 676232]
S0 dsfroot;root enumerated bus driver;c:\windows\system32\DRIVERS\dsfroot.sys [2010-02-09 35832]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-02-17 133728]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2011-03-14 24880]
S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [2011-03-14 313136]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-02-17 211040]
S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [2012-02-17 142944]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\dddskx64.sys [2009-02-12 26024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.;Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.;d:\=tools\Program Files (x86)\FantaMorph5\FantaUp.exe [2010-11-19 224176]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-22 586880]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-01-17 164520]
S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2012-02-23 66560]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2007-08-14 35328]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-08 230488]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-08 95320]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-03-23 12032]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2011-03-22 34040]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-09-29 328368]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2009-09-22 54320]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-08 1612888]
S3 HRMCFGSPC;DSF General Configuration Space Redirection Module;c:\windows\system32\DRIVERS\HRMCFGSPC.SYS [2010-02-09 133512]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-18 26136]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-29 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-29 181248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 softehci;Microsoft USB 2.0 Enhanced Host Controller Interface (EHCI) Simulator Driver;c:\windows\system32\DRIVERS\softehci.sys [2010-02-09 366592]
S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2009-09-22 2963960]
S3 usbehci_dsf;Microsoft DSF-enabled USB 2.0 Enhanced Host Controller Interface (EHCI) Miniport Driver;c:\windows\system32\DRIVERS\usbehci_dsf.sys [2010-02-09 52736]
S3 VKbms;Razer Gaming Device;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 05:08]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-30 04:06]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-30 04:06]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3288252528-373665740-3723732635-1000Core.job
- c:\users\bj\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14 00:55]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3288252528-373665740-3723732635-1000UA.job
- c:\users\bj\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14 00:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\bj\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\bj\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\bj\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\bj\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\program files\Boris FX, Inc\Boris RED 5\Documentation\wwhelp\wwhimpl\common\html\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with Mipony - file://d:\=tools\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - d:\_tools~1\PROGRA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\bj\AppData\Roaming\Mozilla\Firefox\Profiles\8b85rv59.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
.
.
"ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DSFKSVCS\MofImagePath]
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3288252528-373665740-3723732635-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{48F0B1B3-178B-E663-BFA6-C29142ADCA55}*]
"namkacldboockfaalefaabiiegpe"=hex:6a,61,6f,66,6e,65,6b,6e,65,6e,6a,65,69,65,
68,63,66,69,67,64,00,6f
"gbgmhonehgipepmaaiojdndmddmhhcmnceighahlncanac"=hex:67,61,6e,6d,6e,63,63,6e,
6c,70,64,6f,67,67,00,00
"bbejbpidloglfodniecfmgclejiaiibghlke"=hex:68,62,6f,6b,6b,62,62,6f,6d,70,6f,6f,
65,62,6d,67,6a,62,66,6d,65,70,61,66,6e,65,62,62,64,6a,62,65,62,61,67,66,6e,\
.
[HKEY_USERS\S-1-5-21-3288252528-373665740-3723732635-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C0C616A4-5E45-C26C-00ED-125D4C3AA2AB}*]
"hapbgecnhjgabjkn"=hex:6e,61,70,61,66,62,68,64,63,63,62,69,6e,61,6d,67,69,69,
68,68,6e,6f,64,6c,6c,67,6c,69,00,31
"jaacdekfncjlebnbfpmo"=hex:6f,61,61,62,70,6c,6f,70,67,63,70,6c,61,6f,6b,62,62,
67,62,70,63,6e,68,6f,69,6b,6d,6d,6c,69,00,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:1b,a9,b0,e2,c2,97,a0,9f,8e,15,ed,8b,2a,78,4d,6e,d6,3f,13,f7,41,
70,86,7b,07,18,cd,dd,c0,06,1b,c1,35,8e,c0,73,28,89,78,45,1d,2c,97,c8,f3,d4,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{03223D4D-1B28-4325-9A96-9C5A4C8EA8BC}*]
@=hex:3e,b3,c9,76,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{11D741B8-DD31-4707-B06A-7A68E3D84884}*]
@=hex:56,24,9d,76,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{1A493EAC-93D3-4646-B911-4697A475FF4B}*]
@=hex:a8,b6,fb,78,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{20EF7B60-CE85-4048-A409-02CB203268EE}*]
@=hex:4a,6a,af,78,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{242E582C-66A8-478C-8BCA-0AF9F1D38D39}*]
@=hex:b3,28,7a,78,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{29638F0C-042B-4B50-A2D2-8E8E7CA71E4F}*]
@=hex:77,88,ee,77,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3B84C2D7-708C-48EF-8ED7-0C5FC0F030C6}*]
@=hex:eb,3c,ab,77,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3B8C523D-E999-4C87-BB58-E03B7F5C67F8}*]
@=hex:eb,a9,51,77,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3D619A54-A36D-4F10-8380-B598CA94D916}*]
@=hex:0d,2f,e3,76,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
@=hex:1b,3a,16,7b,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{787E3340-6D04-4BF3-BCC2-2AD3630471CE}*]
@=hex:a4,b6,8f,76,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{861F5797-5F25-43E6-9510-527D056BC13C}*]
@=hex:03,bd,64,77,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{92561398-2ED8-42AF-86E2-66FA8E9DC46E}*]
@=hex:ff,6c,0e,78,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
@=hex:a1,63,31,7b,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
@=hex:95,70,47,77,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{B67DA794-42D6-4DFE-AE29-0334338228C9}*]
@=hex:a3,7f,fe,76,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]
@=hex:c3,a2,4b,7b,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C514227C-0AF4-44BB-816A-E9483A4302C9}*]
@=hex:1e,5d,4e,78,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C55AC07F-5B51-486C-811A-750184298D58}*]
@=hex:93,28,d8,78,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C7A40493-BF23-4B53-AB2A-4A923B3EE34B}*]
@=hex:3f,01,28,77,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{E14E55A7-29C8-4389-8E5A-3EF964510FCA}*]
@=hex:d8,c6,d0,77,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{F5E30566-7C8F-4037-A8FF-A7382E251C56}*]
@=hex:a0,e9,30,78,c8,32,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:1b,a9,b0,e2,c2,97,a0,9f,8e,15,ed,8b,2a,78,4d,6e,d6,3f,13,f7,41,
70,86,7b,07,18,cd,dd,c0,06,1b,c1,35,8e,c0,73,28,89,78,45,1d,2c,97,c8,f3,d4,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-13 10:29:34
ComboFix-quarantined-files.txt 2012-07-13 16:29
ComboFix2.txt 2012-07-12 21:29
.
Pre-Run: 45,894,934,528 bytes free
Post-Run: 45,603,913,728 bytes free
.
- - End Of File - - 4D08B580A50C9ECD5EBDE614BAA753AE
===========================================================================================

Attached Files


Edited by JackRivers, 13 July 2012 - 11:35 AM.


#6 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:02:22 AM

Posted 13 July 2012 - 01:49 PM

We have some more searching to do:

Please download Malwarebytes' Anti-Malware to your Desktop
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a location you will remember.
  • Copy and Paste that log into your next reply.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK for either of the prompts and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Edited by D-FRED-BROWN, 13 July 2012 - 01:49 PM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#7 JackRivers

JackRivers
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 13 July 2012 - 02:45 PM

Here's MBAM log:
=========================================================

Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.13.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
bj :: MANTIS [administrator]

Protection: Disabled

7/13/2012 1:43:48 PM
mbam-log-2012-07-13 (13-43-48).txt

Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 199361
Time elapsed: 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:02:22 AM

Posted 14 July 2012 - 11:54 AM

Please do the following:
  • Please download aswMBR.exe from here and save it to your Desktop.
  • Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator)
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time!
  • This will also create a file on your Desktop named MBR.dat. Right click that file and select Send To->Compressed (zipped) folder. Attach that zipped folder in your next reply as well.

Note: you can opt out of the optional Avast! antivirus scan.

Edited by D-FRED-BROWN, 14 July 2012 - 11:54 AM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#9 JackRivers

JackRivers
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 14 July 2012 - 12:06 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-14 11:00:00
-----------------------------
11:00:00.888 OS Version: Windows x64 6.1.7601 Service Pack 1
11:00:00.888 Number of processors: 8 586 0x2A07
11:00:00.888 ComputerName: MANTIS UserName: bj
11:00:01.122 Initialize success
11:01:09.499 AVAST engine defs: 12071401
11:01:31.386 Disk 0 \Device\Harddisk0\DR0 -> \Device\Scsi\JRAID1Port0Path0Target0Lun0
11:01:31.386 Disk 0 Vendor: ________ CC83 Size: 953869MB BusType: 8
11:01:31.386 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
11:01:31.386 Disk 1 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 11
11:01:31.386 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0
11:01:31.386 Disk 2 Vendor: Corsair_Force_GT 1.3 Size: 114473MB BusType: 11
11:01:31.386 Disk 3 \Device\Harddisk3\DR3 -> \Device\00000082
11:01:31.386 Disk 3 Vendor: ST330006 CC45 Size: 2861588MB BusType: 11
11:01:31.386 Disk 4 \Device\Harddisk4\DR4 -> \Device\00000083
11:01:31.386 Disk 4 Vendor: ST330006 CC45 Size: 2861588MB BusType: 11
11:01:31.386 Disk 2 MBR read successfully
11:01:31.386 Disk 2 MBR scan
11:01:31.386 Disk 2 Windows 7 default MBR code
11:01:31.402 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:01:31.402 Disk 2 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
11:01:31.402 Disk 2 scanning C:\Windows\system32\drivers
11:01:33.617 Service scanning
11:01:39.405 Modules scanning
11:01:39.405 Disk 2 trace - called modules:
11:01:39.405 ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vsflt61.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
11:01:39.405 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa800e7e6060]
11:01:39.405 3 CLASSPNP.SYS[fffff880021cb43f] -> nt!IofCallDriver -> [0xfffffa800e6e58a0]
11:01:39.405 5 vsflt61.sys[fffff880011720fd] -> nt!IofCallDriver -> [0xfffffa800d42fe40]
11:01:39.420 7 ACPI.sys[fffff880010c17a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800d41b060]
11:01:39.561 AVAST engine scan C:\Windows
11:01:40.044 AVAST engine scan C:\Windows\system32
11:02:21.864 AVAST engine scan C:\Windows\system32\drivers
11:02:25.483 AVAST engine scan C:\Users\bj
11:03:39.599 AVAST engine scan C:\ProgramData
11:04:11.735 Scan finished successfully
11:04:33.809 Disk 2 MBR has been saved successfully to "C:\Users\bj\Desktop\MBR.dat"
11:04:33.809 The log file has been saved successfully to "C:\Users\bj\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   601bytes   0 downloads


#10 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:02:22 AM

Posted 14 July 2012 - 02:48 PM

We've got some more digging to do it seems. Please do the following:

----------Step 1----------------
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


----------Step 2----------------
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

----------Step 3----------------
Please post both MiniToolBox report (Result.txt) as well as the ESET scan results in your next reply.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#11 JackRivers

JackRivers
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 14 July 2012 - 08:52 PM

D-FRED-BROWN!
Thanks for your help. Before running ESET online scanner I turned off the Windows Defender and Windows Firewall which had turned themselves on automatically, apparently when I removed Norton 360v6 at your request.

Minitoolbox results file attached: result.txt

ESET crashed on my fifth local hard dive after scanning over 1.5 million files.
ESET screenshot before crash is attached: threats-found.jpg
(3 threats found, only on C: and D:)
ESET first time run log is attached as log1.txt

Crash details file is attached: crash.txt

Reran ESET to scan only drives C: and D:, the ones with OS and programs on them.
Second run log is attached as log2.txt

Getting deep, eh?

Attached Files



#12 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:02:22 AM

Posted 15 July 2012 - 05:21 PM

I think we're on the right track now. :thumbup2:

We have some more manual fixing to do. We'll use ComboFix for that.

----------Step 1----------------
Please download ATF Cleaner
Save it to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: : If you would like to keep your saved passwords, please click No at the prompt.

----------Step 2----------------
Before we do anything else, it's important that you backup your Registry with ERUNT
  • Please go here, scroll down to ERUNT, and download.
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your Registry to the folder of your choice.

Note: To restore your Registry, go to the folder and start ERDNT.exe


----------Step 3----------------
Next, please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

RegNull::
[HKEY_USERS\S-1-5-21-3288252528-373665740-3723732635-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{48F0B1B3-178B-E663-BFA6-C29142ADCA55}*]
[HKEY_USERS\S-1-5-21-3288252528-373665740-3723732635-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C0C616A4-5E45-C26C-00ED-125D4C3AA2AB}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{03223D4D-1B28-4325-9A96-9C5A4C8EA8BC}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{11D741B8-DD31-4707-B06A-7A68E3D84884}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{1A493EAC-93D3-4646-B911-4697A475FF4B}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{20EF7B60-CE85-4048-A409-02CB203268EE}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{242E582C-66A8-478C-8BCA-0AF9F1D38D39}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{29638F0C-042B-4B50-A2D2-8E8E7CA71E4F}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3B84C2D7-708C-48EF-8ED7-0C5FC0F030C6}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3B8C523D-E999-4C87-BB58-E03B7F5C67F8}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3D619A54-A36D-4F10-8380-B598CA94D916}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{787E3340-6D04-4BF3-BCC2-2AD3630471CE}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{861F5797-5F25-43E6-9510-527D056BC13C}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{92561398-2ED8-42AF-86E2-66FA8E9DC46E}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{B67DA794-42D6-4DFE-AE29-0334338228C9}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C514227C-0AF4-44BB-816A-E9483A4302C9}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C55AC07F-5B51-486C-811A-750184298D58}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C7A40493-BF23-4B53-AB2A-4A923B3EE34B}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{E14E55A7-29C8-4389-8E5A-3EF964510FCA}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{F5E30566-7C8F-4037-A8FF-A7382E251C56}*]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_USERS\S-1-5-21-3288252528-373665740-3723732635-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{48F0B1B3-178B-E663-BFA6-C29142ADCA55}]
[HKEY_USERS\S-1-5-21-3288252528-373665740-3723732635-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C0C616A4-5E45-C26C-00ED-125D4C3AA2AB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{03223D4D-1B28-4325-9A96-9C5A4C8EA8BC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{11D741B8-DD31-4707-B06A-7A68E3D84884}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{1A493EAC-93D3-4646-B911-4697A475FF4B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{20EF7B60-CE85-4048-A409-02CB203268EE}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{242E582C-66A8-478C-8BCA-0AF9F1D38D39}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{29638F0C-042B-4B50-A2D2-8E8E7CA71E4F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3B84C2D7-708C-48EF-8ED7-0C5FC0F030C6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3B8C523D-E999-4C87-BB58-E03B7F5C67F8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3D619A54-A36D-4F10-8380-B598CA94D916}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{787E3340-6D04-4BF3-BCC2-2AD3630471CE}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{861F5797-5F25-43E6-9510-527D056BC13C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{92561398-2ED8-42AF-86E2-66FA8E9DC46E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{B67DA794-42D6-4DFE-AE29-0334338228C9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C514227C-0AF4-44BB-816A-E9483A4302C9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C55AC07F-5B51-486C-811A-750184298D58}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C7A40493-BF23-4B53-AB2A-4A923B3EE34B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{E14E55A7-29C8-4389-8E5A-3EF964510FCA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{F5E30566-7C8F-4037-A8FF-A7382E251C56}]

Registry::
[-HKEY_USERS\S-1-5-21-3288252528-373665740-3723732635-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{48F0B1B3-178B-E663-BFA6-C29142ADCA55}]
[-HKEY_USERS\S-1-5-21-3288252528-373665740-3723732635-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C0C616A4-5E45-C26C-00ED-125D4C3AA2AB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{03223D4D-1B28-4325-9A96-9C5A4C8EA8BC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{11D741B8-DD31-4707-B06A-7A68E3D84884}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{1A493EAC-93D3-4646-B911-4697A475FF4B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{20EF7B60-CE85-4048-A409-02CB203268EE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{242E582C-66A8-478C-8BCA-0AF9F1D38D39}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{29638F0C-042B-4B50-A2D2-8E8E7CA71E4F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3B84C2D7-708C-48EF-8ED7-0C5FC0F030C6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3B8C523D-E999-4C87-BB58-E03B7F5C67F8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{3D619A54-A36D-4F10-8380-B598CA94D916}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{787E3340-6D04-4BF3-BCC2-2AD3630471CE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{861F5797-5F25-43E6-9510-527D056BC13C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{92561398-2ED8-42AF-86E2-66FA8E9DC46E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{B67DA794-42D6-4DFE-AE29-0334338228C9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C514227C-0AF4-44BB-816A-E9483A4302C9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C55AC07F-5B51-486C-811A-750184298D58}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C7A40493-BF23-4B53-AB2A-4A923B3EE34B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{E14E55A7-29C8-4389-8E5A-3EF964510FCA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{F5E30566-7C8F-4037-A8FF-A7382E251C56}]

Reboot::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#13 JackRivers

JackRivers
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 15 July 2012 - 06:54 PM

new combofix.txt:
==========================================================================================
ComboFix 12-07-14.01 - bj 07/15/2012 17:43:14.3.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16289.13705 [GMT -6:00]
Running from: C:\Users\bj\Desktop\ComboFix.exe
Command switches used :: C:\Users\bj\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\bj\AppData\Roaming\vso_ts_preview.xml


((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))


2012-07-15 23:47:04 . 2012-07-15 23:47:04 -------- d-----w- C:\Users\bj\AppData\Local\Adobe
2012-07-15 23:46:01 . 2012-07-15 23:46:01 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
2012-07-15 23:46:01 . 2012-07-15 23:46:01 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-07-15 23:36:57 . 2012-07-15 23:37:12 -------- d-----w- C:\Program Files (x86)\ERUNT
2012-07-15 19:07:22 . 2012-07-15 19:07:22 -------- d-----w- C:\Users\bj\AppData\Local\Razer
2012-07-15 19:07:22 . 2012-07-15 19:07:22 -------- d-----w- C:\ProgramData\Razer
2012-07-14 21:15:50 . 2012-07-14 21:15:50 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-14 01:46:21 . 2012-06-18 09:12:50 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{26483B1D-E82E-4D8C-A5E0-C3375E384B8A}\mpengine.dll
2012-07-13 19:43:17 . 2012-07-13 19:43:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-13 19:43:17 . 2012-07-03 19:46:44 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-07-13 16:29:35 . 2012-07-15 23:47:06 -------- d-----w- C:\Users\bj\AppData\Local\temp
2012-07-12 22:00:49 . 2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\system32\win32k.sys
2012-07-12 21:13:49 . 2012-07-13 00:49:27 -------- d-----w- C:\temp
2012-07-12 18:21:25 . 2012-07-12 18:21:25 -------- d-----w- C:\Users\bj\AppData\Roaming\AKVIS LLC
2012-07-12 18:10:20 . 2012-07-12 18:10:20 -------- d-----w- C:\Program Files (x86)\AKVIS
2012-07-08 21:00:43 . 2012-07-08 21:00:43 -------- d-----w- C:\Users\bj\AppData\Roaming\SynthMaker
2012-07-08 21:00:40 . 2012-07-08 21:00:40 -------- d-----w- C:\Users\bj\AppData\Roaming\Acoustica
2012-07-08 20:59:09 . 2012-07-08 20:59:09 -------- d-----w- C:\Program Files (x86)\VST
2012-07-08 20:57:52 . 2012-07-08 20:59:23 -------- d-----w- C:\Program Files (x86)\Acoustica Mixcraft 6
2012-07-08 20:57:52 . 2012-07-08 20:59:10 -------- d-----w- C:\ProgramData\Acoustica
2012-07-08 18:19:18 . 2012-07-08 18:22:41 -------- d-----w- C:\Users\bj\AppData\Roaming\Wise Registry Cleaner
2012-07-08 18:19:02 . 2012-07-08 18:19:02 -------- d-----w- C:\Program Files (x86)\Wise
2012-07-08 17:40:13 . 2012-07-08 17:40:13 -------- d-----w- C:\adobeTemp
2012-07-08 14:52:43 . 2012-07-08 14:52:43 54016 ----a-w- C:\Windows\SysWow64\drivers\egqc.sys
2012-07-03 00:23:14 . 2012-07-14 18:36:58 -------- d-----w- C:\Program Files (x86)\Antares Audio Technologies
2012-06-30 05:53:55 . 2012-06-30 05:53:55 -------- d-----w- C:\Program Files (x86)\FLVPlayer
2012-06-28 08:26:06 . 2012-06-28 08:26:06 143360 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
2012-06-28 06:36:06 . 2012-06-28 06:36:06 437248 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
2012-06-19 11:57:21 . 2012-06-02 22:19:43 2428952 ----a-w- C:\Windows\system32\wuaueng.dll
2012-06-19 11:57:21 . 2012-06-02 22:19:42 57880 ----a-w- C:\Windows\system32\wuauclt.exe
2012-06-19 11:57:21 . 2012-06-02 22:19:42 44056 ----a-w- C:\Windows\system32\wups2.dll
2012-06-19 11:57:21 . 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\system32\wucltux.dll
2012-06-19 11:57:20 . 2012-06-02 22:19:46 38424 ----a-w- C:\Windows\system32\wups.dll
2012-06-19 11:57:20 . 2012-06-02 22:19:23 701976 ----a-w- C:\Windows\system32\wuapi.dll
2012-06-19 11:57:20 . 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\system32\wudriver.dll
2012-06-19 11:57:20 . 2012-06-02 21:19:42 186752 ----a-w- C:\Windows\system32\wuwebv.dll
2012-06-19 11:57:20 . 2012-06-02 21:15:12 36864 ----a-w- C:\Windows\system32\wuapp.exe
2012-06-19 00:00:16 . 2012-06-19 00:00:16 -------- d-----w- C:\Users\bj\AppData\Local\Pop Art Studio 6.2
2012-06-18 18:40:21 . 2012-06-18 18:40:21 -------- d-----w- C:\Users\bj\AppData\Roaming\Final Draft
2012-06-18 18:38:43 . 2009-05-14 16:32:24 4169728 ----a-r- C:\Windows\SysWow64\cdintf400.dll
2012-06-18 18:38:41 . 2012-06-18 18:39:39 -------- d-----w- C:\ProgramData\Final Draft
2012-06-18 18:38:41 . 2012-06-18 18:38:41 -------- d-----w- C:\Program Files (x86)\Final Draft Tagger
2012-06-18 18:38:40 . 2012-06-18 18:38:40 -------- d-----w- C:\Program Files (x86)\Final Draft 8
2012-06-18 02:09:18 . 2012-06-18 02:09:18 26112 ----a-w- C:\Windows\system32\drivers\rzdaendpt.sys
2012-06-18 02:09:16 . 2012-06-18 02:09:16 7168 ----a-w- C:\Windows\system32\drivers\rzkbdhid.sys
2012-06-18 02:09:16 . 2012-06-18 02:09:16 20992 ----a-w- C:\Windows\system32\drivers\rzvkeyboard.sys
2012-06-18 02:09:12 . 2012-06-18 02:09:12 97792 ----a-w- C:\Windows\system32\drivers\rzudd.sys
2012-06-18 01:38:48 . 2012-06-18 01:38:48 165888 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-07-12 05:08:10 . 2012-04-03 06:39:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-12 05:08:10 . 2011-10-16 05:20:09 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 18:25:12 . 2011-09-30 20:48:21 279656 ------w- C:\Windows\system32\MpSigStub.exe
2012-05-11 14:12:30 . 2012-05-11 14:12:30 10503680 ----a-w- C:\Windows\system32\BCC8_3DObjects_AE.dll
2012-05-11 13:55:08 . 2012-05-11 13:55:08 35250688 ----a-w- C:\Windows\system32\BCC8_AE_Float.dll
2012-05-11 13:44:24 . 2012-05-11 13:44:24 34866176 ----a-w- C:\Windows\system32\BCC8_AE_8Bit.dll
2012-05-11 13:33:52 . 2012-05-11 13:33:52 34906624 ----a-w- C:\Windows\system32\BCC8_AE_16Bit.dll
2012-05-11 13:27:58 . 2012-05-11 13:27:58 1027072 ----a-w- C:\Windows\system32\BCC8_Common_AE.dll
2012-05-09 18:21:41 . 2012-04-29 16:50:12 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-09 18:21:36 . 2011-10-17 04:52:25 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-04 11:06:22 . 2012-06-12 20:00:07 5559664 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-05-04 11:00:43 . 2012-06-12 20:21:38 366592 ----a-w- C:\Windows\system32\qdvd.dll
2012-05-04 10:03:53 . 2012-06-12 20:00:07 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 . 2012-06-12 20:00:07 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59:54 . 2012-06-12 20:21:38 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-05-01 05:40:20 . 2012-06-12 20:00:08 209920 ----a-w- C:\Windows\system32\profsvc.dll
2012-04-28 05:32:05 . 2012-06-12 20:00:03 1112064 ----a-w- C:\Windows\system32\rdpcorets.dll
2012-04-28 03:55:21 . 2012-06-12 20:00:03 210944 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-04-26 05:41:56 . 2012-06-12 20:00:11 77312 ----a-w- C:\Windows\system32\rdpwsx.dll
2012-04-26 05:41:55 . 2012-06-12 20:00:11 149504 ----a-w- C:\Windows\system32\rdpcorekmts.dll
2012-04-26 05:34:27 . 2012-06-12 20:00:11 9216 ----a-w- C:\Windows\system32\rdrmemptylst.exe
2012-04-24 05:37:37 . 2012-06-12 20:00:02 184320 ----a-w- C:\Windows\system32\cryptsvc.dll
2012-04-24 05:37:37 . 2012-06-12 20:00:02 140288 ----a-w- C:\Windows\system32\cryptnet.dll
2012-04-24 05:37:36 . 2012-06-12 20:00:02 1462272 ----a-w- C:\Windows\system32\crypt32.dll
2012-04-24 04:36:42 . 2012-06-12 20:00:02 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 . 2012-06-12 20:00:02 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 . 2012-06-12 20:00:02 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 02:56:30 . 2012-04-19 02:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 02:56:30 . 2012-04-19 02:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts


((((((((((((((((((((((((((((( SnapShot_2012-07-13_16.28.40 )))))))))))))))))))))))))))))))))))))))))

+ 2009-07-14 05:10:35 . 2012-07-15 19:14:22 56816 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-29 20:20:22 . 2012-07-15 19:14:22 30210 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3288252528-373665740-3723732635-1000_UserData.bin
+ 2009-07-14 05:30:40 . 2012-07-15 19:10:55 86016 C:\Windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30:40 . 2012-06-13 22:54:33 86016 C:\Windows\system32\DriverStore\infpub.dat
+ 2012-06-18 02:09:16 . 2012-06-18 02:09:16 20992 C:\Windows\system32\DriverStore\FileRepository\rzvkeyboard.inf_amd64_neutral_d634311ffd50d1ea\rzvkeyboard.sys
+ 2012-06-18 02:09:12 . 2012-06-18 02:09:12 97792 C:\Windows\system32\DriverStore\FileRepository\rzuddmouex.inf_amd64_neutral_8dbc8ba0a897155e\rzudd.sys
+ 2012-06-18 02:09:12 . 2012-06-18 02:09:12 97792 C:\Windows\system32\DriverStore\FileRepository\rzuddmou.inf_amd64_neutral_1b16a2295e329e0d\rzudd.sys
+ 2012-06-18 02:09:12 . 2012-06-18 02:09:12 97792 C:\Windows\system32\DriverStore\FileRepository\rzuddkbex.inf_amd64_neutral_ab9ac5f610cdb28a\rzudd.sys
+ 2012-06-18 02:09:12 . 2012-06-18 02:09:12 97792 C:\Windows\system32\DriverStore\FileRepository\rzuddkb.inf_amd64_neutral_99acba8ba9069cd3\rzudd.sys
+ 2012-06-18 02:09:10 . 2012-06-18 02:09:10 13312 C:\Windows\system32\DriverStore\FileRepository\rzhnet.inf_amd64_neutral_70923b5a31bac87f\rzhnet.sys
+ 2012-06-18 02:09:10 . 2012-06-18 02:09:10 21504 C:\Windows\system32\DriverStore\FileRepository\rzendpt.inf_amd64_neutral_8a3d22378b3e2ef3\rzendpt.sys
+ 2012-06-18 02:09:18 . 2012-06-18 02:09:18 26112 C:\Windows\system32\DriverStore\FileRepository\rzdaendpt.inf_amd64_neutral_6adcdcf583356bfe\rzdaendpt.sys
+ 2012-06-18 02:09:12 . 2012-06-18 02:09:12 97792 C:\Windows\system32\DriverStore\FileRepository\rz0116kbex.inf_amd64_neutral_6a518180f110eabb\rzudd.sys
+ 2012-06-18 02:09:12 . 2012-06-18 02:09:12 97792 C:\Windows\system32\DriverStore\FileRepository\rz0110mou.inf_amd64_neutral_e153ec68e628d2ab\rzudd.sys
+ 2012-06-18 02:09:12 . 2012-06-18 02:09:12 97792 C:\Windows\system32\DriverStore\FileRepository\rz0110kb.inf_amd64_neutral_9324f57ef909e193\rzudd.sys
+ 2012-06-18 02:09:10 . 2012-06-18 02:09:10 21504 C:\Windows\system32\DriverStore\FileRepository\rz0110endpt.inf_amd64_neutral_92788e4686d674d3\rzendpt.sys
+ 2012-06-18 02:09:12 . 2012-06-18 02:09:12 97792 C:\Windows\system32\DriverStore\FileRepository\rz010emou.inf_amd64_neutral_dcd4feb5e5aebed2\rzudd.sys
+ 2012-06-18 02:09:12 . 2012-06-18 02:09:12 97792 C:\Windows\system32\DriverStore\FileRepository\rz010ekb.inf_amd64_neutral_8ab4fa16ec1f069b\rzudd.sys
+ 2012-06-18 02:09:10 . 2012-06-18 02:09:10 21504 C:\Windows\system32\DriverStore\FileRepository\rz010eendpt.inf_amd64_neutral_478e5b2645107ed8\rzendpt.sys
+ 2012-06-18 02:09:12 . 2012-06-18 02:09:12 97792 C:\Windows\system32\DriverStore\FileRepository\rz010dmou.inf_amd64_neutral_895509d6ba64c793\rzudd.sys
+ 2012-06-18 02:09:12 . 2012-06-18 02:09:12 97792 C:\Windows\system32\DriverStore\FileRepository\rz010dkb.inf_amd64_neutral_5b0906cc9583ae86\rzudd.sys
+ 2012-06-18 02:09:10 . 2012-06-18 02:09:10 21504 C:\Windows\system32\DriverStore\FileRepository\rz010dendpt.inf_amd64_neutral_22b5493b9f2739a9\rzendpt.sys
+ 2012-06-18 02:09:12 . 2012-06-18 02:09:12 97792 C:\Windows\system32\DriverStore\FileRepository\rz002bkbex.inf_amd64_neutral_708c67bae1390d76\rzudd.sys
+ 2012-06-18 02:09:12 . 2012-06-18 02:09:12 97792 C:\Windows\system32\DriverStore\FileRepository\rz0020mou.inf_amd64_neutral_beddb5f542fbe6e7\rzudd.sys
+ 2012-06-18 02:09:12 . 2012-06-18 02:09:12 97792 C:\Windows\system32\DriverStore\FileRepository\rz0020kb.inf_amd64_neutral_a46d92bbf1eeccf7\rzudd.sys
- 2011-09-30 21:09:38 . 2012-07-13 02:16:32 32768 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-30 21:09:38 . 2012-07-15 19:18:37 32768 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-30 21:09:38 . 2012-07-15 19:18:37 32768 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-30 21:09:38 . 2012-07-13 02:16:32 32768 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54:19 . 2012-07-15 19:18:37 32768 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54:19 . 2012-07-13 02:16:32 32768 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46:26 . 2012-07-15 15:11:13 84336 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-18 02:09:16 . 2012-06-18 02:09:16 7168 C:\Windows\system32\DriverStore\FileRepository\rzvkeyboard.inf_amd64_neutral_d634311ffd50d1ea\rzkbdhid.sys
- 2012-07-13 16:23:28 . 2012-07-13 16:23:28 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-15 23:47:00 . 2012-07-15 23:47:00 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-29 20:20:22 . 2012-07-14 21:32:31 169708 C:\Windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 02:36:59 . 2012-07-15 19:16:54 692820 C:\Windows\system32\perfh009.dat
- 2009-07-14 02:36:59 . 2012-07-13 16:28:15 692820 C:\Windows\system32\perfh009.dat
- 2009-07-14 02:36:59 . 2012-07-13 16:28:15 133948 C:\Windows\system32\perfc009.dat
+ 2009-07-14 02:36:59 . 2012-07-15 19:16:54 133948 C:\Windows\system32\perfc009.dat
- 2009-07-14 05:30:40 . 2012-06-13 22:54:33 239616 C:\Windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30:40 . 2012-07-15 19:10:55 239616 C:\Windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30:40 . 2012-06-13 22:54:33 143360 C:\Windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30:40 . 2012-07-15 19:10:44 143360 C:\Windows\system32\DriverStore\infstor.dat
+ 2012-03-30 05:39:26 . 2012-03-30 05:39:26 412432 C:\Windows\system32\DriverStore\FileRepository\rzuddmouex.inf_amd64_neutral_8dbc8ba0a897155e\SynTP.sys
+ 2012-03-30 05:39:20 . 2012-03-30 05:39:20 708168 C:\Windows\system32\DriverStore\FileRepository\rzrbtldr.inf_amd64_neutral_ffdc85c90bf74a7a\WinUSBCoInstaller.dll
+ 2009-07-14 05:01:48 . 2012-07-15 23:46:11 423338 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-15 19:07:22 . 2012-07-15 19:07:22 128416 C:\Windows\Installer\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}\NewShortcut1_39DEDF8BE16D414F9CB4D01021BE0D48.exe
+ 2012-07-15 19:07:22 . 2012-07-15 19:07:22 128416 C:\Windows\Installer\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}\ARPPRODUCTICON.exe
+ 2012-07-15 23:47:05 . 2005-10-20 18:02:28 163328 C:\Windows\erdnt\AutoBackup\7-15-2012\ERDNT.EXE
+ 2011-10-27 13:25:18 . 2012-07-15 19:12:22 4960168 C:\Windows\system32\FNTCACHE.DAT
+ 2009-07-14 06:21:12 . 2009-07-14 06:21:12 1721576 C:\Windows\system32\DriverStore\FileRepository\rzvkeyboard.inf_amd64_neutral_d634311ffd50d1ea\WdfCoInstaller01009.dll
+ 2009-07-14 06:21:12 . 2009-07-14 06:21:12 1721576 C:\Windows\system32\DriverStore\FileRepository\rzuddmouex.inf_amd64_neutral_8dbc8ba0a897155e\WdfCoInstaller01009.dll
+ 2009-07-14 06:21:12 . 2009-07-14 06:21:12 1721576 C:\Windows\system32\DriverStore\FileRepository\rzuddmou.inf_amd64_neutral_1b16a2295e329e0d\WdfCoInstaller01009.dll
+ 2009-07-14 06:21:12 . 2009-07-14 06:21:12 1721576 C:\Windows\system32\DriverStore\FileRepository\rzuddkbex.inf_amd64_neutral_ab9ac5f610cdb28a\WdfCoInstaller01009.dll
+ 2009-07-14 06:21:12 . 2009-07-14 06:21:12 1721576 C:\Windows\system32\DriverStore\FileRepository\rzuddkb.inf_amd64_neutral_99acba8ba9069cd3\WdfCoInstaller01009.dll
+ 2009-07-14 06:21:12 . 2009-07-14 06:21:12 1721576 C:\Windows\system32\DriverStore\FileRepository\rzrbtldr.inf_amd64_neutral_ffdc85c90bf74a7a\WdfCoInstaller01009.dll
+ 2009-07-14 06:21:12 . 2009-07-14 06:21:12 1721576 C:\Windows\system32\DriverStore\FileRepository\rzhnet.inf_amd64_neutral_70923b5a31bac87f\WdfCoInstaller01009.dll
+ 2009-07-14 06:21:12 . 2009-07-14 06:21:12 1721576 C:\Windows\system32\DriverStore\FileRepository\rzendpt.inf_amd64_neutral_8a3d22378b3e2ef3\WdfCoInstaller01009.dll
+ 2009-07-14 06:21:12 . 2009-07-14 06:21:12 1721576 C:\Windows\system32\DriverStore\FileRepository\rzdaendpt.inf_amd64_neutral_6adcdcf583356bfe\WdfCoInstaller01009.dll
+ 2009-07-14 06:21:12 . 2009-07-14 06:21:12 1721576 C:\Windows\system32\DriverStore\FileRepository\rz0116kbex.inf_amd64_neutral_6a518180f110eabb\WdfCoInstaller01009.dll
+ 2009-07-14 06:21:12 . 2009-07-14 06:21:12 1721576 C:\Windows\system32\DriverStore\FileRepository\rz0110mou.inf_amd64_neutral_e153ec68e628d2ab\WdfCoInstaller01009.dll
+ 2009-07-14 06:21:12 . 2009-07-14 06:21:12 1721576 C:\Windows\system32\DriverStore\FileRepository\rz0110kb.inf_amd64_neutral_9324f57ef909e193\WdfCoInstaller01009.dll
+ 2009-07-14 06:21:12 . 2009-07-14 06:21:12 1721576 C:\Windows\system32\DriverStore\FileRepository\rz0110endpt.inf_amd64_neutral_92788e4686d674d3\WdfCoInstaller01009.dll
+ 2009-07-14 06:21:12 . 2009-07-14 06:21:12 1721576 C:\Windows\system32\DriverStore\FileRepository\rz010emou.inf_amd64_neutral_dcd4feb5e5aebed2\WdfCoInstaller01009.dll
+ 2009-07-14 06:21:12 . 2009-07-14 06:21:12 1721576 C:\Windows\system32\DriverStore\FileRepository\rz010ekb.inf_amd64_neutral_8ab4fa16ec1f069b\WdfCoInstaller01009.dll
+ 2009-07-14 06:21:12 . 2009-07-14 06:21:12 1721576 C:\Windows\system32\DriverStore\FileRepository\rz010eendpt.inf_amd64_neutral_478e5b2645107ed8\WdfCoInstaller01009.dll
+ 2009-07-14 06:21:12 . 2009-07-14 06:21:12 1721576 C:\Windows\system32\DriverStore\FileRepository\rz010dmou.inf_amd64_neutral_895509d6ba64c793\WdfCoInstaller01009.dll
+ 2009-07-14 06:21:12 . 2009-07-14 06:21:12 1721576 C:\Windows\system32\DriverStore\FileRepository\rz010dkb.inf_amd64_neutral_5b0906cc9583ae86\WdfCoInstaller01009.dll
+ 2009-07-14 06:21:12 . 2009-07-14 06:21:12 1721576 C:\Windows\system32\DriverStore\FileRepository\rz010dendpt.inf_amd64_neutral_22b5493b9f2739a9\WdfCoInstaller01009.dll
+ 2009-07-14 06:21:12 . 2009-07-14 06:21:12 1721576 C:\Windows\system32\DriverStore\FileRepository\rz002bkbex.inf_amd64_neutral_708c67bae1390d76\WdfCoInstaller01009.dll
+ 2009-07-14 06:21:12 . 2009-07-14 06:21:12 1721576 C:\Windows\system32\DriverStore\FileRepository\rz0020mou.inf_amd64_neutral_beddb5f542fbe6e7\WdfCoInstaller01009.dll
+ 2009-07-14 06:21:12 . 2009-07-14 06:21:12 1721576 C:\Windows\system32\DriverStore\FileRepository\rz0020kb.inf_amd64_neutral_a46d92bbf1eeccf7\WdfCoInstaller01009.dll
+ 2012-07-15 19:07:05 . 2012-07-15 19:07:05 7394304 C:\Windows\Installer\3f8e364.msi
+ 2011-09-30 05:25:17 . 2012-07-15 23:46:12 50099466 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3288252528-373665740-3723732635-1000-12288.dat
+ 2012-07-15 23:47:05 . 2012-07-15 23:47:05 10797056 C:\Windows\erdnt\AutoBackup\7-15-2012\Users\00000002\UsrClass.dat
+ 2012-07-15 23:47:05 . 2012-07-15 23:47:05 12697600 C:\Windows\erdnt\AutoBackup\7-15-2012\Users\00000001\NTUSER.DAT

-- Snapshot reset to current date --

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58:14 94208 ----a-w- C:\Users\bj\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58:14 94208 ----a-w- C:\Users\bj\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58:14 94208 ----a-w- C:\Users\bj\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58:14 94208 ----a-w- C:\Users\bj\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" [2010-11-14 23:30:49 222496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2010-09-08 00:40:32 43608]
"NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-29 21:12:05 113288]
"VolPanel"="C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-07-07 19:13:38 241789]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 07:00:00 90112]
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 19:37:14 517096]
"PowerPanel Personal Edition User Interaction"="D:\=Tools\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2010-08-03 16:02:08 349632]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 02:06:18 59280]
"Norton Ghost 15.0"="C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe" [2009-10-02 04:32:04 2596712]
"amd_dc_opt"="C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 20:53:10 77824]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 20:02:04 254696]
"FPVCodecPackTrialInfo"="C:\Windows\WICCodecs\{A6D092A4-081A-4F0E-9356-DA167E87D922}\FPVCodecPackTrialInfo.exe" [2012-04-29 06:42:34 325352]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-04-19 02:56:22 421888]
"AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 16:16:08 1073352]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-06-08 01:33:22 421776]
"Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 19:46:44 462920]
"Razer Synapse"="C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" [2012-07-01 19:22:52 314280]

C:\Users\bj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\bj\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Nostromo Loadout Manager.lnk - C:\Windows\Installer\{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe [2011-10-5 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\SysWOW64\nvinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

2;3 SymSnapService;SymSnapService [x]
R1 VDiskBus;ASUS Disk Unlocker;C:\Windows\system32\DRIVERS\VDiskBus64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 20:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-30 04:06:50 136176]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 19:46:44 655944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 00:02:00 2348352]
R2 RNX-MiniN111nCU;RNX-MiniN111nCU; [x]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-12-16 21:35:42 5881952]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 05:08:11 250056]
R3 ASFLTDrv.sys;ASFLTDrv.sys; [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys [2011-03-13 16:58:42 36000]
R3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys [2011-03-13 16:58:42 51872]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys [2011-03-13 16:58:42 298656]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 16:58:44 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 16:58:44 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 16:58:44 154272]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys [2011-03-13 16:58:44 280224]
R3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 05:44:20 276248]
R3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17:58:52 17864]
R3 cpuz134;cpuz134;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 18:19:04 21480]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-09-30 00:38:41 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-09-30 00:38:31 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-10-08 01:45:08 79360]
R3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS [2010-07-08 05:15:50 230488]
R3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS [2010-07-08 05:16:06 1445976]
R3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS [2010-07-08 05:15:56 95320]
R3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys [2010-03-23 22:37:34 12032]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-21 01:15:24 1431888]
R3 GenericMount Helper Service;GenericMount Helper Service;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2009-09-22 03:25:34 1571336]
R3 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2011-03-21 23:05:02 745472]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-30 04:06:50 136176]
R3 HRMACPI;DSF ACPI Redirection Module;C:\Windows\system32\DRIVERS\HRMACPI.SYS [x]
R3 HRMINTS;DSF Interrupt Redirection Module;C:\Windows\system32\DRIVERS\HRMINTS.SYS [2010-02-09 04:28:10 128504]
R3 HRMPORTS;DSF IO Port Redirection Module;C:\Windows\system32\DRIVERS\HRMPORTS.SYS [2010-02-09 04:28:10 148360]
R3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [2010-02-09 16:53:30 28680]
R3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [2010-02-09 16:53:26 196616]
R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-07-03 19:46:44 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 16:49:20 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2010-11-20 09:03:44 20992]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192cu.sys [x]
R3 rtlss;Service for enabling selective suspend to RTL device;C:\Windows\system32\Drivers\rtlss.sys [x]
R3 SMServer;SMServer;C:\Windows\SysWOW64\snmvtsvc.exe [2011-03-21 21:00:34 243712]
R3 SOFTHIDUSBK;USB HID Layer;C:\Windows\system32\DRIVERS\SOFTHIDUSBK.SYS [2010-02-09 02:06:42 206848]
R3 SOFTUSBK;Generic USB device;C:\Windows\system32\DRIVERS\SOFTUSBK.SYS [2010-02-09 02:06:46 675328]
R3 SOFTUSBTESTHUB;Generic USB Test Hub;C:\Windows\system32\DRIVERS\SOFTUSBTESTHUB.SYS [x]
R3 SOFTWADP;Wireless adapter devices;C:\Windows\system32\DRIVERS\SOFTWADP.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 19:37:14 517096]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\Windows\system32\dllhost.exe [2009-07-14 01:39:06 9728]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 09:07:06 59392]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-02-15 18:01:50 52736]
R3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgx64gps.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-30 21:06:52 1255736]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 21:27:44 29288]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 21:27:44 29288]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 21:27:44 29288]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 21:27:44 29288]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 21:27:44 29288]
R3 WSOFTUSBK;Generic wireless USB device;C:\Windows\system32\DRIVERS\WSOFTUSBK.SYS [x]
S0 DSFKSVCS;Kernel Services for DSF;C:\Windows\system32\DRIVERS\dsfksvcs.sys [2010-02-09 04:28:08 676232]
S0 dsfroot;root enumerated bus driver;C:\Windows\system32\DRIVERS\dsfroot.sys [2010-02-09 04:28:08 35832]
S0 fltsrv;Acronis Storage Filter Management;C:\Windows\system32\DRIVERS\fltsrv.sys [2012-02-17 02:12:12 133728]
S0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\system32\DRIVERS\mv91cons.sys [2011-03-14 09:29:46 24880]
S0 mvs91xx;mvs91xx;C:\Windows\system32\DRIVERS\mvs91xx.sys [2011-03-14 09:29:46 313136]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2011-11-03 09:01:00 56208]
S0 vididr;Acronis Virtual Disk;C:\Windows\system32\DRIVERS\vididr.sys [2012-02-17 02:12:13 211040]
S0 vidsflt61;Acronis Disk Storage Filter (61);C:\Windows\system32\DRIVERS\vsflt61.sys [2012-02-17 02:12:13 142944]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\dddskx64.sys [2009-02-12 21:11:26 26024]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904]
S2 Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.;Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.;D:\=Tools\Program Files (x86)\FantaMorph5\FantaUp.exe [2010-11-19 00:26:22 224176]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 05:53:50 63928]
S2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 16:59:26 918448]
S2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 16:15:14 915584]
S2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-22 00:52:26 586880]
S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 16:58:30 74912]
S2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 18:24:48 296808]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe [2011-01-17 22:00:50 164520]
S2 iprip;RIP Listener;C:\Windows\System32\svchost.exe [2009-07-14 01:39:46 27136]
S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;D:\=Tools\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 04:52:54 86016]
S2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-02-23 03:26:24 66560]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 19:27:58 336824]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 19:26:46 382272]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
S3 bcgame;Nostromo HID Device Minidriver;C:\Windows\system32\drivers\bcgame.sys [2007-08-14 16:36:58 35328]
S3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys [2011-03-13 16:58:42 28832]
S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.SYS [2010-07-08 05:15:50 230488]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.SYS [2010-07-08 05:16:06 1445976]
S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.SYS [2010-07-08 05:15:56 95320]
S3 DrmRAudio;DrmRAudio;C:\Windows\system32\drivers\DrmRAudio.sys [2011-03-22 08:25:34 34040]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys [2011-09-29 21:09:42 328368]
S3 GenericMount;Generic Mount Driver;C:\Windows\system32\DRIVERS\GenericMount.sys [2009-09-22 02:26:10 54320]
S3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys [2010-07-08 05:21:18 1612888]
S3 HRMCFGSPC;DSF General Configuration Space Redirection Module;C:\Windows\system32\DRIVERS\HRMCFGSPC.SYS [2010-02-09 04:28:10 133512]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys [2010-08-18 07:28:32 26136]
S3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 22:34:26 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys [2011-09-29 21:12:06 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys [2011-09-29 21:12:06 181248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [2012-01-17 12:45:56 188224]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 12:34:52 539240]
S3 rzdaendpt;%rzdaendpt.SvcDesc%;C:\Windows\system32\DRIVERS\rzdaendpt.sys [2012-06-18 02:09:18 26112]
S3 rzudd;Razer Mouse Driver;C:\Windows\system32\DRIVERS\rzudd.sys [2012-06-18 02:09:12 97792]
S3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\system32\DRIVERS\rzvkeyboard.sys [2012-06-18 02:09:16 20992]
S3 softehci;Microsoft USB 2.0 Enhanced Host Controller Interface (EHCI) Simulator Driver;C:\Windows\system32\DRIVERS\softehci.sys [2010-02-09 02:06:46 366592]
S3 usbehci_dsf;Microsoft DSF-enabled USB 2.0 Enhanced Host Controller Interface (EHCI) Miniport Driver;C:\Windows\system32\DRIVERS\usbehci_dsf.sys [2010-02-09 02:58:56 52736]
S3 VKbms;Razer Gaming Device;C:\Windows\system32\DRIVERS\VKbms.sys [2010-10-01 06:16:34 13312]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc

Contents of the 'Scheduled Tasks' folder

2012-07-15 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 06:39:29 . 2012-07-12 05:08:11]

2012-07-15 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-30 04:06:50 . 2011-09-30 04:06:50]

2012-07-15 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-30 04:06:50 . 2011-09-30 04:06:50]

2012-07-15 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3288252528-373665740-3723732635-1000Core.job
- C:\Users\bj\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14 00:55:48 . 2012-06-14 00:55:48]

2012-07-15 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3288252528-373665740-3723732635-1000UA.job
- C:\Users\bj\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14 00:55:48 . 2012-06-14 00:55:48]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58:16 97792 ----a-w- C:\Users\bj\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58:16 97792 ----a-w- C:\Users\bj\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58:16 97792 ----a-w- C:\Users\bj\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58:16 97792 ----a-w- C:\Users\bj\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 12:09:46 446392]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2012-03-20 05:44:20 170264]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-03-20 05:44:20 398616]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2012-03-20 05:44:20 439064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=C:\Windows\System32\nvinitx.dll

------- Supplementary Scan -------

uStart Page = hxxp://google.com/
uLocal Page = C:\Program Files\Boris FX, Inc\Boris RED 5\Documentation\wwhelp\wwhimpl\common\html\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with Mipony - file://D:\=Tools\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - D:\_TOOLS~1\PROGRA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - C:\Users\bj\AppData\Roaming\Mozilla\Firefox\Profiles\8b85rv59.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)


====================================================================================================================================
I received warnings about attempted deletion of registry keys within ASUS AIsuiteII's components. I clicked OK on each of 3 warnings.
All seems to be running well so far.

What did we just do?
Should I restore the registry? Reinstall an AV and firewall?
I will take no action until your reply.

Thank you for your rockin' attention on a SUNDAY, D!

#14 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:02:22 AM

Posted 15 July 2012 - 07:13 PM

I received warnings about attempted deletion of registry keys within ASUS AIsuiteII's components. I clicked OK on each of 3 warnings.

See if you can reinstall Asus AI Suite II. Is it not functioning properly anymore?

All seems to be running well so far.

I am thrilled to hear that! :thumbsup:

What did we just do? Should I restore the registry?

No, please don't... We removed some malicious registry entries there with ComboFix. Restoring the registry would only bring them back, which I suspect we don't want. :P

Reinstall an AV and firewall?

At this point, we still have a few more steps to take before I can verity that it's a safe time to install any security software. We're getting there.

Thank you for your rockin' attention on a SUNDAY, D!

No problem. :thumbup2:


For now, please go ahead and reinstall your Asus software that gave you the errors before.

After that, please create a new restore point.

Next, please run ComboFix once again (no need to run the CFScript procedure again). If asked to update to a newer version, please allow it to do so. Please post the newly-created C:\ComboFix.txt in your next reply.

After all that, how are things running now? Are you still getting redirected?
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#15 JackRivers

JackRivers
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 15 July 2012 - 07:18 PM

RESTORE POINT: I am told never to set a restore on a c: drive when C: is an SSD. Mine is a Corsair Force GT SSD. What do you know about this?
AI suite II not running now. Am d/l'ing and will reinstall then continue with your instructions...

When I do the combofix again do I use the "sript drop on icon" method? Edit: re-read your don't note. OK)

NO REDIRECTS CURRENTLY (so far) :)

thanks...

Edited by JackRivers, 15 July 2012 - 07:26 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users