Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smart HDD - Is it Gone?


  • This topic is locked This topic is locked
9 replies to this topic

#1 jac2196

jac2196

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 13 July 2012 - 08:54 AM

Hello. I believe my computer was infected with some version of the Smart HDD virus yesterday. I received repeated "Write Fault Error" messages, and all of my desktop and start icons disappeared. I was able to follow the Bleeping Computer Smart HDD instructions - launch in Safe Mode, launch RKill, run Malawarebyetes, and then use the "Unhide" program. I thought everything was ok and went back into Regular Mode, but unfortunately, the problem reappeared. I had to then repeat the Safe Mode process.

I would like to post a DDS log to make sure the infection is gone. (I need to the the bar exam with this computer next week!) But I'm having a problem running DDS: when I click on the icon, I see a black DOS box pop up for just a second, then the box goes away and nothing else happens. I understand that script blocking programs need to be disabled before running DDS, and I disabled Norton Antivirus Auto-protect and the Windows Firewall before doing so

I am running Windows 7 Home Premium, 64 bit. Any help would be appreciated - either a workaround for my DDS problem or a recommendation for another logging program.

Many thanks!

BC AdBot (Login to Remove)

 


#2 jac2196

jac2196
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 13 July 2012 - 11:28 AM

For what it's worth, I was able to run Hijack This. The log is posted below:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:24:55 PM, on 7/13/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Users\Josh & Katie\Desktop\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} (IASRunner Class) - http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Service - Egis Technology Inc. - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
O23 - Service: EgisTec Service Help - Egis Technology Inc. - C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 20575 bytes

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 PM

Posted 18 July 2012 - 08:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/460512 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 19 July 2012 - 09:48 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please run these tools in the order listed.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

#5 jac2196

jac2196
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 19 July 2012 - 08:14 PM

Many, many thanks for your help. I ran the tools as you instructed. Everything except Security Check ran with no problem, and the relevant logs are posted below. When I opened Security Check, the program ran for a while, then the checkup.exe file appeared, but it was empty. Behind the text file, the Security Check program displayed "The system cannot find the specified path" two times. Should I try running Security Check in Safe Mode?

Here is the TSS Log:

18:06:44.0476 6084 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
18:06:44.0491 6084 ============================================================
18:06:44.0491 6084 Current date / time: 2012/07/19 18:06:44.0491
18:06:44.0491 6084 SystemInfo:
18:06:44.0491 6084
18:06:44.0491 6084 OS Version: 6.1.7601 ServicePack: 1.0
18:06:44.0491 6084 Product type: Workstation
18:06:44.0491 6084 ComputerName: CIPPELLAPTOP
18:06:44.0491 6084 UserName: Josh & Katie
18:06:44.0491 6084 Windows directory: C:\windows
18:06:44.0491 6084 System windows directory: C:\windows
18:06:44.0491 6084 Running under WOW64
18:06:44.0491 6084 Processor architecture: Intel x64
18:06:44.0491 6084 Number of processors: 4
18:06:44.0491 6084 Page size: 0x1000
18:06:44.0491 6084 Boot type: Normal boot
18:06:44.0491 6084 ============================================================
18:06:45.0006 6084 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x162DD1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
18:06:45.0006 6084 ============================================================
18:06:45.0006 6084 \Device\Harddisk0\DR0:
18:06:45.0006 6084 MBR partitions:
18:06:45.0006 6084 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
18:06:45.0006 6084 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x51D62800
18:06:45.0037 6084 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x51DC7800, BlocksNum 0x3A00800
18:06:45.0037 6084 ============================================================
18:06:45.0084 6084 C: <-> \Device\Harddisk0\DR0\Partition1
18:06:45.0147 6084 D: <-> \Device\Harddisk0\DR0\Partition2
18:06:45.0147 6084 ============================================================
18:06:45.0147 6084 Initialize success
18:06:45.0147 6084 ============================================================
18:07:03.0570 5992 ============================================================
18:07:03.0570 5992 Scan started
18:07:03.0586 5992 Mode: Manual;
18:07:03.0586 5992 ============================================================
18:07:04.0007 5992 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
18:07:04.0038 5992 1394ohci - ok
18:07:04.0101 5992 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
18:07:04.0116 5992 ACPI - ok
18:07:04.0147 5992 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
18:07:04.0147 5992 AcpiPmi - ok
18:07:04.0194 5992 ACPIVPC (5bbff8b826ec38d32c26334e079c7efc) C:\windows\system32\DRIVERS\AcpiVpc.sys
18:07:04.0194 5992 ACPIVPC - ok
18:07:04.0288 5992 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
18:07:04.0288 5992 Adobe LM Service - ok
18:07:04.0506 5992 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:07:04.0506 5992 AdobeFlashPlayerUpdateSvc - ok
18:07:04.0615 5992 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
18:07:04.0631 5992 adp94xx - ok
18:07:04.0725 5992 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
18:07:04.0740 5992 adpahci - ok
18:07:04.0771 5992 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
18:07:04.0787 5992 adpu320 - ok
18:07:04.0834 5992 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
18:07:04.0834 5992 AeLookupSvc - ok
18:07:04.0943 5992 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
18:07:04.0943 5992 AFD - ok
18:07:04.0990 5992 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
18:07:04.0990 5992 agp440 - ok
18:07:05.0005 5992 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
18:07:05.0005 5992 ALG - ok
18:07:05.0052 5992 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
18:07:05.0052 5992 aliide - ok
18:07:05.0068 5992 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
18:07:05.0068 5992 amdide - ok
18:07:05.0099 5992 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
18:07:05.0099 5992 AmdK8 - ok
18:07:05.0115 5992 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
18:07:05.0130 5992 AmdPPM - ok
18:07:05.0161 5992 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
18:07:05.0177 5992 amdsata - ok
18:07:05.0224 5992 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
18:07:05.0255 5992 amdsbs - ok
18:07:05.0271 5992 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
18:07:05.0271 5992 amdxata - ok
18:07:05.0302 5992 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
18:07:05.0317 5992 AppID - ok
18:07:05.0349 5992 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
18:07:05.0349 5992 AppIDSvc - ok
18:07:05.0364 5992 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
18:07:05.0364 5992 Appinfo - ok
18:07:05.0473 5992 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:07:05.0473 5992 Apple Mobile Device - ok
18:07:05.0505 5992 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
18:07:05.0505 5992 arc - ok
18:07:05.0536 5992 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
18:07:05.0536 5992 arcsas - ok
18:07:05.0536 5992 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
18:07:05.0536 5992 AsyncMac - ok
18:07:05.0567 5992 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
18:07:05.0567 5992 atapi - ok
18:07:05.0707 5992 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
18:07:05.0707 5992 AudioEndpointBuilder - ok
18:07:05.0707 5992 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
18:07:05.0723 5992 AudioSrv - ok
18:07:05.0770 5992 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
18:07:05.0770 5992 AxInstSV - ok
18:07:05.0863 5992 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
18:07:05.0895 5992 b06bdrv - ok
18:07:05.0957 5992 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
18:07:05.0973 5992 b57nd60a - ok
18:07:06.0004 5992 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
18:07:06.0004 5992 BDESVC - ok
18:07:06.0035 5992 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
18:07:06.0035 5992 Beep - ok
18:07:06.0144 5992 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
18:07:06.0144 5992 BFE - ok
18:07:06.0456 5992 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
18:07:06.0456 5992 BHDrvx64 - ok
18:07:06.0690 5992 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
18:07:06.0706 5992 BITS - ok
18:07:06.0768 5992 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
18:07:06.0768 5992 blbdrive - ok
18:07:06.0924 5992 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
18:07:06.0924 5992 Bonjour Service - ok
18:07:06.0971 5992 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
18:07:06.0971 5992 bowser - ok
18:07:07.0033 5992 BPntDrv (aaa4f992f879977a000fe8b8c730cd2c) C:\windows\system32\drivers\BPntDrv.sys
18:07:07.0033 5992 BPntDrv - ok
18:07:07.0065 5992 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
18:07:07.0065 5992 BrFiltLo - ok
18:07:07.0080 5992 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
18:07:07.0080 5992 BrFiltUp - ok
18:07:07.0143 5992 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
18:07:07.0143 5992 Browser - ok
18:07:07.0189 5992 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
18:07:07.0221 5992 Brserid - ok
18:07:07.0236 5992 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
18:07:07.0236 5992 BrSerWdm - ok
18:07:07.0267 5992 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
18:07:07.0267 5992 BrUsbMdm - ok
18:07:07.0267 5992 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
18:07:07.0267 5992 BrUsbSer - ok
18:07:07.0330 5992 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
18:07:07.0330 5992 BthEnum - ok
18:07:07.0361 5992 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
18:07:07.0361 5992 BTHMODEM - ok
18:07:07.0392 5992 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
18:07:07.0392 5992 BthPan - ok
18:07:07.0501 5992 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
18:07:07.0548 5992 BTHPORT - ok
18:07:07.0611 5992 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
18:07:07.0611 5992 bthserv - ok
18:07:07.0626 5992 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
18:07:07.0626 5992 BTHUSB - ok
18:07:07.0689 5992 BTWAMPFL (a0dfb69ade3444c78b17636fcf28e898) C:\windows\system32\DRIVERS\btwampfl.sys
18:07:07.0689 5992 BTWAMPFL - ok
18:07:07.0704 5992 btwaudio (7cf028ce78696882b327ff13d2dfa534) C:\windows\system32\drivers\btwaudio.sys
18:07:07.0720 5992 btwaudio - ok
18:07:07.0735 5992 btwavdt (3def2370e414b4e299673558ba171a51) C:\windows\system32\drivers\btwavdt.sys
18:07:07.0735 5992 btwavdt - ok
18:07:07.0891 5992 btwdins (3d5e7fb2cb69a6186c7954c0859173f4) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
18:07:07.0907 5992 btwdins - ok
18:07:07.0923 5992 btwl2cap (346b4051b3d7ff70e8f027869b8eca6e) C:\windows\system32\DRIVERS\btwl2cap.sys
18:07:07.0923 5992 btwl2cap - ok
18:07:07.0938 5992 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\windows\system32\DRIVERS\btwrchid.sys
18:07:07.0938 5992 btwrchid - ok
18:07:07.0985 5992 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
18:07:08.0016 5992 cdfs - ok
18:07:08.0047 5992 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
18:07:08.0063 5992 cdrom - ok
18:07:08.0110 5992 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
18:07:08.0110 5992 CertPropSvc - ok
18:07:08.0157 5992 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
18:07:08.0157 5992 circlass - ok
18:07:08.0203 5992 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
18:07:08.0203 5992 CLFS - ok
18:07:08.0328 5992 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:07:08.0328 5992 clr_optimization_v2.0.50727_32 - ok
18:07:08.0391 5992 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:07:08.0391 5992 clr_optimization_v2.0.50727_64 - ok
18:07:08.0500 5992 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:07:08.0500 5992 clr_optimization_v4.0.30319_32 - ok
18:07:08.0547 5992 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:07:08.0547 5992 clr_optimization_v4.0.30319_64 - ok
18:07:08.0593 5992 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\windows\system32\DRIVERS\clwvd.sys
18:07:08.0593 5992 clwvd - ok
18:07:08.0640 5992 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
18:07:08.0640 5992 CmBatt - ok
18:07:08.0656 5992 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
18:07:08.0656 5992 cmdide - ok
18:07:08.0734 5992 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
18:07:08.0734 5992 CNG - ok
18:07:08.0765 5992 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
18:07:08.0765 5992 Compbatt - ok
18:07:08.0796 5992 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
18:07:08.0796 5992 CompositeBus - ok
18:07:08.0812 5992 COMSysApp - ok
18:07:08.0999 5992 cphs (f08c6020e57f5e5bf2fd034db10bedfb) C:\windows\SysWow64\IntelCpHeciSvc.exe
18:07:08.0999 5992 cphs - ok
18:07:09.0015 5992 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
18:07:09.0015 5992 crcdisk - ok
18:07:09.0061 5992 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
18:07:09.0061 5992 CryptSvc - ok
18:07:09.0139 5992 ctxusbm (bf62ff663ae55e4ed99de76881c2c0f1) C:\windows\system32\DRIVERS\ctxusbm.sys
18:07:09.0139 5992 ctxusbm - ok
18:07:09.0311 5992 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:07:09.0311 5992 cvhsvc - ok
18:07:09.0405 5992 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
18:07:09.0405 5992 DcomLaunch - ok
18:07:09.0467 5992 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
18:07:09.0467 5992 defragsvc - ok
18:07:09.0545 5992 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
18:07:09.0545 5992 DfsC - ok
18:07:09.0607 5992 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
18:07:09.0607 5992 Dhcp - ok
18:07:09.0607 5992 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
18:07:09.0623 5992 discache - ok
18:07:09.0654 5992 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
18:07:09.0654 5992 Disk - ok
18:07:09.0685 5992 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
18:07:09.0685 5992 Dnscache - ok
18:07:09.0732 5992 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
18:07:09.0732 5992 dot3svc - ok
18:07:09.0763 5992 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
18:07:09.0763 5992 DPS - ok
18:07:09.0810 5992 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
18:07:09.0810 5992 drmkaud - ok
18:07:09.0919 5992 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
18:07:09.0919 5992 DXGKrnl - ok
18:07:09.0951 5992 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
18:07:09.0951 5992 EapHost - ok
18:07:10.0247 5992 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
18:07:10.0309 5992 ebdrv - ok
18:07:10.0434 5992 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:07:10.0450 5992 eeCtrl - ok
18:07:10.0621 5992 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
18:07:10.0621 5992 EFS - ok
18:07:10.0746 5992 EgisTec Service (2c1a297638e4319179a1112d4d6522b8) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
18:07:10.0746 5992 EgisTec Service - ok
18:07:10.0855 5992 EgisTec Service Help (0ac3baa7df250c76dd9bcfc51565cb5f) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
18:07:10.0855 5992 EgisTec Service Help - ok
18:07:10.0965 5992 EgisTec Ticket Service (7745aaffb61438c28c75e18ce98d4e64) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
18:07:10.0980 5992 EgisTec Ticket Service - ok
18:07:11.0121 5992 EgisTecFF (33708c6d915f8de734cf3abb0731515b) C:\windows\system32\DRIVERS\EgisTecFF.sys
18:07:11.0121 5992 EgisTecFF - ok
18:07:11.0245 5992 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
18:07:11.0245 5992 ehRecvr - ok
18:07:11.0277 5992 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
18:07:11.0277 5992 ehSched - ok
18:07:11.0355 5992 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
18:07:11.0370 5992 elxstor - ok
18:07:11.0479 5992 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:07:11.0479 5992 EraserUtilRebootDrv - ok
18:07:11.0495 5992 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
18:07:11.0495 5992 ErrDev - ok
18:07:11.0557 5992 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
18:07:11.0557 5992 EventSystem - ok
18:07:11.0791 5992 EvtEng (f8f610093e1d7fdfa477fc34d15d5c60) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:07:11.0807 5992 EvtEng - ok
18:07:11.0979 5992 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
18:07:12.0010 5992 exfat - ok
18:07:12.0057 5992 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
18:07:12.0072 5992 fastfat - ok
18:07:12.0166 5992 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
18:07:12.0166 5992 Fax - ok
18:07:12.0197 5992 fbfmon (3191aca33088ee2481044fc0db736442) C:\windows\system32\drivers\fbfmon.sys
18:07:12.0197 5992 fbfmon - ok
18:07:12.0228 5992 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
18:07:12.0228 5992 fdc - ok
18:07:12.0259 5992 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
18:07:12.0259 5992 fdPHost - ok
18:07:12.0291 5992 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
18:07:12.0291 5992 FDResPub - ok
18:07:12.0353 5992 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
18:07:12.0353 5992 FileInfo - ok
18:07:12.0369 5992 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
18:07:12.0369 5992 Filetrace - ok
18:07:12.0478 5992 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:07:12.0478 5992 FLEXnet Licensing Service - ok
18:07:12.0509 5992 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
18:07:12.0509 5992 flpydisk - ok
18:07:12.0571 5992 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
18:07:12.0571 5992 FltMgr - ok
18:07:12.0696 5992 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
18:07:12.0712 5992 FontCache - ok
18:07:12.0790 5992 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:07:12.0790 5992 FontCache3.0.0.0 - ok
18:07:12.0837 5992 FPSensor (1899d0fb4c5ad0d6d0bfa258c54903f7) C:\windows\system32\Drivers\FPSensor.sys
18:07:12.0837 5992 FPSensor - ok
18:07:12.0868 5992 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
18:07:12.0868 5992 FsDepends - ok
18:07:12.0915 5992 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
18:07:12.0915 5992 Fs_Rec - ok
18:07:12.0977 5992 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
18:07:12.0977 5992 fvevol - ok
18:07:13.0024 5992 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
18:07:13.0024 5992 gagp30kx - ok
18:07:13.0086 5992 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
18:07:13.0086 5992 GEARAspiWDM - ok
18:07:13.0180 5992 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
18:07:13.0180 5992 gpsvc - ok
18:07:13.0242 5992 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\windows\system32\drivers\grmnusb.sys
18:07:13.0258 5992 grmnusb - ok
18:07:13.0336 5992 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:07:13.0336 5992 gupdate - ok
18:07:13.0351 5992 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:07:13.0351 5992 gupdatem - ok
18:07:13.0398 5992 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:07:13.0398 5992 gusvc - ok
18:07:13.0429 5992 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
18:07:13.0429 5992 hcw85cir - ok
18:07:13.0492 5992 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
18:07:13.0507 5992 HdAudAddService - ok
18:07:13.0539 5992 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
18:07:13.0539 5992 HDAudBus - ok
18:07:13.0554 5992 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
18:07:13.0570 5992 HidBatt - ok
18:07:13.0585 5992 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
18:07:13.0601 5992 HidBth - ok
18:07:13.0632 5992 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
18:07:13.0632 5992 HidIr - ok
18:07:13.0663 5992 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
18:07:13.0663 5992 hidserv - ok
18:07:13.0695 5992 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
18:07:13.0695 5992 HidUsb - ok
18:07:13.0726 5992 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
18:07:13.0726 5992 hkmsvc - ok
18:07:13.0773 5992 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
18:07:13.0773 5992 HomeGroupListener - ok
18:07:13.0819 5992 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
18:07:13.0819 5992 HomeGroupProvider - ok
18:07:13.0835 5992 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
18:07:13.0835 5992 HpSAMD - ok
18:07:13.0944 5992 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
18:07:13.0944 5992 HTTP - ok
18:07:13.0975 5992 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
18:07:13.0975 5992 hwpolicy - ok
18:07:14.0007 5992 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
18:07:14.0038 5992 i8042prt - ok
18:07:14.0100 5992 iaStor (53cc5bf8b5a219119953c7abb19a7705) C:\windows\system32\DRIVERS\iaStor.sys
18:07:14.0100 5992 iaStor - ok
18:07:14.0147 5992 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
18:07:14.0163 5992 iaStorV - ok
18:07:14.0334 5992 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:07:14.0334 5992 idsvc - ok
18:07:14.0584 5992 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120718.001\IDSvia64.sys
18:07:14.0584 5992 IDSVia64 - ok
18:07:15.0785 5992 igfx (371d7f91c0d2314eb984a4a6cbeabc92) C:\windows\system32\DRIVERS\igdkmd64.sys
18:07:16.0066 5992 igfx - ok
18:07:16.0222 5992 IHA_MessageCenter (5cab9d1ab5c9384d28dff89dbe7a72bb) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
18:07:16.0222 5992 IHA_MessageCenter - ok
18:07:16.0409 5992 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
18:07:16.0409 5992 iirsp - ok
18:07:16.0518 5992 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
18:07:16.0518 5992 IKEEXT - ok
18:07:16.0815 5992 IntcAzAudAddService (03076f51af9f78a272cccde03e9340ce) C:\windows\system32\drivers\RTKVHD64.sys
18:07:16.0830 5992 IntcAzAudAddService - ok
18:07:17.0096 5992 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
18:07:17.0111 5992 IntcDAud - ok
18:07:17.0142 5992 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
18:07:17.0142 5992 intelide - ok
18:07:17.0189 5992 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
18:07:17.0189 5992 intelppm - ok
18:07:17.0220 5992 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
18:07:17.0220 5992 IPBusEnum - ok
18:07:17.0236 5992 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
18:07:17.0252 5992 IpFilterDriver - ok
18:07:17.0314 5992 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
18:07:17.0330 5992 iphlpsvc - ok
18:07:17.0345 5992 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
18:07:17.0345 5992 IPMIDRV - ok
18:07:17.0376 5992 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
18:07:17.0392 5992 IPNAT - ok
18:07:17.0532 5992 iPod Service (b7cb0b121962cd89f98c0dd89331b0c0) C:\Program Files\iPod\bin\iPodService.exe
18:07:17.0548 5992 iPod Service - ok
18:07:17.0595 5992 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
18:07:17.0595 5992 IRENUM - ok
18:07:17.0610 5992 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
18:07:17.0610 5992 isapnp - ok
18:07:17.0657 5992 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
18:07:17.0657 5992 iScsiPrt - ok
18:07:17.0704 5992 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
18:07:17.0704 5992 kbdclass - ok
18:07:17.0751 5992 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
18:07:17.0751 5992 kbdhid - ok
18:07:17.0782 5992 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:07:17.0782 5992 KeyIso - ok
18:07:17.0829 5992 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
18:07:17.0829 5992 KSecDD - ok
18:07:17.0860 5992 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
18:07:17.0860 5992 KSecPkg - ok
18:07:17.0876 5992 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
18:07:17.0876 5992 ksthunk - ok
18:07:17.0938 5992 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
18:07:17.0938 5992 KtmRm - ok
18:07:18.0000 5992 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
18:07:18.0000 5992 LanmanServer - ok
18:07:18.0032 5992 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
18:07:18.0047 5992 LanmanWorkstation - ok
18:07:18.0078 5992 LHDmgr (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys
18:07:18.0078 5992 LHDmgr - ok
18:07:18.0125 5992 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
18:07:18.0125 5992 lltdio - ok
18:07:18.0188 5992 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
18:07:18.0203 5992 lltdsvc - ok
18:07:18.0219 5992 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
18:07:18.0219 5992 lmhosts - ok
18:07:18.0328 5992 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:07:18.0328 5992 LMS - ok
18:07:18.0375 5992 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
18:07:18.0390 5992 LSI_FC - ok
18:07:18.0453 5992 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
18:07:18.0453 5992 LSI_SAS - ok
18:07:18.0484 5992 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
18:07:18.0484 5992 LSI_SAS2 - ok
18:07:18.0515 5992 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
18:07:18.0531 5992 LSI_SCSI - ok
18:07:18.0562 5992 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
18:07:18.0578 5992 luafv - ok
18:07:18.0624 5992 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
18:07:18.0624 5992 Mcx2Svc - ok
18:07:18.0640 5992 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
18:07:18.0640 5992 megasas - ok
18:07:18.0687 5992 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
18:07:18.0687 5992 MegaSR - ok
18:07:18.0718 5992 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
18:07:18.0718 5992 MEIx64 - ok
18:07:18.0749 5992 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
18:07:18.0749 5992 MMCSS - ok
18:07:18.0765 5992 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
18:07:18.0765 5992 Modem - ok
18:07:18.0812 5992 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
18:07:18.0812 5992 monitor - ok
18:07:18.0858 5992 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
18:07:18.0858 5992 mouclass - ok
18:07:18.0874 5992 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
18:07:18.0874 5992 mouhid - ok
18:07:18.0905 5992 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
18:07:18.0905 5992 mountmgr - ok
18:07:19.0046 5992 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:07:19.0046 5992 MozillaMaintenance - ok
18:07:19.0077 5992 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
18:07:19.0077 5992 mpio - ok
18:07:19.0092 5992 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
18:07:19.0092 5992 mpsdrv - ok
18:07:19.0217 5992 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
18:07:19.0233 5992 MpsSvc - ok
18:07:19.0280 5992 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
18:07:19.0280 5992 MRxDAV - ok
18:07:19.0311 5992 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
18:07:19.0311 5992 mrxsmb - ok
18:07:19.0373 5992 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
18:07:19.0404 5992 mrxsmb10 - ok
18:07:19.0436 5992 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
18:07:19.0451 5992 mrxsmb20 - ok
18:07:19.0467 5992 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
18:07:19.0467 5992 msahci - ok
18:07:19.0498 5992 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
18:07:19.0514 5992 msdsm - ok
18:07:19.0560 5992 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
18:07:19.0576 5992 MSDTC - ok
18:07:19.0638 5992 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
18:07:19.0638 5992 Msfs - ok
18:07:19.0654 5992 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
18:07:19.0654 5992 mshidkmdf - ok
18:07:19.0670 5992 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
18:07:19.0670 5992 msisadrv - ok
18:07:19.0716 5992 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
18:07:19.0763 5992 MSiSCSI - ok
18:07:19.0763 5992 msiserver - ok
18:07:19.0794 5992 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
18:07:19.0794 5992 MSKSSRV - ok
18:07:19.0826 5992 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
18:07:19.0826 5992 MSPCLOCK - ok
18:07:19.0826 5992 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
18:07:19.0826 5992 MSPQM - ok
18:07:19.0888 5992 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
18:07:19.0904 5992 MsRPC - ok
18:07:19.0935 5992 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
18:07:19.0935 5992 mssmbios - ok
18:07:19.0950 5992 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
18:07:19.0950 5992 MSTEE - ok
18:07:19.0966 5992 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
18:07:19.0966 5992 MTConfig - ok
18:07:20.0013 5992 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
18:07:20.0013 5992 Mup - ok
18:07:20.0044 5992 mwlPSDFilter (9b1eac6faf6f37305e822f5588dc8056) C:\windows\system32\DRIVERS\mwlPSDFilter.sys
18:07:20.0044 5992 mwlPSDFilter - ok
18:07:20.0044 5992 mwlPSDNServ (ad55c1524b296280ed9c6e0d730d35da) C:\windows\system32\DRIVERS\mwlPSDNServ.sys
18:07:20.0044 5992 mwlPSDNServ - ok
18:07:20.0060 5992 mwlPSDVDisk (2b599e6ec8843637bdd62e7f8f3ba201) C:\windows\system32\DRIVERS\mwlPSDVDisk.sys
18:07:20.0060 5992 mwlPSDVDisk - ok
18:07:20.0169 5992 MyWiFiDHCPDNS (f6ea50dbc391f04ca49427010657ccb3) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
18:07:20.0169 5992 MyWiFiDHCPDNS - ok
18:07:20.0262 5992 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
18:07:20.0294 5992 napagent - ok
18:07:20.0356 5992 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
18:07:20.0372 5992 NativeWifiP - ok
18:07:20.0512 5992 NAV (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
18:07:20.0512 5992 NAV - ok
18:07:20.0684 5992 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120718.021\ENG64.SYS
18:07:20.0684 5992 NAVENG - ok
18:07:20.0918 5992 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120718.021\EX64.SYS
18:07:20.0918 5992 NAVEX15 - ok
18:07:21.0167 5992 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
18:07:21.0183 5992 NDIS - ok
18:07:21.0198 5992 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
18:07:21.0198 5992 NdisCap - ok
18:07:21.0245 5992 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
18:07:21.0245 5992 NdisTapi - ok
18:07:21.0276 5992 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
18:07:21.0276 5992 Ndisuio - ok
18:07:21.0308 5992 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
18:07:21.0308 5992 NdisWan - ok
18:07:21.0323 5992 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
18:07:21.0323 5992 NDProxy - ok
18:07:21.0339 5992 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
18:07:21.0339 5992 NetBIOS - ok
18:07:21.0386 5992 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
18:07:21.0386 5992 NetBT - ok
18:07:21.0432 5992 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:07:21.0432 5992 Netlogon - ok
18:07:21.0495 5992 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
18:07:21.0495 5992 Netman - ok
18:07:21.0557 5992 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
18:07:21.0573 5992 netprofm - ok
18:07:21.0635 5992 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:07:21.0635 5992 NetTcpPortSharing - ok
18:07:22.0384 5992 NETwNs64 (30933bb56fb611d0252bad488adfb533) C:\windows\system32\DRIVERS\NETwNs64.sys
18:07:22.0540 5992 NETwNs64 - ok
18:07:22.0712 5992 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
18:07:22.0712 5992 nfrd960 - ok
18:07:22.0790 5992 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
18:07:22.0790 5992 NlaSvc - ok
18:07:22.0805 5992 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
18:07:22.0821 5992 Npfs - ok
18:07:22.0836 5992 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
18:07:22.0836 5992 nsi - ok
18:07:22.0852 5992 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
18:07:22.0852 5992 nsiproxy - ok
18:07:23.0008 5992 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
18:07:23.0039 5992 Ntfs - ok
18:07:23.0226 5992 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
18:07:23.0226 5992 Null - ok
18:07:24.0178 5992 nvlddmkm (8d43c58a382205ee03c60eb495a492da) C:\windows\system32\DRIVERS\nvlddmkm.sys
18:07:24.0256 5992 nvlddmkm - ok
18:07:24.0412 5992 nvpciflt (b3289de0b8c527bab9e31225f40f5681) C:\windows\system32\DRIVERS\nvpciflt.sys
18:07:24.0412 5992 nvpciflt - ok
18:07:24.0474 5992 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
18:07:24.0490 5992 nvraid - ok
18:07:24.0521 5992 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
18:07:24.0521 5992 nvstor - ok
18:07:24.0662 5992 NVSvc (fa0f3e33d95531ace7c0f1497e6142bf) C:\windows\system32\nvvsvc.exe
18:07:24.0662 5992 NVSvc - ok
18:07:24.0927 5992 nvUpdatusService (e2ad0d7ed18dc13998e2be94885021d6) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:07:24.0958 5992 nvUpdatusService - ok
18:07:25.0145 5992 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
18:07:25.0176 5992 nv_agp - ok
18:07:25.0192 5992 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
18:07:25.0208 5992 ohci1394 - ok
18:07:25.0286 5992 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:07:25.0286 5992 ose - ok
18:07:25.0691 5992 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:07:25.0769 5992 osppsvc - ok
18:07:25.0941 5992 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
18:07:25.0956 5992 p2pimsvc - ok
18:07:26.0003 5992 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
18:07:26.0003 5992 p2psvc - ok
18:07:26.0050 5992 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
18:07:26.0050 5992 Parport - ok
18:07:26.0081 5992 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
18:07:26.0081 5992 partmgr - ok
18:07:26.0112 5992 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
18:07:26.0112 5992 PcaSvc - ok
18:07:26.0159 5992 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
18:07:26.0159 5992 pci - ok
18:07:26.0190 5992 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
18:07:26.0190 5992 pciide - ok
18:07:26.0222 5992 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
18:07:26.0237 5992 pcmcia - ok
18:07:26.0268 5992 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
18:07:26.0268 5992 pcw - ok
18:07:26.0346 5992 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
18:07:26.0346 5992 PEAUTH - ok
18:07:26.0456 5992 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
18:07:26.0456 5992 PerfHost - ok
18:07:26.0612 5992 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
18:07:26.0627 5992 pla - ok
18:07:26.0705 5992 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
18:07:26.0705 5992 PlugPlay - ok
18:07:26.0721 5992 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
18:07:26.0721 5992 PNRPAutoReg - ok
18:07:26.0799 5992 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
18:07:26.0799 5992 PNRPsvc - ok
18:07:26.0877 5992 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
18:07:26.0892 5992 PolicyAgent - ok
18:07:26.0924 5992 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
18:07:26.0924 5992 Power - ok
18:07:27.0017 5992 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
18:07:27.0048 5992 PptpMiniport - ok
18:07:27.0064 5992 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
18:07:27.0064 5992 Processor - ok
18:07:27.0142 5992 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
18:07:27.0142 5992 ProfSvc - ok
18:07:27.0189 5992 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:07:27.0189 5992 ProtectedStorage - ok
18:07:27.0251 5992 psadd (4a768fb063a38b0a78ad97617d3a04f5) C:\windows\system32\DRIVERS\psadd.sys
18:07:27.0251 5992 psadd - ok
18:07:27.0298 5992 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
18:07:27.0298 5992 Psched - ok
18:07:27.0345 5992 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\windows\system32\DRIVERS\psi_mf.sys
18:07:27.0345 5992 PSI - ok
18:07:27.0532 5992 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
18:07:27.0579 5992 ql2300 - ok
18:07:27.0719 5992 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
18:07:27.0750 5992 ql40xx - ok
18:07:27.0797 5992 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
18:07:27.0813 5992 QWAVE - ok
18:07:27.0828 5992 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
18:07:27.0828 5992 QWAVEdrv - ok
18:07:27.0844 5992 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
18:07:27.0844 5992 RasAcd - ok
18:07:27.0891 5992 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
18:07:27.0891 5992 RasAgileVpn - ok
18:07:27.0906 5992 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
18:07:27.0938 5992 RasAuto - ok
18:07:27.0953 5992 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
18:07:27.0984 5992 Rasl2tp - ok
18:07:28.0047 5992 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
18:07:28.0062 5992 RasMan - ok
18:07:28.0094 5992 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
18:07:28.0094 5992 RasPppoe - ok
18:07:28.0109 5992 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
18:07:28.0109 5992 RasSstp - ok
18:07:28.0140 5992 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
18:07:28.0156 5992 rdbss - ok
18:07:28.0172 5992 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
18:07:28.0172 5992 rdpbus - ok
18:07:28.0203 5992 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
18:07:28.0203 5992 RDPCDD - ok
18:07:28.0218 5992 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
18:07:28.0218 5992 RDPENCDD - ok
18:07:28.0234 5992 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
18:07:28.0234 5992 RDPREFMP - ok
18:07:28.0296 5992 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
18:07:28.0328 5992 RDPWD - ok
18:07:28.0374 5992 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
18:07:28.0374 5992 rdyboost - ok
18:07:28.0562 5992 RegSrvc (9276f4d4109fc349925d28e00e533146) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:07:28.0577 5992 RegSrvc - ok
18:07:28.0624 5992 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
18:07:28.0655 5992 RemoteAccess - ok
18:07:28.0686 5992 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
18:07:28.0733 5992 RemoteRegistry - ok
18:07:28.0811 5992 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
18:07:28.0842 5992 RFCOMM - ok
18:07:28.0858 5992 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
18:07:28.0874 5992 RpcEptMapper - ok
18:07:28.0905 5992 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
18:07:28.0905 5992 RpcLocator - ok
18:07:28.0967 5992 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
18:07:28.0967 5992 RpcSs - ok
18:07:29.0014 5992 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
18:07:29.0014 5992 rspndr - ok
18:07:29.0061 5992 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RtsUVStor.sys
18:07:29.0076 5992 RSUSBVSTOR - ok
18:07:29.0154 5992 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys
18:07:29.0154 5992 RTL8167 - ok
18:07:29.0201 5992 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:07:29.0201 5992 SamSs - ok
18:07:29.0279 5992 SBFWIMCL (513b3bfcd3c465b9820c2d05fa94e630) C:\windows\system32\DRIVERS\sbfwim.sys
18:07:29.0310 5992 SBFWIMCL - ok
18:07:29.0310 5992 SBFWIMCLMP (513b3bfcd3c465b9820c2d05fa94e630) C:\windows\system32\DRIVERS\SBFWIM.sys
18:07:29.0326 5992 SBFWIMCLMP - ok
18:07:29.0357 5992 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
18:07:29.0373 5992 sbp2port - ok
18:07:29.0388 5992 SBRE - ok
18:07:29.0451 5992 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
18:07:29.0451 5992 SCardSvr - ok
18:07:29.0466 5992 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
18:07:29.0466 5992 scfilter - ok
18:07:29.0591 5992 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
18:07:29.0591 5992 Schedule - ok
18:07:29.0638 5992 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
18:07:29.0638 5992 SCPolicySvc - ok
18:07:29.0654 5992 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
18:07:29.0669 5992 SDRSVC - ok
18:07:29.0747 5992 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
18:07:29.0747 5992 secdrv - ok
18:07:29.0763 5992 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
18:07:29.0763 5992 seclogon - ok
18:07:29.0981 5992 Secunia PSI Agent (f70a51eb03ee7046784ef62efce9528e) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
18:07:29.0997 5992 Secunia PSI Agent - ok
18:07:30.0075 5992 Secunia Update Agent (ad56ceb08eeb517332355fde9e5939c8) C:\Program Files (x86)\Secunia\PSI\sua.exe
18:07:30.0090 5992 Secunia Update Agent - ok
18:07:30.0262 5992 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
18:07:30.0262 5992 SENS - ok
18:07:30.0278 5992 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
18:07:30.0278 5992 SensrSvc - ok
18:07:30.0340 5992 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
18:07:30.0340 5992 Serenum - ok
18:07:30.0387 5992 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
18:07:30.0387 5992 Serial - ok
18:07:30.0418 5992 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
18:07:30.0418 5992 sermouse - ok
18:07:30.0449 5992 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
18:07:30.0465 5992 SessionEnv - ok
18:07:30.0480 5992 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
18:07:30.0480 5992 sffdisk - ok
18:07:30.0496 5992 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
18:07:30.0496 5992 sffp_mmc - ok
18:07:30.0512 5992 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
18:07:30.0512 5992 sffp_sd - ok
18:07:30.0527 5992 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
18:07:30.0527 5992 sfloppy - ok
18:07:30.0636 5992 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
18:07:30.0652 5992 Sftfs - ok
18:07:30.0792 5992 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:07:30.0792 5992 sftlist - ok
18:07:30.0839 5992 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
18:07:30.0839 5992 Sftplay - ok
18:07:30.0855 5992 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
18:07:30.0855 5992 Sftredir - ok
18:07:30.0870 5992 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
18:07:30.0870 5992 Sftvol - ok
18:07:30.0902 5992 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:07:30.0902 5992 sftvsa - ok
18:07:30.0964 5992 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
18:07:30.0964 5992 SharedAccess - ok
18:07:31.0026 5992 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
18:07:31.0042 5992 ShellHWDetection - ok
18:07:31.0089 5992 Shockprf (c10d453b07e3e7e00e5103bba9bad524) C:\windows\system32\DRIVERS\Apsx64.sys
18:07:31.0089 5992 Shockprf - ok
18:07:31.0120 5992 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
18:07:31.0120 5992 SiSRaid2 - ok
18:07:31.0136 5992 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
18:07:31.0136 5992 SiSRaid4 - ok
18:07:31.0245 5992 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:07:31.0245 5992 SkypeUpdate - ok
18:07:31.0276 5992 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
18:07:31.0276 5992 Smb - ok
18:07:31.0323 5992 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
18:07:31.0323 5992 SNMPTRAP - ok
18:07:31.0370 5992 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
18:07:31.0370 5992 spldr - ok
18:07:31.0432 5992 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
18:07:31.0448 5992 Spooler - ok
18:07:31.0760 5992 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
18:07:31.0822 5992 sppsvc - ok
18:07:31.0962 5992 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
18:07:31.0962 5992 sppuinotify - ok
18:07:32.0025 5992 sprtsvc_verizondm - ok
18:07:32.0087 5992 SPUVCbv (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
18:07:32.0103 5992 SPUVCbv - ok
18:07:32.0259 5992 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NAVx64\1207010.003\SRTSP64.SYS
18:07:32.0259 5992 SRTSP - ok
18:07:32.0274 5992 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NAVx64\1207010.003\SRTSPX64.SYS
18:07:32.0274 5992 SRTSPX - ok
18:07:32.0337 5992 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
18:07:32.0352 5992 srv - ok
18:07:32.0399 5992 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
18:07:32.0415 5992 srv2 - ok
18:07:32.0446 5992 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
18:07:32.0446 5992 srvnet - ok
18:07:32.0508 5992 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
18:07:32.0508 5992 SSDPSRV - ok
18:07:32.0524 5992 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
18:07:32.0540 5992 SstpSvc - ok
18:07:32.0571 5992 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
18:07:32.0571 5992 stexstor - ok
18:07:32.0602 5992 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
18:07:32.0602 5992 StillCam - ok
18:07:32.0696 5992 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
18:07:32.0711 5992 stisvc - ok
18:07:32.0867 5992 SUService (6ea2f517373771cac5188e82617c9c0b) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
18:07:32.0867 5992 SUService - ok
18:07:32.0883 5992 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
18:07:32.0883 5992 swenum - ok
18:07:32.0976 5992 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
18:07:33.0008 5992 swprv - ok
18:07:33.0148 5992 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS
18:07:33.0148 5992 SymDS - ok
18:07:33.0242 5992 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS
18:07:33.0257 5992 SymEFA - ok
18:07:33.0320 5992 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
18:07:33.0320 5992 SymEvent - ok
18:07:33.0382 5992 SymIM (3aa3b2df451da88c38ab00b19fa3562e) C:\windows\system32\DRIVERS\SymIMv.sys
18:07:33.0382 5992 SymIM - ok
18:07:33.0444 5992 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS
18:07:33.0444 5992 SymIRON - ok
18:07:33.0491 5992 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS
18:07:33.0491 5992 SymNetS - ok
18:07:33.0663 5992 SynTP (08425cd92972c6430f350a9697f4a553) C:\windows\system32\DRIVERS\SynTP.sys
18:07:33.0678 5992 SynTP - ok
18:07:33.0990 5992 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
18:07:34.0037 5992 SysMain - ok
18:07:34.0131 5992 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
18:07:34.0146 5992 TabletInputService - ok
18:07:34.0193 5992 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
18:07:34.0209 5992 TapiSrv - ok
18:07:34.0224 5992 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
18:07:34.0224 5992 TBS - ok
18:07:34.0458 5992 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
18:07:34.0490 5992 Tcpip - ok
18:07:34.0802 5992 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
18:07:34.0817 5992 TCPIP6 - ok
18:07:34.0926 5992 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
18:07:34.0926 5992 tcpipreg - ok
18:07:34.0942 5992 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
18:07:34.0942 5992 TDPIPE - ok
18:07:34.0989 5992 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
18:07:34.0989 5992 TDTCP - ok
18:07:35.0020 5992 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
18:07:35.0036 5992 tdx - ok
18:07:35.0067 5992 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
18:07:35.0067 5992 TermDD - ok
18:07:35.0160 5992 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
18:07:35.0176 5992 TermService - ok
18:07:35.0223 5992 tgsrvc_verizondm - ok
18:07:35.0238 5992 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
18:07:35.0238 5992 Themes - ok
18:07:35.0285 5992 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
18:07:35.0285 5992 THREADORDER - ok
18:07:35.0316 5992 TPDIGIMN (74868c001c7214fbd88b1a57ebb04811) C:\windows\system32\DRIVERS\ApsHM64.sys
18:07:35.0316 5992 TPDIGIMN - ok
18:07:35.0348 5992 TPHDEXLGSVC (130e6b36a8eee48aa4f0ac404236836b) C:\windows\system32\TPHDEXLG64.exe
18:07:35.0348 5992 TPHDEXLGSVC - ok
18:07:35.0379 5992 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
18:07:35.0379 5992 TrkWks - ok
18:07:35.0441 5992 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
18:07:35.0441 5992 TrustedInstaller - ok
18:07:35.0472 5992 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
18:07:35.0488 5992 tssecsrv - ok
18:07:35.0504 5992 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
18:07:35.0519 5992 TsUsbFlt - ok
18:07:35.0535 5992 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
18:07:35.0535 5992 TsUsbGD - ok
18:07:35.0582 5992 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
18:07:35.0582 5992 tunnel - ok
18:07:35.0597 5992 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
18:07:35.0597 5992 uagp35 - ok
18:07:35.0660 5992 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
18:07:35.0660 5992 udfs - ok
18:07:35.0706 5992 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
18:07:35.0706 5992 UI0Detect - ok
18:07:35.0753 5992 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
18:07:35.0753 5992 uliagpkx - ok
18:07:35.0784 5992 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
18:07:35.0784 5992 umbus - ok
18:07:35.0800 5992 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
18:07:35.0816 5992 UmPass - ok
18:07:36.0112 5992 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:07:36.0159 5992 UNS - ok
18:07:36.0330 5992 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
18:07:36.0330 5992 upnphost - ok
18:07:36.0408 5992 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
18:07:36.0408 5992 USBAAPL64 - ok
18:07:36.0455 5992 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
18:07:36.0486 5992 usbccgp - ok
18:07:36.0518 5992 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
18:07:36.0518 5992 usbcir - ok
18:07:36.0533 5992 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
18:07:36.0533 5992 usbehci - ok
18:07:36.0611 5992 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
18:07:36.0627 5992 usbhub - ok
18:07:36.0642 5992 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
18:07:36.0642 5992 usbohci - ok
18:07:36.0658 5992 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
18:07:36.0658 5992 usbprint - ok
18:07:36.0705 5992 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
18:07:36.0705 5992 usbscan - ok
18:07:36.0720 5992 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
18:07:36.0720 5992 USBSTOR - ok
18:07:36.0752 5992 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
18:07:36.0752 5992 usbuhci - ok
18:07:36.0798 5992 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
18:07:36.0798 5992 usbvideo - ok
18:07:36.0830 5992 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
18:07:36.0830 5992 UxSms - ok
18:07:36.0876 5992 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:07:36.0892 5992 VaultSvc - ok
18:07:36.0923 5992 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
18:07:36.0923 5992 vdrvroot - ok
18:07:36.0986 5992 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
18:07:37.0048 5992 vds - ok
18:07:37.0079 5992 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
18:07:37.0079 5992 vga - ok
18:07:37.0110 5992 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
18:07:37.0110 5992 VgaSave - ok
18:07:37.0157 5992 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
18:07:37.0157 5992 vhdmp - ok
18:07:37.0173 5992 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
18:07:37.0173 5992 viaide - ok
18:07:37.0204 5992 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
18:07:37.0204 5992 volmgr - ok
18:07:37.0235 5992 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
18:07:37.0251 5992 volmgrx - ok
18:07:37.0282 5992 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
18:07:37.0282 5992 volsnap - ok
18:07:37.0329 5992 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
18:07:37.0344 5992 vsmraid - ok
18:07:37.0532 5992 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
18:07:37.0578 5992 VSS - ok
18:07:37.0750 5992 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
18:07:37.0750 5992 vwifibus - ok
18:07:37.0781 5992 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
18:07:37.0781 5992 vwififlt - ok
18:07:37.0797 5992 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
18:07:37.0797 5992 vwifimp - ok
18:07:37.0859 5992 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
18:07:37.0859 5992 W32Time - ok
18:07:37.0890 5992 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
18:07:37.0890 5992 WacomPen - ok
18:07:37.0922 5992 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
18:07:37.0937 5992 WANARP - ok
18:07:37.0937 5992 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
18:07:37.0937 5992 Wanarpv6 - ok
18:07:38.0093 5992 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
18:07:38.0124 5992 WatAdminSvc - ok
18:07:38.0280 5992 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
18:07:38.0312 5992 wbengine - ok
18:07:38.0483 5992 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
18:07:38.0483 5992 WbioSrvc - ok
18:07:38.0530 5992 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
18:07:38.0546 5992 wcncsvc - ok
18:07:38.0561 5992 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
18:07:38.0561 5992 WcsPlugInService - ok
18:07:38.0624 5992 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
18:07:38.0624 5992 Wd - ok
18:07:38.0702 5992 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
18:07:38.0702 5992 Wdf01000 - ok
18:07:38.0733 5992 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
18:07:38.0733 5992 WdiServiceHost - ok
18:07:38.0733 5992 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
18:07:38.0733 5992 WdiSystemHost - ok
18:07:38.0764 5992 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\windows\system32\DRIVERS\WDKMD.sys
18:07:38.0764 5992 wdkmd - ok
18:07:38.0811 5992 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
18:07:38.0826 5992 WebClient - ok
18:07:38.0873 5992 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
18:07:38.0889 5992 Wecsvc - ok
18:07:38.0920 5992 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
18:07:38.0920 5992 wercplsupport - ok
18:07:38.0951 5992 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
18:07:38.0951 5992 WerSvc - ok
18:07:38.0998 5992 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
18:07:38.0998 5992 WfpLwf - ok
18:07:38.0998 5992 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
18:07:39.0014 5992 WIMMount - ok
18:07:39.0029 5992 WinDefend - ok
18:07:39.0045 5992 WinHttpAutoProxySvc - ok
18:07:39.0123 5992 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
18:07:39.0123 5992 Winmgmt - ok
18:07:39.0372 5992 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
18:07:39.0419 5992 WinRM - ok
18:07:39.0638 5992 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
18:07:39.0638 5992 WinUsb - ok
18:07:39.0747 5992 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
18:07:39.0747 5992 Wlansvc - ok
18:07:39.0825 5992 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:07:39.0825 5992 wlcrasvc - ok
18:07:40.0059 5992 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:07:40.0090 5992 wlidsvc - ok
18:07:40.0277 5992 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
18:07:40.0277 5992 WmiAcpi - ok
18:07:40.0340 5992 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
18:07:40.0355 5992 wmiApSrv - ok
18:07:40.0386 5992 WMPNetworkSvc - ok
18:07:40.0433 5992 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
18:07:40.0433 5992 WPCSvc - ok
18:07:40.0464 5992 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
18:07:40.0464 5992 WPDBusEnum - ok
18:07:40.0496 5992 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
18:07:40.0496 5992 ws2ifsl - ok
18:07:40.0511 5992 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
18:07:40.0527 5992 wscsvc - ok
18:07:40.0527 5992 WSearch - ok
18:07:40.0574 5992 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
18:07:40.0589 5992 wsvd - ok
18:07:40.0886 5992 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
18:07:40.0932 5992 wuauserv - ok
18:07:41.0104 5992 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
18:07:41.0135 5992 WudfPf - ok
18:07:41.0166 5992 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
18:07:41.0166 5992 WUDFRd - ok
18:07:41.0213 5992 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
18:07:41.0213 5992 wudfsvc - ok
18:07:41.0244 5992 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
18:07:41.0260 5992 WwanSvc - ok
18:07:41.0338 5992 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:07:41.0650 5992 \Device\Harddisk0\DR0 - ok
18:07:41.0650 5992 Boot (0x1200) (0a4f7bac4cb140d6d164da356b73986f) \Device\Harddisk0\DR0\Partition0
18:07:41.0650 5992 \Device\Harddisk0\DR0\Partition0 - ok
18:07:41.0666 5992 Boot (0x1200) (d74f5837b28a16561031b8cb4e89c4d3) \Device\Harddisk0\DR0\Partition1
18:07:41.0666 5992 \Device\Harddisk0\DR0\Partition1 - ok
18:07:41.0697 5992 Boot (0x1200) (2c6756846daab49f0fafd3a64dd83f35) \Device\Harddisk0\DR0\Partition2
18:07:41.0697 5992 \Device\Harddisk0\DR0\Partition2 - ok
18:07:41.0697 5992 ============================================================
18:07:41.0697 5992 Scan finished
18:07:41.0697 5992 ============================================================
18:07:41.0697 2604 Detected object count: 0
18:07:41.0697 2604 Actual detected object count: 0

Here is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-19 18:09:03
-----------------------------
18:09:03.555 OS Version: Windows x64 6.1.7601 Service Pack 1
18:09:03.555 Number of processors: 4 586 0x2A07
18:09:03.555 ComputerName: CIPPELLAPTOP UserName: Josh & Katie
18:09:06.410 Initialize success
18:09:16.059 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:09:16.059 Disk 0 Vendor: WDC_WD75 02.0 Size: 715404MB BusType: 3
18:09:16.074 Disk 0 MBR read successfully
18:09:16.074 Disk 0 MBR scan
18:09:16.074 Disk 0 Windows 7 default MBR code
18:09:16.090 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
18:09:16.090 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 670405 MB offset 411648
18:09:16.090 Disk 0 Partition - 00 0F Extended LBA 29698 MB offset 1373401088
18:09:16.137 Disk 0 Partition 3 00 12 Compaq diag NTFS 15100 MB offset 1434222592
18:09:16.152 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29697 MB offset 1373403136
18:09:16.199 Disk 0 scanning C:\windows\system32\drivers
18:09:22.267 Service scanning
18:10:11.485 Modules scanning
18:10:11.485 Disk 0 trace - called modules:
18:10:12.000 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:10:12.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e6c790]
18:10:12.000 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800634a050]
18:10:12.000 Scan finished successfully
18:10:59.019 Disk 0 MBR has been saved successfully to "C:\Users\Josh & Katie\Desktop\ABC\Logs\MBR.dat"
18:10:59.034 The log file has been saved successfully to "C:\Users\Josh & Katie\Desktop\ABC\Logs\aswMBR.txt"

Here is the Combofix log:
ComboFix 12-07-19.02 - Josh & Katie 07/19/2012 20:38:18.2.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.4647 [GMT -4:00]
Running from: c:\users\Josh & Katie\Desktop\ABC\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\LLNEVQClESr6pX
c:\programdata\m6D5OmStHEOUl4
c:\programdata\Roaming
c:\users\JOSH\Bootstrapper.exe
c:\users\JOSH\DeleteProgramDataFiles.CA.dll
c:\users\JOSH\Logo.png
c:\windows\gt.exe
c:\windows\s.bat
c:\windows\version.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))
.
.
2012-07-20 00:46 . 2012-07-20 00:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-18 07:00 . 2012-07-18 07:00 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA5A35EC-6AAE-442F-AFDD-786471E49137}\offreg.dll
2012-07-17 14:23 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA5A35EC-6AAE-442F-AFDD-786471E49137}\mpengine.dll
2012-07-14 00:37 . 2012-07-14 00:37 -------- d-----w- c:\programdata\GFI Software
2012-07-13 20:43 . 2012-07-13 20:43 -------- d--h--w- c:\programdata\Common Files
2012-07-13 12:06 . 2012-07-13 12:06 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-07-13 12:03 . 2012-07-13 12:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-07-13 12:01 . 2009-08-20 03:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-07-13 11:59 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
2012-07-13 11:45 . 2012-07-13 11:45 -------- d-----w- c:\program files (x86)\Oracle
2012-07-13 03:06 . 2012-07-13 11:21 -------- d-----w- C:\sh4ldr
2012-07-13 03:06 . 2012-07-13 03:06 -------- d-----w- c:\program files\Enigma Software Group
2012-07-13 03:04 . 2012-07-13 11:20 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-07-13 02:54 . 2012-07-13 02:54 -------- d-----w- c:\windows\SysWow64\Profiles
2012-07-13 02:51 . 2012-07-13 02:51 -------- d-----w- c:\users\Josh & Katie\AppData\Local\Secunia PSI
2012-07-13 02:51 . 2012-07-13 02:51 -------- d-----w- c:\program files (x86)\Secunia
2012-07-13 02:45 . 2012-07-13 02:51 -------- d-----w- c:\program files (x86)\Free Window Registry Repair
2012-07-12 23:38 . 2012-07-13 13:18 -------- d-----w- c:\users\Josh & Katie\AppData\Local\NPE
2012-07-12 23:34 . 2011-03-31 03:04 43640 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2012-07-12 23:12 . 2012-07-12 23:12 -------- d-----w- c:\users\Josh & Katie\AppData\Roaming\Tific
2012-07-12 23:12 . 2012-07-12 23:12 -------- d-----w- c:\users\Josh & Katie\AppData\Local\Symantec
2012-07-12 19:48 . 2012-07-12 19:48 -------- d-----w- c:\programdata\Sophos
2012-07-12 18:48 . 2011-09-29 16:16 119416 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-07-12 17:26 . 2012-07-12 17:26 -------- d-----w- c:\users\Josh & Katie\AppData\Roaming\Malwarebytes
2012-07-12 17:26 . 2012-07-12 17:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-12 17:26 . 2012-07-12 17:26 -------- d-----w- c:\programdata\Malwarebytes
2012-07-12 17:26 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-11 19:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 17:28 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 17:27 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 17:27 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 17:27 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 17:27 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 17:27 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 17:27 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 17:27 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 17:27 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 17:27 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 17:27 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 17:27 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 17:27 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 17:27 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-10 03:21 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-10 03:21 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-09 17:14 . 2010-11-17 01:24 750440 ------w- c:\windows\system32\HPDiscoPM5312.dll
2012-07-09 17:14 . 2012-07-09 17:15 -------- d-----w- c:\programdata\HP
2012-07-09 17:14 . 2012-07-09 17:14 -------- d-----w- c:\program files (x86)\HP
2012-07-09 17:14 . 2012-07-09 17:14 -------- d-----w- c:\program files\HP
2012-07-09 17:14 . 2012-07-09 17:14 -------- d-----w- c:\users\Josh & Katie\AppData\Local\HP
2012-06-23 14:31 . 2012-06-23 14:31 -------- d-----w- c:\users\Josh & Katie\AppData\Local\Macromedia
2012-06-22 12:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 12:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 12:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 12:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 12:23 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 12:23 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 12:23 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 12:22 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 12:22 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 19:01 . 2011-09-01 21:33 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-11 17:49 . 2012-05-12 15:00 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-11 17:49 . 2011-09-01 21:07 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-06 02:06 . 2012-05-29 01:09 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06 . 2011-09-02 23:54 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 11:06 . 2012-06-13 11:42 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 11:42 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 11:42 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 11:42 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 11:42 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 11:42 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 11:42 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 11:42 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 11:42 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 11:42 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 11:42 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 11:42 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 11:42 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 11:42 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-26 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-11-05 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-11-05 202096]
"VitaKeyTSR"="c:\program files (x86)\EgisTec BioExcess\EgisTSR.exe" [2010-12-13 383344]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"PLTSR"="c:\program files (x86)\EgisTec Port Locker\EgisPLTSR.exe" [2010-10-22 364400]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-24 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-24 224352]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2011-05-16 206120]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
.
c:\users\Josh & Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-2-15 1136928]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-6-27 572000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-02-15 349736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-01 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-08-26 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-08-26 39008]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-04 25960]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS [2011-03-15 912504]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-12-09 23648]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-08-26 13408]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-08-11 91864]
S1 EgisTecFF;EgisTecFF;c:\windows\system32\DRIVERS\EgisTecFF.sys [2011-08-26 55880]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120718.001\IDSvia64.sys [2012-06-14 509088]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-08-26 22912]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-08-26 20328]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-08-26 62584]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS [2011-04-21 386168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 EgisTec Service Help;EgisTec Service Help;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\EgisTec BioExcess\EgisService.exe [2010-12-13 703856]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-12-13 650096]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2010-10-31 35952]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-06-11 335888]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-04 2009704]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-06-27 1326176]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-06-27 681056]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-05-16 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-05-16 185640]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-08-26 29792]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-24 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-11-09 8500736]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [2010-11-21 184960]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 17:49]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 06:01]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 06:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"TpShocks"="c:\windows\System32\TpShocks.exe" [2010-03-15 231328]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-08-26 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-08-26 5908928]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-08-26 114688]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
"combofix"="c:\combofix\CF21676.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\Josh & Katie\AppData\Roaming\Mozilla\Firefox\Profiles\njn3z9em.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Sweetpacks Communicator - c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\WSCStub.exe
.
**************************************************************************
.
Completion time: 2012-07-19 20:54:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-20 00:54
.
Pre-Run: 537,947,217,920 bytes free
Post-Run: 537,508,364,288 bytes free
.
- - End Of File - - F8BD3C6E3092297718B4D8DEF62709A8

Attached Files

  • Attached File  MBR.zip   581bytes   0 downloads


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 20 July 2012 - 07:58 AM

Your logs are clean. We will remove this old process from the registry.

Open notepad and copy/paste the text in the quote box below into it:

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-

ClearJavaCache::


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

===

Search the computer for this file checkup.txt

If not found yes please run the tool in safe mode.
Post the log if you can.

How is the computer performing?

#7 jac2196

jac2196
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 20 July 2012 - 09:07 AM

I ran Combofix as you instructed. When I tried to post the log, I got a message that my post was too long. As such, I've attached the log as a zipped file.

I found the checkup.exe file on my computer, but when I opened it, it was empty. I then ran Safety Check again from Safe Mode. The same thing happened: an empty log appeared after the program had run, and the program displayed "The system cannot find the specified path" two times.

The system has been performing well. If you wouldn't mind, I would appreciate your advice on antivirus software. When the infection occurred, I was (and still am) running Norton Antivirus version 18.7.1.3. All my definitions were up to date. Is Norton Antivirus also a firewall? Do you think there's some product on the market that provides better protection than Norton? Many, many thanks.

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 20 July 2012 - 09:50 AM

Your log is clean.

I use Norton 360 that comes with a Firewall.

Never had an infection. Not saying that I will never have one. Be careful when you visit unknown site.

The main point is to keep it up to date, let the software check for new version. Do not check it yourself. You may forget.

Install WOT - For chrome
https://chrome.google.com/webstore/detail/bhmmomiinigofkjcapegjjndpbikblnp

For Firefox.
https://addons.mozilla.org/en-US/firefox/addon/wot-safe-browsing-tool/
===

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 26 July 2012 - 09:59 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 04 August 2012 - 07:13 AM

Topic reopened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users