Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Geek Squad said there are 117 Viruses


  • This topic is locked This topic is locked
93 replies to this topic

#1 mikako17

mikako17

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 29 August 2012 - 12:08 AM

The problem started when my laptop randomly flashed blue, restarted and wasn't able to boot. I turned it off and when I turned it back on, it was able to boot. After a while it wasn't able to boot Windows at all. I brought it in to Geek Squad because I had a hardware warranty on the laptop and they were able to fix the booting problem, but they told me I had 117 viruses and that I would need to pay them to fix that. I decided to not go that route and try this route. So I am now running my laptop on Safe Mode with networking enabled. I tried to go through the Preparation Guide and got to the point where I run DDS, but it is not running, the small black window flashes for a second and then disappears. What should I do?

The laptop runs Windows Vista Home Premium and is a 64-bit Operating System.

Edited by mikako17, 29 August 2012 - 12:10 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:14 PM

Posted 01 September 2012 - 07:59 AM

Greetings mikako17 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. :thumbup2: If you prefer I call you something other than your screen name I would be pleased to do so.


===================================================


Ground Rules:

  • First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run the following for me.


===================================================


Farbar's Recovery Scan Tool

--------------------

I would like you to run Farbar's Recovery Scan Tool to check your Master Boot Record (MBR). For this you will need a USB flash drive and start on a clean computer.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC and we will enter the System Recovery Options one of the two following ways:

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • FSS.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 mikako17

mikako17
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 01 September 2012 - 11:41 AM

Hi Gary, thanks for helping me :) And here's the log:

Scan result of Farbar Recovery Scan Tool Version: 01-09-2012 01
Ran by SYSTEM at 01-09-2012 11:36:16
Running from F:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [247808 2008-12-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [442368 2009-06-03] (IDT, Inc.)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKU\Guest\...\Run: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\Guest\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [x]
HKU\Guest\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Guest\...\Policies\system: [WallpaperStyle] 2
HKU\Maivboon\...\Run: [Google Update] "C:\Users\Maivboon\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2009-10-10] (Google Inc.)
HKU\Maivboon\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [288128 2012-05-28] (IObit)
HKU\Maivboon\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-08-19] (Valve Corporation)
HKU\Maivboon\...\Policies\system: [WallpaperStyle] 2
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

==================== Services (Whitelisted) ======

2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [913792 2012-05-26] (IObit)
2 atashost; "C:\Windows\SysWOW64\atashost.exe" [20376 2009-03-06] (WebEx Communications, Inc.)
2 BESClient; "C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe" [4675992 2012-03-19] (IBM Corp.)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 niSvcLoc; C:\Windows\SysWOW64\nisvcloc.exe -s [13896 2009-06-04] (National Instruments Corporation)
2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\SymcPCCULaunchSvc.exe /s [177080 2012-01-12] (Symantec Corporation)
2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\diMaster.dll" /prefetch:1 [132984 2009-08-29] (Symantec Corporation)
2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2009-03-09] ()
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-01-21] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe [239104 2009-06-03] (IDT, Inc.)
2 TVCapSvc; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe" [296320 2009-02-04] ()
2 TVSched; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe" [116104 2009-02-24] ()
2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]

==================== Drivers (Whitelisted) ===================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120803.001\BHDrvx64.sys [1161376 2012-07-10] (Symantec Corporation)
1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-19] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-20] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120823.001\IDSvia64.sys [512672 2012-08-19] (Symantec Corporation)
3 msloop; C:\Windows\System32\DRIVERS\loop.sys [9216 2008-01-20] (Microsoft Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120823.032\ENG64.SYS [125600 2012-08-24] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120823.032\EX64.SYS [2084000 2012-08-24] (Symantec Corporation)
3 netr7364; C:\Windows\System32\DRIVERS\WUSB54GCx64.sys [320512 2007-03-12] (Ralink Technology Inc.)
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1308000.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1308000.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1308000.00E\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-24] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1308000.00E\SYMTDIV.SYS [445560 2012-04-17] (Symantec Corporation)
3 dump_wmimmc; \??\C:\Program Files (x86)\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [x]
4 eabfiltr; [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 iscFlash; \??\C:\Users\Maivboon\AppData\Local\Temp\iscflashx64.sys [x]
3 NiRioRpc; [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 OpcEnum; [x]
3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-09-01 11:35 - 2012-09-01 11:35 - 00000000 ____D C:\FRST
2012-08-28 20:40 - 2012-08-28 20:40 - 00607260 ____R (Swearware) C:\Users\Maivboon\Desktop\dds.com
2012-08-28 20:36 - 2012-08-28 20:36 - 00000478 ____A C:\Users\Maivboon\Desktop\defogger_disable.log
2012-08-28 20:36 - 2012-08-28 20:36 - 00000000 ____A C:\Users\Maivboon\defogger_reenable
2012-08-28 17:43 - 2012-08-28 17:43 - 00050477 ____A C:\Users\Maivboon\Desktop\Defogger.exe
2012-08-28 17:32 - 2012-08-28 17:38 - 72352304 ____A (Microsoft Corporation) C:\Users\Maivboon\Downloads\msert.exe
2012-08-24 06:48 - 2012-08-24 06:48 - 00000034 ____A C:\Windows\setupact.log
2012-08-24 06:48 - 2012-08-24 06:48 - 00000000 ____A C:\Windows\setuperr.log
2012-08-20 14:32 - 2012-08-20 14:34 - 18776453 ____A C:\Users\Maivboon\Downloads\(C82) [CA.D.D (Kiriyama Machi)] Ryoshuu (Final Fantasy Tactics).zip
2012-08-20 14:29 - 2012-08-20 14:32 - 27043555 ____A C:\Users\Maivboon\Downloads\(C82) [Pish Lover (Amatake Akewo)] Majo Gari no Parade (English).rar
2012-08-20 14:01 - 2012-08-20 14:05 - 22046721 ____A C:\Users\Maivboon\Downloads\(C82) [Ruu Kikaku (Ruuen Rouga)] FARFALLA Tre =SW=.rar
2012-08-20 06:33 - 2012-08-20 06:37 - 00000000 ____D C:\Program Files (x86)\Eusing Free Registry Cleaner
2012-08-20 06:33 - 2012-08-20 06:33 - 00000892 ____A C:\Users\Guest\Desktop\Eusing Free Registry Cleaner.lnk
2012-08-20 06:32 - 2012-08-20 06:32 - 00977270 ____A C:\Users\Maivboon\Downloads\EFRCSetup.exe
2012-08-20 03:59 - 2012-06-27 20:10 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-20 03:59 - 2012-06-27 19:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-20 03:59 - 2012-06-27 19:28 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-20 03:59 - 2012-06-27 19:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-20 03:59 - 2012-06-27 19:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-20 03:59 - 2012-06-27 19:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-20 03:59 - 2012-06-27 19:19 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-20 03:59 - 2012-06-27 19:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-20 03:59 - 2012-06-27 19:16 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-20 03:59 - 2012-06-27 19:16 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-20 03:59 - 2012-06-27 19:14 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-20 03:59 - 2012-06-27 19:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-20 03:59 - 2012-06-27 19:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-20 03:59 - 2012-06-27 19:08 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-20 03:59 - 2012-06-27 16:50 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-20 03:59 - 2012-06-27 16:28 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-20 03:59 - 2012-06-27 16:27 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-20 03:59 - 2012-06-27 16:19 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-20 03:59 - 2012-06-27 16:18 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-20 03:59 - 2012-06-27 16:18 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-20 03:59 - 2012-06-27 16:16 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-20 03:59 - 2012-06-27 16:13 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-20 03:59 - 2012-06-27 16:12 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-20 03:59 - 2012-06-27 16:10 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-20 03:59 - 2012-06-27 16:08 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-20 03:59 - 2012-06-27 16:08 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-20 03:59 - 2012-06-27 16:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-20 03:59 - 2012-06-27 16:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-19 22:44 - 2012-08-19 22:44 - 00000000 ____D C:\Program Files\Microsoft ATS
2012-08-19 22:44 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-08-19 22:43 - 2012-08-19 22:43 - 00347424 ____A (Microsoft Corporation) C:\Users\Maivboon\Downloads\MicrosoftFixit.wu.MATSKB.Run.exe
2012-08-19 22:43 - 2012-06-04 07:29 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-08-19 22:43 - 2012-06-01 16:22 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-08-19 22:43 - 2012-06-01 16:22 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-08-19 22:43 - 2012-06-01 16:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-08-19 22:43 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-08-19 21:25 - 2012-07-04 06:33 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-19 21:14 - 2012-08-19 21:14 - 00000316 ____A C:\Windows\PFRO.log
2012-08-19 21:07 - 2012-08-19 21:07 - 00000000 ____D C:\a18c476f78e97c8caf17
2012-08-19 21:04 - 2012-08-19 21:04 - 00000000 ____D C:\03fe9c998ec1445c21a9116c
2012-08-19 20:53 - 2012-08-19 20:53 - 00000493 ____A C:\Users\Maivboon\Desktop\Stanford Stuff.lnk
2012-08-19 20:50 - 2012-08-19 20:53 - 00000000 ____D C:\Users\Maivboon\My Documents\Comp Stuff
2012-08-19 20:50 - 2012-08-19 20:53 - 00000000 ____D C:\Users\Maivboon\Documents\Comp Stuff
2012-08-19 20:38 - 2012-08-19 20:38 - 00001050 ____A C:\Users\Maivboon\Downloads\sessions.txt
2012-08-19 20:25 - 2012-08-19 20:25 - 00000000 ____D C:\Users\All Users\Mozilla
2012-08-19 20:25 - 2012-08-19 20:25 - 00000000 ____D C:\Users\All Users\Application Data\Mozilla
2012-08-19 20:24 - 2012-08-19 20:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-08-19 20:05 - 2012-08-19 20:13 - 32708320 ____A (Google Inc.) C:\Users\Maivboon\Downloads\ChromeStandaloneSetup.exe
2012-08-19 19:45 - 2012-05-11 08:34 - 00788480 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-19 19:45 - 2012-05-11 07:57 - 00623616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\localspl.dll
2012-08-19 19:40 - 2012-08-19 19:40 - 00002184 ____A C:\{4442B913-F257-4064-825B-18FB22F98086}
2012-08-19 19:16 - 2012-06-29 08:20 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-19 19:16 - 2012-06-29 08:01 - 00467968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-19 19:14 - 2012-06-08 09:59 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-08-19 19:14 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-08-19 19:14 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-08-19 19:14 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-08-19 19:14 - 2012-06-05 08:22 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-08-19 19:14 - 2012-06-05 08:22 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-08-08 04:13 - 2012-08-08 04:11 - 00131072 ____A C:\Windows\System32\config\SAM (1).gsbackup

==================== 3 Months Modified Files ================================

2012-08-28 21:10 - 2010-01-07 17:17 - 00007460 ____A C:\Users\Maivboon\Local Settings\d3d9caps64.dat
2012-08-28 21:10 - 2010-01-07 17:17 - 00007460 ____A C:\Users\Maivboon\Local Settings\Application Data\d3d9caps64.dat
2012-08-28 21:10 - 2010-01-07 17:17 - 00007460 ____A C:\Users\Maivboon\AppData\Local\d3d9caps64.dat
2012-08-28 20:40 - 2012-08-28 20:40 - 00607260 ____R (Swearware) C:\Users\Maivboon\Desktop\dds.com
2012-08-28 20:36 - 2012-08-28 20:36 - 00000478 ____A C:\Users\Maivboon\Desktop\defogger_disable.log
2012-08-28 20:36 - 2012-08-28 20:36 - 00000000 ____A C:\Users\Maivboon\defogger_reenable
2012-08-28 17:43 - 2012-08-28 17:43 - 00050477 ____A C:\Users\Maivboon\Desktop\Defogger.exe
2012-08-28 17:40 - 2009-09-14 17:03 - 00006756 ____A C:\Users\Maivboon\Local Settings\d3d9caps.dat
2012-08-28 17:40 - 2009-09-14 17:03 - 00006756 ____A C:\Users\Maivboon\Local Settings\Application Data\d3d9caps.dat
2012-08-28 17:40 - 2009-09-14 17:03 - 00006756 ____A C:\Users\Maivboon\AppData\Local\d3d9caps.dat
2012-08-28 17:38 - 2012-08-28 17:32 - 72352304 ____A (Microsoft Corporation) C:\Users\Maivboon\Downloads\msert.exe
2012-08-28 13:36 - 2009-05-31 20:33 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-08-28 13:36 - 2006-11-02 07:42 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-28 13:36 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-28 13:35 - 2006-11-02 07:22 - 00003344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-28 13:35 - 2006-11-02 07:22 - 00003344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-25 05:15 - 2009-09-04 15:48 - 00000244 ____A C:\Windows\Tasks\PersonalAV.job
2012-08-24 07:50 - 2009-08-17 20:05 - 02039446 ____A C:\Windows\WindowsUpdate.log
2012-08-24 07:26 - 2012-04-13 14:00 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-24 07:00 - 2010-01-29 18:08 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-24 06:58 - 2009-10-10 10:01 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-577457521-1064095309-926075012-1000UA.job
2012-08-24 06:48 - 2012-08-24 06:48 - 00000034 ____A C:\Windows\setupact.log
2012-08-24 06:48 - 2012-08-24 06:48 - 00000000 ____A C:\Windows\setuperr.log
2012-08-24 06:23 - 2010-01-29 18:08 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-23 19:15 - 2009-10-10 10:01 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-577457521-1064095309-926075012-1000Core.job
2012-08-21 08:40 - 2006-11-02 04:46 - 00793970 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-20 14:34 - 2012-08-20 14:32 - 18776453 ____A C:\Users\Maivboon\Downloads\(C82) [CA.D.D (Kiriyama Machi)] Ryoshuu (Final Fantasy Tactics).zip
2012-08-20 14:32 - 2012-08-20 14:29 - 27043555 ____A C:\Users\Maivboon\Downloads\(C82) [Pish Lover (Amatake Akewo)] Majo Gari no Parade (English).rar
2012-08-20 14:05 - 2012-08-20 14:01 - 22046721 ____A C:\Users\Maivboon\Downloads\(C82) [Ruu Kikaku (Ruuen Rouga)] FARFALLA Tre =SW=.rar
2012-08-20 11:29 - 2012-02-21 20:30 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForMaivboon.job
2012-08-20 06:33 - 2012-08-20 06:33 - 00000892 ____A C:\Users\Guest\Desktop\Eusing Free Registry Cleaner.lnk
2012-08-20 06:32 - 2012-08-20 06:32 - 00977270 ____A C:\Users\Maivboon\Downloads\EFRCSetup.exe
2012-08-19 22:43 - 2012-08-19 22:43 - 00347424 ____A (Microsoft Corporation) C:\Users\Maivboon\Downloads\MicrosoftFixit.wu.MATSKB.Run.exe
2012-08-19 21:48 - 2006-11-02 07:21 - 00337864 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-19 21:14 - 2012-08-19 21:14 - 00000316 ____A C:\Windows\PFRO.log
2012-08-19 20:53 - 2012-08-19 20:53 - 00000493 ____A C:\Users\Maivboon\Desktop\Stanford Stuff.lnk
2012-08-19 20:38 - 2012-08-19 20:38 - 00001050 ____A C:\Users\Maivboon\Downloads\sessions.txt
2012-08-19 20:13 - 2012-08-19 20:05 - 32708320 ____A (Google Inc.) C:\Users\Maivboon\Downloads\ChromeStandaloneSetup.exe
2012-08-19 19:40 - 2012-08-19 19:40 - 00002184 ____A C:\{4442B913-F257-4064-825B-18FB22F98086}
2012-08-19 19:28 - 2012-04-13 14:00 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-19 19:28 - 2011-05-13 14:41 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-08 04:11 - 2012-08-08 04:13 - 00131072 ____A C:\Windows\System32\config\SAM (1).gsbackup
2012-08-03 01:27 - 2006-11-02 04:35 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-26 08:48 - 2012-07-26 08:48 - 56283136 ____A C:\Windows\System32\config\components.iobit
2012-07-26 08:48 - 2012-07-26 08:48 - 00524288 ____A C:\Windows\System32\config\default.iobit
2012-07-26 08:48 - 2012-07-26 08:48 - 00131072 ____A C:\Windows\System32\config\sam.iobit
2012-07-26 08:48 - 2012-07-26 08:47 - 16916480 ____A C:\Windows\System32\config\system.iobit
2012-07-26 08:47 - 2012-07-26 08:47 - 95088640 ____A C:\Windows\System32\config\software.iobit
2012-07-26 08:47 - 2012-07-26 08:47 - 00028672 ____A C:\Windows\System32\config\security.iobit
2012-07-25 10:23 - 2009-09-30 10:39 - 00083456 ____A C:\Users\Maivboon\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-25 10:23 - 2009-09-30 10:39 - 00083456 ____A C:\Users\Maivboon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-25 10:23 - 2009-09-30 10:39 - 00083456 ____A C:\Users\Maivboon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-25 09:47 - 2006-11-02 04:33 - 95088640 ____A C:\Windows\System32\config\software_previous
2012-07-25 09:47 - 2006-11-02 04:33 - 56619008 ____A C:\Windows\System32\config\components_previous
2012-07-25 09:47 - 2006-11-02 04:33 - 25690112 ____A C:\Windows\System32\config\system_previous
2012-07-25 09:47 - 2006-11-02 04:33 - 00786432 ____A C:\Windows\System32\config\default_previous
2012-07-25 09:47 - 2006-11-02 04:33 - 00131072 ____A C:\Windows\System32\config\sam_previous
2012-07-25 09:47 - 2006-11-02 04:33 - 00028672 ____A C:\Windows\System32\config\security_previous
2012-07-23 18:10 - 2012-07-23 18:10 - 00002865 ____A C:\Users\Maivboon\.recently-used.xbel
2012-07-10 16:21 - 2012-07-10 16:12 - 20519086 ____A C:\Users\Maivboon\Downloads\Reimei_no_Arcana_v08_ch29_[EF].rar
2012-07-10 16:20 - 2012-07-10 16:12 - 17191789 ____A C:\Users\Maivboon\Downloads\Reimei_no_Arcana_v08_ch30_[EF].rar
2012-07-09 07:40 - 2012-07-09 07:38 - 14924006 ____A C:\Users\Maivboon\Downloads\[Cannabis] SokuHame bleepinpo (Japanese) [Trap-Heaven.com].zip
2012-07-09 06:54 - 2012-07-09 06:41 - 86035123 ____A C:\Users\Maivboon\Downloads\Yakusoku Siren ch1-6 (complete) [Ii Shan Ten].zip
2012-07-08 12:33 - 2012-07-08 12:32 - 06146119 ____A C:\Users\Maivboon\Downloads\Proofer_test_[Easy_Going]_HTN224.rar
2012-07-07 14:18 - 2012-07-07 14:17 - 09813480 ____A C:\Users\Maivboon\Downloads\kh66[tateami].zip
2012-07-07 14:16 - 2012-07-07 14:14 - 07819432 ____A C:\Users\Maivboon\Downloads\kh65.zip
2012-07-07 14:13 - 2012-07-07 14:11 - 09521931 ____A C:\Users\Maivboon\Downloads\kh64_tateami.zip
2012-07-04 06:33 - 2012-08-19 21:25 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-29 08:20 - 2012-08-19 19:16 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-06-29 08:01 - 2012-08-19 19:16 - 00467968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-06-27 20:10 - 2012-08-20 03:59 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-27 19:39 - 2012-08-20 03:59 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-27 19:28 - 2012-08-20 03:59 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-27 19:22 - 2012-08-20 03:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-27 19:21 - 2012-08-20 03:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-27 19:20 - 2012-08-20 03:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-27 19:19 - 2012-08-20 03:59 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-27 19:17 - 2012-08-20 03:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-27 19:16 - 2012-08-20 03:59 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-27 19:16 - 2012-08-20 03:59 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-27 19:14 - 2012-08-20 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-27 19:13 - 2012-08-20 03:59 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-27 19:12 - 2012-08-20 03:59 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-27 19:08 - 2012-08-20 03:59 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-27 16:50 - 2012-08-20 03:59 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-27 16:28 - 2012-08-20 03:59 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-27 16:27 - 2012-08-20 03:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-27 16:19 - 2012-08-20 03:59 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-27 16:18 - 2012-08-20 03:59 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-27 16:18 - 2012-08-20 03:59 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-27 16:16 - 2012-08-20 03:59 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-27 16:13 - 2012-08-20 03:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-27 16:12 - 2012-08-20 03:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-27 16:10 - 2012-08-20 03:59 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-27 16:08 - 2012-08-20 03:59 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-27 16:08 - 2012-08-20 03:59 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-27 16:07 - 2012-08-20 03:59 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-27 16:04 - 2012-08-20 03:59 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-26 18:59 - 2012-06-26 18:59 - 03504109 ____A C:\Users\Maivboon\Downloads\music-challenge-assets.zip
2012-06-24 06:03 - 2009-10-31 13:44 - 00000468 ____A C:\Windows\Tasks\Driver Robot.job
2012-06-17 19:24 - 2012-06-17 19:24 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-17 19:24 - 2012-06-17 19:24 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-11 22:34 - 2012-06-11 22:34 - 00001348 ____A C:\Users\Maivboon\Downloads\delivery (1)
2012-06-08 12:13 - 2012-06-08 12:10 - 155648377 ____A C:\Users\Maivboon\Downloads\Psychonauts_MP3_Soundtracks.zip
2012-06-08 12:13 - 2012-06-08 12:10 - 155611809 ____A C:\Users\Maivboon\Downloads\Jim_Guthrie_Sword_and_Sworcery_LP_MP3.zip
2012-06-08 12:12 - 2012-06-08 12:10 - 68204273 ____A C:\Users\Maivboon\Downloads\AmnesiaOST_MP3.zip
2012-06-08 12:11 - 2012-06-08 12:10 - 26441053 ____A C:\Users\Maivboon\Downloads\Limbo_Soundtrack_MP3.zip
2012-06-08 09:59 - 2012-08-19 19:14 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 09:47 - 2012-08-19 19:14 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-08 05:09 - 2012-01-16 15:13 - 00581168 ____A C:\Users\Maivboon\Local Settings\dd_dotnetfx35install.txt
2012-06-08 05:09 - 2012-01-16 15:13 - 00581168 ____A C:\Users\Maivboon\Local Settings\Application Data\dd_dotnetfx35install.txt
2012-06-08 05:09 - 2012-01-16 15:13 - 00581168 ____A C:\Users\Maivboon\AppData\Local\dd_dotnetfx35install.txt
2012-06-08 05:09 - 2012-01-16 15:13 - 00530414 ____A C:\Users\Maivboon\Local Settings\dd_depcheck_NETFX_EXP_35.txt
2012-06-08 05:09 - 2012-01-16 15:13 - 00530414 ____A C:\Users\Maivboon\Local Settings\Application Data\dd_depcheck_NETFX_EXP_35.txt
2012-06-08 05:09 - 2012-01-16 15:13 - 00530414 ____A C:\Users\Maivboon\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2012-06-08 05:04 - 2012-06-08 04:59 - 149648323 ____A C:\Users\Maivboon\Downloads\Supergiant_Games_Bastion_Original_Soundtrack_MP3.zip
2012-06-08 04:46 - 2012-06-08 04:46 - 01606656 ____A C:\Users\Maivboon\Downloads\SteamInstall.msi
2012-06-06 17:59 - 2012-06-06 17:59 - 01070152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2012-06-05 08:47 - 2012-08-19 19:14 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 08:47 - 2012-08-19 19:14 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 08:22 - 2012-08-19 19:14 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 08:22 - 2012-08-19 19:14 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-04 07:29 - 2012-08-19 22:43 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3998.02 MB
Available physical RAM: 3294.3 MB
Total Pagefile: 3677 MB
Available Pagefile: 3274.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:286.41 GB) (Free:132.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:11.68 GB) (Free:1.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (TSB USB DRV) (Removable) (Total:3.61 GB) (Free:3.6 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 3701 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 286 GB 1024 KB
Partition 2 Primary 12 GB 286 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 286 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D RECOVERY NTFS Partition 12 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3697 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F TSB USB DRV FAT32 Removable 3697 MB Healthy

==================================================================================

Last Boot: 2012-08-29 14:01

==================== End Of Log =============================

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:14 PM

Posted 01 September 2012 - 02:32 PM

Greetings mikako17,

thanks for helping me :)

My pleasure!

Thank you for the information. I would like to try to isolate the file that is giving us problems when you try to boot into Normal Mode.

Please perform the following.


===================================================


Enabling Boot Logging and Providing Results

--------------------

  • Restart your computer and gently tap the F8 key to get into the Advanced Options Menu
  • Arrow down to Enabling Boot Logging and then press the Enter key
  • Select your Operating System and press Enter
  • If you are unable to boot into Normal Mode reboot into Safe Mode
  • Press windows key Posted Image + r on your keyboard at the same time
  • Type %WinDir%\ntbtlog.txt and press Enter
  • A Notepad document will open on your desktop
  • Copy and paste the contents of that document in your reply

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • ntbtlog.txt

Edited by Oh My, 01 September 2012 - 02:45 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 mikako17

mikako17
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 01 September 2012 - 04:29 PM

Here's the first part of the next log, it wouldn't let me post it as one because it was too long and the log is attached at the end if you don't want to look at multiple posts :)


Consolidated in attached zip file

Oh My!

Edited by Oh My, 01 September 2012 - 06:05 PM.


#6 mikako17

mikako17
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 01 September 2012 - 04:43 PM

Here's the attached log just in case you don't want to look at multiple posts. It's compressed because it's too big to attach.Attached File  ntbtlog.zip   25.83KB   5 downloads

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:14 PM

Posted 01 September 2012 - 07:26 PM

Greetings mikako17,

Sorry about the length of the post. I cleaned it up and left the zip file which I greatly appreciate you attaching. :thumbup2:

Do you have a way to reinstall Symantec in case we need to uninstall it?

Please do this.


===================================================


Run TDSSKiller by Kaspersky on Vista/7

--------------------

  • Boot into Safe Mode
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.


    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.


    Posted Image

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!


    Posted Image

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis. Please submit these results with your next reply


===================================================


BlueScreenView

----------

  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
More information about the program can be found here


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • BSOD.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 mikako17

mikako17
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 01 September 2012 - 08:30 PM

Just for clarification, should I boot into safe mode with networking to download TDSS and BlueScreen and then boot again into safe mode to run them, or just run them in safe mode with networking. And yes, I still have the product key for Symantec so I should be able to download it and re-install it with that.

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:14 PM

Posted 01 September 2012 - 08:34 PM

Greetings mikako17,

Just boot into Safe Mode and do everything.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 mikako17

mikako17
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 02 September 2012 - 01:00 AM

Here's the log for TDSS and BlueScreen scan didn't turn up anything so I couldn't save selected because there was nothing to select.


00:47:14.0888 0696 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
00:47:15.0044 0696 ============================================================
00:47:15.0044 0696 Current date / time: 2012/09/02 00:47:15.0044
00:47:15.0044 0696 SystemInfo:
00:47:15.0044 0696
00:47:15.0044 0696 OS Version: 6.0.6002 ServicePack: 2.0
00:47:15.0044 0696 Product type: Workstation
00:47:15.0044 0696 ComputerName: FIRST
00:47:15.0044 0696 UserName: Maivboon
00:47:15.0044 0696 Windows directory: C:\Windows
00:47:15.0044 0696 System windows directory: C:\Windows
00:47:15.0044 0696 Running under WOW64
00:47:15.0044 0696 Processor architecture: Intel x64
00:47:15.0044 0696 Number of processors: 2
00:47:15.0044 0696 Page size: 0x1000
00:47:15.0044 0696 Boot type: Safe boot
00:47:15.0044 0696 ============================================================
00:47:19.0302 0696 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:47:19.0302 0696 ============================================================
00:47:19.0302 0696 \Device\Harddisk0\DR0:
00:47:19.0302 0696 MBR partitions:
00:47:19.0302 0696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23CCF800
00:47:19.0302 0696 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23CD0000, BlocksNum 0x175D000
00:47:19.0302 0696 ============================================================
00:47:19.0318 0696 C: <-> \Device\Harddisk0\DR0\Partition1
00:47:19.0365 0696 D: <-> \Device\Harddisk0\DR0\Partition2
00:47:19.0365 0696 ============================================================
00:47:19.0365 0696 Initialize success
00:47:19.0365 0696 ============================================================
00:49:48.0501 0964 ============================================================
00:49:48.0501 0964 Scan started
00:49:48.0501 0964 Mode: Manual;
00:49:48.0501 0964 ============================================================
00:49:49.0312 0964 ================ Scan system memory ========================
00:49:49.0312 0964 System memory - ok
00:49:49.0312 0964 ================ Scan services =============================
00:49:49.0468 0964 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
00:49:49.0468 0964 Accelerometer - ok
00:49:49.0515 0964 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
00:49:49.0515 0964 ACPI - ok
00:49:49.0577 0964 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:49:49.0577 0964 AdobeARMservice - ok
00:49:49.0671 0964 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:49:49.0686 0964 AdobeFlashPlayerUpdateSvc - ok
00:49:49.0733 0964 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
00:49:49.0733 0964 adp94xx - ok
00:49:49.0749 0964 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
00:49:49.0764 0964 adpahci - ok
00:49:49.0780 0964 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
00:49:49.0780 0964 adpu160m - ok
00:49:49.0811 0964 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
00:49:49.0811 0964 adpu320 - ok
00:49:49.0905 0964 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
00:49:49.0920 0964 AdvancedSystemCareService5 - ok
00:49:49.0936 0964 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:49:49.0936 0964 AeLookupSvc - ok
00:49:49.0967 0964 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
00:49:49.0967 0964 AFD - ok
00:49:50.0030 0964 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
00:49:50.0030 0964 AgereModemAudio - ok
00:49:50.0061 0964 [ C98356D813B581E9C425B42A5D146CE0 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
00:49:50.0076 0964 AgereSoftModem - ok
00:49:50.0108 0964 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:49:50.0108 0964 agp440 - ok
00:49:50.0123 0964 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
00:49:50.0123 0964 aic78xx - ok
00:49:50.0139 0964 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
00:49:50.0154 0964 ALG - ok
00:49:50.0154 0964 [ E0CA5BB8E6C79533DC6B1DA7361A201E ] aliide C:\Windows\system32\drivers\aliide.sys
00:49:50.0154 0964 aliide - ok
00:49:50.0170 0964 [ 7034F8D1B9703D711D3F92C95DEB377D ] amdide C:\Windows\system32\drivers\amdide.sys
00:49:50.0170 0964 amdide - ok
00:49:50.0186 0964 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
00:49:50.0201 0964 AmdK8 - ok
00:49:50.0217 0964 [ 69D882157E5E4D17D32E30182F945046 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
00:49:50.0217 0964 ApfiltrService - ok
00:49:50.0232 0964 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
00:49:50.0232 0964 Appinfo - ok
00:49:50.0310 0964 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:49:50.0310 0964 Apple Mobile Device - ok
00:49:50.0342 0964 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
00:49:50.0342 0964 arc - ok
00:49:50.0357 0964 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
00:49:50.0357 0964 arcsas - ok
00:49:50.0373 0964 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:49:50.0373 0964 AsyncMac - ok
00:49:50.0404 0964 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
00:49:50.0404 0964 atapi - ok
00:49:50.0451 0964 [ 40767B965A8D575D794F1F95E2E017E9 ] atashost C:\Windows\SysWOW64\atashost.exe
00:49:50.0451 0964 atashost - ok
00:49:50.0482 0964 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:49:50.0498 0964 AudioEndpointBuilder - ok
00:49:50.0513 0964 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:49:50.0513 0964 AudioSrv - ok
00:49:50.0607 0964 [ E046CB1958CEBFFF7866E56588B10FC1 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
00:49:50.0654 0964 BCM43XX - ok
00:49:50.0794 0964 [ CBDC51C584FD4A6BBD06727D82A11428 ] BESClient C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
00:49:50.0872 0964 BESClient - ok
00:49:50.0919 0964 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
00:49:50.0934 0964 BFE - ok
00:49:51.0044 0964 [ C8AB71A5102D0FC103F6DFC750005137 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120803.001\BHDrvx64.sys
00:49:51.0168 0964 BHDrvx64 - ok
00:49:51.0215 0964 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
00:49:51.0371 0964 BITS - ok
00:49:51.0387 0964 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
00:49:51.0387 0964 blbdrive - ok
00:49:51.0434 0964 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
00:49:51.0434 0964 Bonjour Service - ok
00:49:51.0465 0964 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:49:51.0480 0964 bowser - ok
00:49:51.0480 0964 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
00:49:51.0496 0964 BrFiltLo - ok
00:49:51.0512 0964 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
00:49:51.0512 0964 BrFiltUp - ok
00:49:51.0527 0964 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
00:49:51.0527 0964 Browser - ok
00:49:51.0558 0964 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
00:49:51.0558 0964 Brserid - ok
00:49:51.0574 0964 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
00:49:51.0574 0964 BrSerWdm - ok
00:49:51.0574 0964 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
00:49:51.0590 0964 BrUsbMdm - ok
00:49:51.0605 0964 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
00:49:51.0605 0964 BrUsbSer - ok
00:49:51.0621 0964 [ 471FF09330A53177BBE9FD6DDF8A8259 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
00:49:51.0621 0964 BthEnum - ok
00:49:51.0652 0964 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
00:49:51.0652 0964 BTHMODEM - ok
00:49:51.0668 0964 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
00:49:51.0668 0964 BthPan - ok
00:49:51.0699 0964 [ 7D104F22C04A76F0D2F96F789AC07FCB ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
00:49:51.0714 0964 BTHPORT - ok
00:49:51.0746 0964 [ 22E65FFD640F16968F855F5B3528D366 ] BthServ C:\Windows\System32\bthserv.dll
00:49:51.0746 0964 BthServ - ok
00:49:51.0761 0964 [ D9324F0C142267961CE900BFC3798BB1 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
00:49:51.0761 0964 BTHUSB - ok
00:49:51.0808 0964 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys
00:49:51.0808 0964 ccSet_NIS - ok
00:49:51.0839 0964 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:49:51.0839 0964 cdfs - ok
00:49:51.0870 0964 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:49:51.0886 0964 cdrom - ok
00:49:51.0902 0964 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
00:49:51.0917 0964 CertPropSvc - ok
00:49:51.0917 0964 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:49:51.0917 0964 circlass - ok
00:49:51.0964 0964 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
00:49:51.0964 0964 CLFS - ok
00:49:52.0026 0964 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:49:52.0042 0964 clr_optimization_v2.0.50727_32 - ok
00:49:52.0073 0964 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:49:52.0089 0964 clr_optimization_v2.0.50727_64 - ok
00:49:52.0151 0964 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:49:52.0260 0964 clr_optimization_v4.0.30319_32 - ok
00:49:52.0292 0964 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:49:52.0385 0964 clr_optimization_v4.0.30319_64 - ok
00:49:52.0401 0964 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:49:52.0401 0964 CmBatt - ok
00:49:52.0416 0964 [ 8C6AA24C1D7273A02284588426AB8CE3 ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:49:52.0416 0964 cmdide - ok
00:49:52.0479 0964 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
00:49:52.0479 0964 Com4QLBEx - ok
00:49:52.0510 0964 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:49:52.0510 0964 Compbatt - ok
00:49:52.0510 0964 COMSysApp - ok
00:49:52.0526 0964 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
00:49:52.0526 0964 crcdisk - ok
00:49:52.0572 0964 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:49:52.0572 0964 CryptSvc - ok
00:49:52.0635 0964 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
00:49:52.0666 0964 DcomLaunch - ok
00:49:52.0682 0964 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:49:52.0697 0964 DfsC - ok
00:49:52.0775 0964 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
00:49:52.0853 0964 DFSR - ok
00:49:52.0900 0964 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
00:49:52.0900 0964 Dhcp - ok
00:49:52.0931 0964 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
00:49:52.0931 0964 disk - ok
00:49:52.0962 0964 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:49:52.0962 0964 Dnscache - ok
00:49:52.0994 0964 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
00:49:52.0994 0964 dot3svc - ok
00:49:53.0025 0964 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
00:49:53.0025 0964 DPS - ok
00:49:53.0040 0964 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:49:53.0056 0964 drmkaud - ok
00:49:53.0056 0964 dump_wmimmc - ok
00:49:53.0087 0964 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:49:53.0118 0964 DXGKrnl - ok
00:49:53.0150 0964 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
00:49:53.0150 0964 E1G60 - ok
00:49:53.0181 0964 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
00:49:53.0181 0964 EapHost - ok
00:49:53.0212 0964 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
00:49:53.0228 0964 Ecache - ok
00:49:53.0306 0964 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
00:49:53.0306 0964 eeCtrl - ok
00:49:53.0368 0964 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:49:53.0384 0964 ehRecvr - ok
00:49:53.0399 0964 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
00:49:53.0399 0964 ehSched - ok
00:49:53.0415 0964 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
00:49:53.0415 0964 ehstart - ok
00:49:53.0430 0964 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
00:49:53.0446 0964 elxstor - ok
00:49:53.0477 0964 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
00:49:53.0493 0964 EMDMgmt - ok
00:49:53.0524 0964 [ CD0C80E5E9A9BF8DD145F43713D77993 ] enecir C:\Windows\system32\DRIVERS\enecir.sys
00:49:53.0524 0964 enecir - ok
00:49:53.0571 0964 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:49:53.0571 0964 EraserUtilRebootDrv - ok
00:49:53.0586 0964 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:49:53.0586 0964 ErrDev - ok
00:49:53.0649 0964 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
00:49:53.0649 0964 EventSystem - ok
00:49:53.0680 0964 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
00:49:53.0696 0964 exfat - ok
00:49:53.0727 0964 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:49:53.0742 0964 fastfat - ok
00:49:53.0774 0964 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:49:53.0774 0964 fdc - ok
00:49:53.0789 0964 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
00:49:53.0789 0964 fdPHost - ok
00:49:53.0820 0964 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
00:49:53.0820 0964 FDResPub - ok
00:49:53.0836 0964 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:49:53.0836 0964 FileInfo - ok
00:49:53.0836 0964 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:49:53.0852 0964 Filetrace - ok
00:49:53.0883 0964 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:49:53.0898 0964 FLEXnet Licensing Service - ok
00:49:53.0976 0964 [ 259DC094E2D3F08654C8FB73D8ECC0F5 ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
00:49:53.0992 0964 FLEXnet Licensing Service 64 - ok
00:49:54.0023 0964 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:49:54.0023 0964 flpydisk - ok
00:49:54.0070 0964 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:49:54.0070 0964 FltMgr - ok
00:49:54.0132 0964 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
00:49:54.0164 0964 FontCache - ok
00:49:54.0210 0964 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:49:54.0210 0964 FontCache3.0.0.0 - ok
00:49:54.0242 0964 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
00:49:54.0257 0964 fssfltr - ok
00:49:54.0335 0964 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
00:49:54.0382 0964 fsssvc - ok
00:49:54.0413 0964 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:49:54.0413 0964 Fs_Rec - ok
00:49:54.0460 0964 [ 7442BCA60ED46CC31C2F39728BBDD9AD ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
00:49:54.0460 0964 FTDIBUS - ok
00:49:54.0491 0964 [ 121AF3148CDDA212CFFBC4F6240699C2 ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
00:49:54.0491 0964 FTSER2K - ok
00:49:54.0522 0964 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
00:49:54.0522 0964 gagp30kx - ok
00:49:54.0554 0964 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:49:54.0554 0964 GEARAspiWDM - ok
00:49:54.0600 0964 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
00:49:54.0632 0964 gpsvc - ok
00:49:54.0694 0964 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:49:54.0694 0964 gupdate - ok
00:49:54.0710 0964 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:49:54.0710 0964 gupdatem - ok
00:49:54.0741 0964 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:49:54.0741 0964 HdAudAddService - ok
00:49:54.0788 0964 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
00:49:54.0819 0964 HDAudBus - ok
00:49:54.0834 0964 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
00:49:54.0834 0964 HidBth - ok
00:49:54.0866 0964 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:49:54.0866 0964 HidIr - ok
00:49:54.0897 0964 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
00:49:54.0912 0964 hidserv - ok
00:49:54.0928 0964 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:49:54.0928 0964 HidUsb - ok
00:49:54.0959 0964 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
00:49:54.0959 0964 hkmsvc - ok
00:49:54.0990 0964 HP Health Check Service - ok
00:49:55.0006 0964 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
00:49:55.0006 0964 HpCISSs - ok
00:49:55.0037 0964 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
00:49:55.0037 0964 hpdskflt - ok
00:49:55.0068 0964 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
00:49:55.0068 0964 HpqKbFiltr - ok
00:49:55.0115 0964 [ 640E51DB253265C3EAC075866B3D2B33 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
00:49:55.0131 0964 hpqwmiex - ok
00:49:55.0178 0964 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
00:49:55.0178 0964 hpsrv - ok
00:49:55.0209 0964 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:49:55.0240 0964 HTTP - ok
00:49:55.0256 0964 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
00:49:55.0256 0964 i2omp - ok
00:49:55.0271 0964 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
00:49:55.0271 0964 i8042prt - ok
00:49:55.0287 0964 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
00:49:55.0287 0964 iaStorV - ok
00:49:55.0334 0964 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
00:49:55.0334 0964 IDriverT - ok
00:49:55.0396 0964 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:49:55.0427 0964 idsvc - ok
00:49:55.0505 0964 [ 82AB40147567DE48C405AFE570A2266F ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120823.001\IDSvia64.sys
00:49:55.0536 0964 IDSVia64 - ok
00:49:55.0708 0964 [ 7B0A679638E9380C0D8D42C7D43F8169 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
00:49:55.0848 0964 igfx - ok
00:49:55.0880 0964 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
00:49:55.0880 0964 iirsp - ok
00:49:55.0926 0964 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
00:49:55.0942 0964 IKEEXT - ok
00:49:55.0958 0964 [ C7C9720A5B0FD2B974FC4F72E405204B ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
00:49:55.0958 0964 IntcHdmiAddService - ok
00:49:55.0973 0964 [ 475490CAF376E55E6E8B37BBDFEB2E81 ] intelide C:\Windows\system32\drivers\intelide.sys
00:49:55.0973 0964 intelide - ok
00:49:55.0989 0964 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:49:55.0989 0964 intelppm - ok
00:49:56.0004 0964 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:49:56.0020 0964 IPBusEnum - ok
00:49:56.0051 0964 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:49:56.0051 0964 IpFilterDriver - ok
00:49:56.0082 0964 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:49:56.0082 0964 iphlpsvc - ok
00:49:56.0098 0964 IpInIp - ok
00:49:56.0129 0964 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
00:49:56.0129 0964 IPMIDRV - ok
00:49:56.0145 0964 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
00:49:56.0145 0964 IPNAT - ok
00:49:56.0207 0964 [ D38469601B72D2DA4F847FC642174E21 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:49:56.0223 0964 iPod Service - ok
00:49:56.0238 0964 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:49:56.0238 0964 IRENUM - ok
00:49:56.0270 0964 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:49:56.0270 0964 isapnp - ok
00:49:56.0894 0964 iscFlash - ok
00:49:57.0003 0964 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
00:49:57.0003 0964 iScsiPrt - ok
00:49:57.0034 0964 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
00:49:57.0034 0964 iteatapi - ok
00:49:57.0050 0964 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
00:49:57.0050 0964 iteraid - ok
00:49:57.0065 0964 [ B33736B29D70DBD275B099BCD4F5C1BA ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
00:49:57.0065 0964 JMCR - ok
00:49:57.0096 0964 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:49:57.0096 0964 kbdclass - ok
00:49:57.0128 0964 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:49:57.0128 0964 kbdhid - ok
00:49:57.0159 0964 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
00:49:57.0174 0964 KeyIso - ok
00:49:57.0206 0964 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:49:57.0221 0964 KSecDD - ok
00:49:57.0237 0964 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:49:57.0237 0964 ksthunk - ok
00:49:57.0268 0964 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
00:49:57.0268 0964 KtmRm - ok
00:49:57.0315 0964 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
00:49:57.0346 0964 LanmanServer - ok
00:49:57.0377 0964 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:49:57.0393 0964 LanmanWorkstation - ok
00:49:57.0471 0964 [ 88E52495B47C67126B510AF53FDB0BC7 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
00:49:57.0471 0964 LBTServ - ok
00:49:57.0486 0964 [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
00:49:57.0486 0964 LHidFilt - ok
00:49:57.0518 0964 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:49:57.0518 0964 lltdio - ok
00:49:57.0549 0964 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:49:57.0549 0964 lltdsvc - ok
00:49:57.0580 0964 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:49:57.0580 0964 lmhosts - ok
00:49:57.0611 0964 [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
00:49:57.0611 0964 LMouFilt - ok
00:49:57.0642 0964 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
00:49:57.0642 0964 LSI_FC - ok
00:49:57.0658 0964 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
00:49:57.0658 0964 LSI_SAS - ok
00:49:57.0658 0964 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
00:49:57.0658 0964 LSI_SCSI - ok
00:49:57.0674 0964 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
00:49:57.0674 0964 luafv - ok
00:49:57.0689 0964 [ 9D9714E78EAC9E5368208649489C920E ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
00:49:57.0689 0964 LUsbFilt - ok
00:49:57.0736 0964 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
00:49:57.0752 0964 mcdbus - ok
00:49:57.0767 0964 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:49:57.0783 0964 Mcx2Svc - ok
00:49:57.0798 0964 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
00:49:57.0798 0964 megasas - ok
00:49:57.0830 0964 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
00:49:57.0830 0964 MegaSR - ok
00:49:57.0861 0964 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
00:49:57.0861 0964 MMCSS - ok
00:49:57.0876 0964 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
00:49:57.0876 0964 Modem - ok
00:49:57.0892 0964 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:49:57.0892 0964 monitor - ok
00:49:57.0908 0964 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:49:57.0908 0964 mouclass - ok
00:49:57.0923 0964 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:49:57.0923 0964 mouhid - ok
00:49:57.0939 0964 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
00:49:57.0939 0964 MountMgr - ok
00:49:57.0986 0964 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:49:57.0986 0964 MozillaMaintenance - ok
00:49:58.0017 0964 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
00:49:58.0017 0964 mpio - ok
00:49:58.0048 0964 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:49:58.0048 0964 mpsdrv - ok
00:49:58.0095 0964 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
00:49:58.0110 0964 MpsSvc - ok
00:49:58.0126 0964 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
00:49:58.0126 0964 Mraid35x - ok
00:49:58.0173 0964 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:49:58.0173 0964 MRxDAV - ok
00:49:58.0204 0964 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:49:58.0220 0964 mrxsmb - ok
00:49:58.0251 0964 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:49:58.0251 0964 mrxsmb10 - ok
00:49:58.0282 0964 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:49:58.0282 0964 mrxsmb20 - ok
00:49:58.0313 0964 [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci C:\Windows\system32\drivers\msahci.sys
00:49:58.0313 0964 msahci - ok
00:49:58.0329 0964 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:49:58.0329 0964 msdsm - ok
00:49:58.0360 0964 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
00:49:58.0360 0964 MSDTC - ok
00:49:58.0376 0964 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:49:58.0376 0964 Msfs - ok
00:49:58.0391 0964 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:49:58.0391 0964 msisadrv - ok
00:49:58.0438 0964 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:49:58.0438 0964 MSiSCSI - ok
00:49:58.0438 0964 msiserver - ok
00:49:58.0469 0964 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:49:58.0469 0964 MSKSSRV - ok
00:49:58.0485 0964 [ 612C71F212C632046C2AC8D558496FEE ] msloop C:\Windows\system32\DRIVERS\loop.sys
00:49:58.0485 0964 msloop - ok
00:49:58.0500 0964 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:49:58.0500 0964 MSPCLOCK - ok
00:49:58.0516 0964 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:49:58.0516 0964 MSPQM - ok
00:49:58.0547 0964 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:49:58.0547 0964 MsRPC - ok
00:49:58.0563 0964 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
00:49:58.0563 0964 mssmbios - ok
00:49:58.0641 0964 MSSQL$SQLEXPRESS - ok
00:49:58.0672 0964 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
00:49:58.0672 0964 MSSQLServerADHelper100 - ok
00:49:58.0688 0964 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:49:58.0688 0964 MSTEE - ok
00:49:58.0828 0964 [ CB4A082AF58D1A0969F931816D5CFB05 ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
00:49:58.0906 0964 msvsmon90 - ok
00:49:58.0953 0964 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
00:49:58.0953 0964 Mup - ok
00:49:58.0984 0964 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
00:49:58.0984 0964 napagent - ok
00:49:59.0031 0964 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:49:59.0031 0964 NativeWifiP - ok
00:49:59.0140 0964 [ 149A9AD81BB327E892FA1ACB77722442 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120823.032\ENG64.SYS
00:49:59.0140 0964 NAVENG - ok
00:49:59.0202 0964 [ 4AF8750E71B549FEC5F6D1D01398CA69 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120823.032\EX64.SYS
00:49:59.0249 0964 NAVEX15 - ok
00:49:59.0296 0964 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:49:59.0327 0964 NDIS - ok
00:49:59.0343 0964 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:49:59.0343 0964 NdisTapi - ok
00:49:59.0358 0964 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:49:59.0358 0964 Ndisuio - ok
00:49:59.0405 0964 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:49:59.0405 0964 NdisWan - ok
00:49:59.0421 0964 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:49:59.0421 0964 NDProxy - ok
00:49:59.0436 0964 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:49:59.0436 0964 NetBIOS - ok
00:49:59.0483 0964 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
00:49:59.0483 0964 netbt - ok
00:49:59.0499 0964 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
00:49:59.0499 0964 Netlogon - ok
00:49:59.0514 0964 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
00:49:59.0530 0964 Netman - ok
00:49:59.0592 0964 [ 74751DDA198165947FD7454D83F49825 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:49:59.0592 0964 NetMsmqActivator - ok
00:49:59.0608 0964 [ 74751DDA198165947FD7454D83F49825 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:49:59.0608 0964 NetPipeActivator - ok
00:49:59.0639 0964 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
00:49:59.0639 0964 netprofm - ok
00:49:59.0686 0964 [ 4D457321124EF6031875DA01E9C402B3 ] netr7364 C:\Windows\system32\DRIVERS\WUSB54GCx64.sys
00:49:59.0702 0964 netr7364 - ok
00:49:59.0717 0964 [ 74751DDA198165947FD7454D83F49825 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:49:59.0717 0964 NetTcpActivator - ok
00:49:59.0733 0964 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:49:59.0733 0964 NetTcpPortSharing - ok
00:49:59.0826 0964 [ C86984AEE87900C1EEB6942EDE3BF4B6 ] NETw3v64 C:\Windows\system32\DRIVERS\NETw3v64.sys
00:49:59.0889 0964 NETw3v64 - ok
00:49:59.0904 0964 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
00:49:59.0920 0964 nfrd960 - ok
00:49:59.0998 0964 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
00:49:59.0998 0964 NIS - ok
00:50:00.0045 0964 niSvcLoc - ok
00:50:00.0076 0964 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
00:50:00.0076 0964 NlaSvc - ok
00:50:00.0107 0964 Norton PC Checkup Application Launcher - ok
00:50:00.0138 0964 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:50:00.0138 0964 Npfs - ok
00:50:00.0138 0964 npggsvc - ok
00:50:00.0154 0964 NPPTNT2 - ok
00:50:00.0170 0964 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
00:50:00.0170 0964 nsi - ok
00:50:00.0185 0964 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:50:00.0185 0964 nsiproxy - ok
00:50:00.0248 0964 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:50:00.0279 0964 Ntfs - ok
00:50:00.0310 0964 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
00:50:00.0310 0964 Null - ok
00:50:00.0326 0964 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:50:00.0326 0964 nvraid - ok
00:50:00.0341 0964 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:50:00.0341 0964 nvstor - ok
00:50:00.0357 0964 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:50:00.0372 0964 nv_agp - ok
00:50:00.0372 0964 NwlnkFlt - ok
00:50:00.0372 0964 NwlnkFwd - ok
00:50:00.0450 0964 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:50:00.0466 0964 odserv - ok
00:50:00.0497 0964 [ 1B30103FDE512915A9214B108B6E7A9C ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
00:50:00.0497 0964 ohci1394 - ok
00:50:00.0528 0964 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:50:00.0544 0964 ose - ok
00:50:00.0591 0964 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
00:50:00.0622 0964 p2pimsvc - ok
00:50:00.0669 0964 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
00:50:00.0684 0964 p2psvc - ok
00:50:00.0716 0964 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
00:50:00.0716 0964 Parport - ok
00:50:00.0747 0964 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:50:00.0747 0964 partmgr - ok
00:50:00.0762 0964 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
00:50:00.0762 0964 PcaSvc - ok
00:50:00.0794 0964 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe
00:50:00.0794 0964 PCCUJobMgr - ok
00:50:00.0825 0964 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
00:50:00.0840 0964 pci - ok
00:50:00.0840 0964 [ 15E5C3F89A3452EFBDA3B39816DBC4EE ] pciide C:\Windows\system32\drivers\pciide.sys
00:50:00.0840 0964 pciide - ok
00:50:00.0872 0964 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
00:50:00.0872 0964 pcmcia - ok
00:50:00.0903 0964 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:50:00.0918 0964 PEAUTH - ok
00:50:00.0950 0964 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:50:01.0152 0964 PerfHost - ok
00:50:01.0199 0964 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
00:50:01.0230 0964 pla - ok
00:50:01.0277 0964 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:50:01.0277 0964 PlugPlay - ok
00:50:01.0308 0964 [ 5C42FA1FCEA58C6F7D6614504BF88F4F ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
00:50:01.0308 0964 Pml Driver HPZ12 - ok
00:50:01.0340 0964 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
00:50:01.0355 0964 PNRPAutoReg - ok
00:50:01.0371 0964 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
00:50:01.0386 0964 PNRPsvc - ok
00:50:01.0418 0964 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:50:01.0433 0964 PolicyAgent - ok
00:50:01.0464 0964 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:50:01.0464 0964 PptpMiniport - ok
00:50:01.0480 0964 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
00:50:01.0480 0964 Processor - ok
00:50:01.0511 0964 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
00:50:01.0511 0964 ProfSvc - ok
00:50:01.0527 0964 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
00:50:01.0527 0964 ProtectedStorage - ok
00:50:01.0558 0964 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
00:50:01.0558 0964 PSched - ok
00:50:01.0605 0964 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
00:50:01.0636 0964 ql2300 - ok
00:50:01.0652 0964 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
00:50:01.0652 0964 ql40xx - ok
00:50:01.0698 0964 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
00:50:01.0698 0964 QWAVE - ok
00:50:01.0730 0964 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:50:01.0730 0964 QWAVEdrv - ok
00:50:01.0745 0964 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:50:01.0745 0964 RasAcd - ok
00:50:01.0761 0964 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
00:50:01.0776 0964 RasAuto - ok
00:50:01.0792 0964 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:50:01.0792 0964 Rasl2tp - ok
00:50:01.0808 0964 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
00:50:01.0823 0964 RasMan - ok
00:50:01.0839 0964 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:50:01.0839 0964 RasPppoe - ok
00:50:01.0886 0964 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:50:01.0886 0964 RasSstp - ok
00:50:01.0917 0964 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:50:01.0932 0964 rdbss - ok
00:50:01.0948 0964 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:50:01.0948 0964 RDPCDD - ok
00:50:01.0979 0964 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
00:50:01.0979 0964 rdpdr - ok
00:50:01.0995 0964 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:50:01.0995 0964 RDPENCDD - ok
00:50:02.0042 0964 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:50:02.0057 0964 RDPWD - ok
00:50:02.0104 0964 [ 6266D28705BC3F99E8BAC1F864C14E91 ] Recovery Service for Windows C:\Program Files (x86)\SMINST\BLService.exe
00:50:02.0120 0964 Recovery Service for Windows - ok
00:50:02.0151 0964 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:50:02.0166 0964 RemoteAccess - ok
00:50:02.0213 0964 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:50:02.0229 0964 RemoteRegistry - ok
00:50:02.0276 0964 [ 72C35598BA591ABDDC37FCE7D26FE1C4 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
00:50:02.0276 0964 RFCOMM - ok
00:50:02.0385 0964 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
00:50:02.0400 0964 RichVideo - ok
00:50:02.0416 0964 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
00:50:02.0432 0964 RpcLocator - ok
00:50:02.0510 0964 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
00:50:02.0510 0964 RpcSs - ok
00:50:02.0588 0964 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
00:50:02.0603 0964 RsFx0103 - ok
00:50:02.0619 0964 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:50:02.0634 0964 rspndr - ok
00:50:02.0697 0964 [ 170A66DFAAA22358E08D6F4B38C8F3DF ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
00:50:02.0728 0964 RTL8169 - ok
00:50:02.0744 0964 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
00:50:02.0744 0964 SamSs - ok
00:50:02.0775 0964 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:50:02.0775 0964 sbp2port - ok
00:50:02.0822 0964 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:50:02.0837 0964 SCardSvr - ok
00:50:02.0915 0964 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
00:50:03.0009 0964 Schedule - ok
00:50:03.0040 0964 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
00:50:03.0056 0964 SCPolicySvc - ok
00:50:03.0087 0964 [ B42EE50F7D24F837F925332EB349ECA5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
00:50:03.0118 0964 sdbus - ok
00:50:03.0149 0964 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:50:03.0149 0964 SDRSVC - ok
00:50:03.0180 0964 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:50:03.0196 0964 secdrv - ok
00:50:03.0227 0964 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
00:50:03.0243 0964 seclogon - ok
00:50:03.0274 0964 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
00:50:03.0290 0964 SENS - ok
00:50:03.0305 0964 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:50:03.0321 0964 Serenum - ok
00:50:03.0336 0964 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
00:50:03.0352 0964 Serial - ok
00:50:03.0383 0964 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
00:50:03.0399 0964 sermouse - ok
00:50:03.0446 0964 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
00:50:03.0446 0964 SessionEnv - ok
00:50:03.0461 0964 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:50:03.0477 0964 sffdisk - ok
00:50:03.0492 0964 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:50:03.0508 0964 sffp_mmc - ok
00:50:03.0524 0964 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:50:03.0524 0964 sffp_sd - ok
00:50:03.0539 0964 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
00:50:03.0555 0964 sfloppy - ok
00:50:03.0617 0964 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:50:03.0633 0964 SharedAccess - ok
00:50:03.0695 0964 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:50:03.0695 0964 ShellHWDetection - ok
00:50:03.0711 0964 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
00:50:03.0726 0964 SiSRaid2 - ok
00:50:03.0742 0964 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
00:50:03.0742 0964 SiSRaid4 - ok
00:50:03.0773 0964 [ DB0405D9AAD62F0762E0876AC142B7E1 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
00:50:03.0789 0964 SkypeUpdate - ok
00:50:03.0851 0964 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
00:50:03.0914 0964 slsvc - ok
00:50:03.0960 0964 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
00:50:03.0960 0964 SLUINotify - ok
00:50:03.0992 0964 [ B68385FD0CB677A1BB3EAB0BEB2999B7 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
00:50:03.0992 0964 SmartDefragDriver - ok
00:50:04.0023 0964 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:50:04.0023 0964 Smb - ok
00:50:04.0054 0964 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:50:04.0054 0964 SNMPTRAP - ok
00:50:04.0085 0964 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
00:50:04.0085 0964 spldr - ok
00:50:04.0101 0964 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
00:50:04.0116 0964 Spooler - ok
00:50:04.0179 0964 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
00:50:04.0226 0964 SQLAgent$SQLEXPRESS - ok
00:50:04.0319 0964 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NISx64\1308000.00E\SRTSP64.SYS
00:50:04.0335 0964 SRTSP - ok
00:50:04.0350 0964 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NISx64\1308000.00E\SRTSPX64.SYS
00:50:04.0366 0964 SRTSPX - ok
00:50:04.0397 0964 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
00:50:04.0413 0964 srv - ok
00:50:04.0444 0964 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:50:04.0444 0964 srv2 - ok
00:50:04.0475 0964 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:50:04.0475 0964 srvnet - ok
00:50:04.0522 0964 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:50:04.0553 0964 SSDPSRV - ok
00:50:04.0584 0964 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:50:04.0584 0964 SstpSvc - ok
00:50:04.0662 0964 [ 72EB6157E892A674E47E08732BB5CCE3 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe
00:50:04.0678 0964 STacSV - ok
00:50:04.0694 0964 Steam Client Service - ok
00:50:04.0740 0964 [ 0C7BDA7E9A329A071C080EB5210FE019 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
00:50:04.0772 0964 STHDA - ok
00:50:04.0803 0964 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
00:50:04.0881 0964 stisvc - ok
00:50:04.0943 0964 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
00:50:04.0943 0964 swenum - ok
00:50:04.0974 0964 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
00:50:05.0006 0964 swprv - ok
00:50:05.0021 0964 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
00:50:05.0021 0964 Symc8xx - ok
00:50:05.0068 0964 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS
00:50:05.0255 0964 SymDS - ok
00:50:05.0302 0964 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS
00:50:05.0349 0964 SymEFA - ok
00:50:05.0364 0964 [ 894579207E39C465737E850A252CE4F2 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
00:50:05.0380 0964 SymEvent - ok
00:50:05.0396 0964 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS
00:50:05.0489 0964 SymIRON - ok
00:50:05.0552 0964 [ A25FEE245C78804601D83431386A0BEE ] SYMTDIv C:\Windows\System32\Drivers\NISx64\1308000.00E\SYMTDIV.SYS
00:50:05.0583 0964 SYMTDIv - ok
00:50:05.0614 0964 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
00:50:05.0614 0964 Sym_hi - ok
00:50:05.0630 0964 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
00:50:05.0630 0964 Sym_u3 - ok
00:50:05.0676 0964 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
00:50:05.0708 0964 SysMain - ok
00:50:05.0739 0964 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:50:05.0739 0964 TabletInputService - ok
00:50:05.0786 0964 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:50:05.0786 0964 TapiSrv - ok
00:50:05.0801 0964 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
00:50:05.0801 0964 TBS - ok
00:50:05.0848 0964 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:50:05.0879 0964 Tcpip - ok
00:50:05.0926 0964 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
00:50:05.0942 0964 Tcpip6 - ok
00:50:05.0988 0964 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:50:05.0988 0964 tcpipreg - ok
00:50:06.0004 0964 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:50:06.0004 0964 TDPIPE - ok
00:50:06.0035 0964 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:50:06.0035 0964 TDTCP - ok
00:50:06.0066 0964 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:50:06.0066 0964 tdx - ok
00:50:06.0098 0964 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
00:50:06.0098 0964 TermDD - ok
00:50:06.0144 0964 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
00:50:06.0160 0964 TermService - ok
00:50:06.0191 0964 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
00:50:06.0191 0964 Themes - ok
00:50:06.0207 0964 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
00:50:06.0222 0964 THREADORDER - ok
00:50:06.0254 0964 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
00:50:06.0285 0964 TrkWks - ok
00:50:06.0363 0964 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:50:06.0363 0964 TrustedInstaller - ok
00:50:06.0410 0964 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:50:06.0441 0964 tssecsrv - ok
00:50:06.0456 0964 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
00:50:06.0456 0964 tunmp - ok
00:50:06.0488 0964 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:50:06.0488 0964 tunnel - ok
00:50:06.0566 0964 [ 4215ECFC15D265A8E6E1925084B80908 ] TVCapSvc C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
00:50:06.0566 0964 TVCapSvc - ok
00:50:06.0581 0964 [ F386D56F1B6D70E0E4E70E494975D279 ] TVSched C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
00:50:06.0597 0964 TVSched - ok
00:50:06.0628 0964 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
00:50:06.0628 0964 uagp35 - ok
00:50:06.0675 0964 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:50:06.0675 0964 udfs - ok
00:50:06.0706 0964 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:50:06.0722 0964 UI0Detect - ok
00:50:06.0737 0964 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:50:06.0753 0964 uliagpkx - ok
00:50:06.0784 0964 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
00:50:06.0784 0964 uliahci - ok
00:50:06.0800 0964 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
00:50:06.0800 0964 UlSata - ok
00:50:06.0815 0964 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
00:50:06.0815 0964 ulsata2 - ok
00:50:06.0831 0964 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:50:06.0831 0964 umbus - ok
00:50:06.0878 0964 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
00:50:06.0878 0964 upnphost - ok
00:50:06.0893 0964 USBAAPL64 - ok
00:50:06.0924 0964 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
00:50:06.0924 0964 usbaudio - ok
00:50:06.0971 0964 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:50:06.0971 0964 usbccgp - ok
00:50:07.0002 0964 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:50:07.0018 0964 usbcir - ok
00:50:07.0049 0964 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:50:07.0049 0964 usbehci - ok
00:50:07.0065 0964 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:50:07.0065 0964 usbhub - ok
00:50:07.0080 0964 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:50:07.0080 0964 usbohci - ok
00:50:07.0112 0964 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:50:07.0112 0964 usbprint - ok
00:50:07.0143 0964 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:50:07.0143 0964 usbscan - ok
00:50:07.0174 0964 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:50:07.0174 0964 USBSTOR - ok
00:50:07.0221 0964 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:50:07.0221 0964 usbuhci - ok
00:50:07.0236 0964 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
00:50:07.0252 0964 usbvideo - ok
00:50:07.0268 0964 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
00:50:07.0268 0964 UxSms - ok
00:50:07.0314 0964 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
00:50:07.0314 0964 vds - ok
00:50:07.0346 0964 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:50:07.0346 0964 vga - ok
00:50:07.0361 0964 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
00:50:07.0361 0964 VgaSave - ok
00:50:07.0377 0964 [ 4F964E6828156F0EF3FA8D3A9A7895DE ] viaide C:\Windows\system32\drivers\viaide.sys
00:50:07.0377 0964 viaide - ok
00:50:07.0392 0964 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:50:07.0408 0964 volmgr - ok
00:50:07.0439 0964 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:50:07.0439 0964 volmgrx - ok
00:50:07.0486 0964 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:50:07.0486 0964 volsnap - ok
00:50:07.0517 0964 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
00:50:07.0517 0964 vsmraid - ok
00:50:07.0580 0964 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
00:50:07.0626 0964 VSS - ok
00:50:07.0673 0964 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
00:50:07.0689 0964 W32Time - ok
00:50:07.0704 0964 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
00:50:07.0704 0964 WacomPen - ok
00:50:07.0736 0964 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
00:50:07.0736 0964 Wanarp - ok
00:50:07.0751 0964 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:50:07.0751 0964 Wanarpv6 - ok
00:50:07.0767 0964 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:50:07.0782 0964 wcncsvc - ok
00:50:07.0814 0964 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:50:07.0814 0964 WcsPlugInService - ok
00:50:07.0829 0964 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
00:50:07.0829 0964 Wd - ok
00:50:07.0876 0964 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:50:07.0892 0964 Wdf01000 - ok
00:50:07.0907 0964 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:50:07.0907 0964 WdiServiceHost - ok
00:50:07.0907 0964 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:50:07.0923 0964 WdiSystemHost - ok
00:50:07.0954 0964 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
00:50:07.0954 0964 WebClient - ok
00:50:07.0985 0964 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:50:07.0985 0964 Wecsvc - ok
00:50:08.0001 0964 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:50:08.0016 0964 wercplsupport - ok
00:50:08.0032 0964 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
00:50:08.0032 0964 WerSvc - ok
00:50:08.0048 0964 WinDefend - ok
00:50:08.0048 0964 WinHttpAutoProxySvc - ok
00:50:08.0110 0964 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:50:08.0110 0964 Winmgmt - ok
00:50:08.0172 0964 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
00:50:08.0250 0964 WinRM - ok
00:50:08.0282 0964 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
00:50:08.0297 0964 Wlansvc - ok
00:50:08.0391 0964 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:50:08.0422 0964 wlidsvc - ok
00:50:08.0453 0964 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
00:50:08.0453 0964 WmiAcpi - ok
00:50:08.0500 0964 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:50:08.0500 0964 wmiApSrv - ok
00:50:08.0516 0964 WMPNetworkSvc - ok
00:50:08.0531 0964 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:50:08.0547 0964 WPCSvc - ok
00:50:08.0578 0964 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:50:08.0578 0964 WPDBusEnum - ok
00:50:08.0687 0964 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:50:08.0703 0964 WPFFontCache_v0400 - ok
00:50:08.0718 0964 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:50:08.0734 0964 ws2ifsl - ok
00:50:08.0765 0964 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
00:50:08.0765 0964 wscsvc - ok
00:50:08.0765 0964 WSearch - ok
00:50:08.0843 0964 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
00:50:08.0890 0964 wuauserv - ok
00:50:08.0921 0964 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:50:08.0921 0964 WUDFRd - ok
00:50:08.0952 0964 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:50:08.0968 0964 wudfsvc - ok
00:50:08.0984 0964 [ 07F7285220307AAFB755D890295F0F9A ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
00:50:08.0999 0964 yukonx64 - ok
00:50:08.0999 0964 ================ Scan global ===============================
00:50:09.0046 0964 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
00:50:09.0077 0964 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
00:50:09.0093 0964 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
00:50:09.0140 0964 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
00:50:09.0140 0964 [Global] - ok
00:50:09.0140 0964 ================ Scan MBR ==================================
00:50:09.0155 0964 [ 5C86ADEC17B739C437E145E3B3FC2E6D ] \Device\Harddisk0\DR0
00:50:09.0452 0964 \Device\Harddisk0\DR0 - ok
00:50:09.0452 0964 ================ Scan VBR ==================================
00:50:09.0452 0964 [ 2CCC589F00F233E0ECEB76F37B3A2DA4 ] \Device\Harddisk0\DR0\Partition1
00:50:09.0452 0964 \Device\Harddisk0\DR0\Partition1 - ok
00:50:09.0452 0964 [ EAC567D85C6F5D93EC90AF456D71B349 ] \Device\Harddisk0\DR0\Partition2
00:50:09.0452 0964 \Device\Harddisk0\DR0\Partition2 - ok
00:50:09.0467 0964 ============================================================
00:50:09.0467 0964 Scan finished
00:50:09.0467 0964 ============================================================
00:50:09.0467 0756 Detected object count: 0
00:50:09.0467 0756 Actual detected object count: 0
00:51:50.0103 0472 Deinitialize success

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:14 PM

Posted 02 September 2012 - 08:15 AM

Greetings mikako17,

So I am now running my laptop on Safe Mode with networking enabled

Is this because Windows will not boot into Normal Mode, or because you have chosen to boot into Safe Mode?

If you are able to boot into Normal Mode please do the following. If not please let me know.


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

===================================================


Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

  • Please download ComboFix from one of these locations:

    BleepingComputer

    ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.

    Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.

    • Check your computer clock. If it is still running then so is ComboFix
    • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
    • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
    Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Rkill log
  • Combofix.txt
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 mikako17

mikako17
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 02 September 2012 - 11:42 AM

So I can run in normal mode, I just chose to do it in Safe Mode because I thought it'd be better that way. So here's RKill:


Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/02/2012 10:52:31 AM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Maivboon\Desktop\rkill\rkill-09-02-2012-10-53-02.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/02/2012 10:53:14 AM
Execution time: 0 hours(s), 0 minute(s), and 43 seconds(s)

And here's Combo:

ComboFix 12-09-01.01 - Maivboon 09/02/2012 11:10:06.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2270 [GMT -5:00]
Running from: c:\users\Maivboon\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))
.
.
2012-09-02 16:27 . 2012-09-02 16:27 -------- d-----w- c:\users\Maivboon\AppData\Local\temp
2012-09-02 16:27 . 2012-09-02 16:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-02 16:27 . 2012-09-02 16:27 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-02 05:56 . 2012-09-02 05:56 -------- d-----w- c:\program files (x86)\NirSoft
2012-09-01 19:35 . 2012-09-01 19:35 -------- d-----w- C:\FRST
2012-08-20 14:33 . 2012-08-20 14:37 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner
2012-08-20 14:21 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5FC0608F-5D0B-4173-B884-3F123EBEF8CC}\mpengine.dll
2012-08-20 06:44 . 2012-08-20 06:44 -------- d-----w- c:\program files\Microsoft ATS
2012-08-20 06:44 . 2012-06-02 00:03 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-08-20 06:43 . 2012-06-02 00:05 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-08-20 06:43 . 2012-06-02 00:04 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-08-20 06:43 . 2012-06-02 00:22 347136 ----a-w- c:\windows\system32\schannel.dll
2012-08-20 06:43 . 2012-06-04 15:29 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-08-20 06:43 . 2012-06-02 00:22 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-08-20 06:19 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-08-20 06:19 . 2012-06-05 16:22 974848 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-08-20 05:25 . 2012-07-04 14:33 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-08-20 05:24 . 2012-08-20 05:24 -------- d-----w- c:\users\Maivboon\AppData\Roaming\HPAppData
2012-08-20 05:07 . 2012-08-20 05:07 -------- d-----w- C:\a18c476f78e97c8caf17
2012-08-20 05:04 . 2012-08-20 05:04 -------- d-----w- C:\03fe9c998ec1445c21a9116c
2012-08-20 04:24 . 2012-08-20 04:25 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-08-20 04:24 . 2012-08-20 04:24 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-08-20 04:24 . 2012-08-20 04:24 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-08-20 04:24 . 2012-08-20 04:24 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-08-20 04:24 . 2012-08-20 04:24 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-08-20 04:24 . 2012-08-20 04:24 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-08-20 04:24 . 2012-08-20 04:24 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-08-20 04:24 . 2012-08-20 04:24 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-08-20 04:24 . 2012-08-20 04:24 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-08-20 04:24 . 2012-08-20 04:24 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-08-20 04:15 . 2012-04-11 20:17 2594632 ----a-r- c:\program files (x86)\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL
2012-08-20 03:45 . 2012-05-11 16:34 788480 ----a-w- c:\windows\system32\localspl.dll
2012-08-20 03:45 . 2012-05-11 15:57 623616 ----a-w- c:\windows\SysWow64\localspl.dll
2012-08-20 03:25 . 2012-08-20 03:29 -------- d-----w- c:\windows\system32\drivers\NISx64\1308000.00E
2012-08-20 03:16 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll
2012-08-20 03:14 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-08-20 03:14 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-08-20 03:14 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-08-20 03:14 . 2012-06-05 16:22 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-08-20 03:14 . 2012-06-05 16:22 1869824 ----a-w- c:\windows\system32\msxml3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-20 03:28 . 2012-04-13 22:00 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-20 03:28 . 2011-05-13 22:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 09:27 . 2006-11-02 12:35 62134624 ----a-w- c:\windows\system32\mrt.exe
2012-06-07 01:59 . 2012-06-07 01:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Maivboon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Maivboon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Maivboon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Maivboon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-20 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-4 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-20 250056]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 03:28]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 02:07]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 02:07]
.
2012-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-577457521-1064095309-926075012-1000Core.job
- c:\users\Maivboon\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-10 18:01]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-577457521-1064095309-926075012-1000UA.job
- c:\users\Maivboon\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-10 18:01]
.
2012-08-20 c:\windows\Tasks\HPCeeScheduleForMaivboon.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 10:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Maivboon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Maivboon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Maivboon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Maivboon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-12-19 247808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 153624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 225816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 200216]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-04 442368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: {E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758} - hxxps://mygroups2.stanford.edu/SSEBanking/DynamicWebTWAIN.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Maivboon\AppData\Roaming\Mozilla\Firefox\Profiles\7qc3dfe3.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.stanford.edu/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=60637&p=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.4.131\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e9,f0,cf,a4,93,7e,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,9a,aa,fc,a1,f4,18,43,a2,06,e1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,9a,aa,fc,a1,f4,18,43,a2,06,e1,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-09-02 11:32:50
ComboFix-quarantined-files.txt 2012-09-02 16:32
.
Pre-Run: 140,010,618,880 bytes free
Post-Run: 142,389,927,936 bytes free
.
- - End Of File - - C4A504CD23B6AB989DEB619073631CD1

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:14 PM

Posted 02 September 2012 - 01:25 PM

Greetings mikako17,

Did you set this proxy, or possibly set by your school?

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>


Let's see if you can run DDS successfully.

Are you experiencing any issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 mikako17

mikako17
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 02 September 2012 - 03:13 PM

I haven't set up a proxy and I don't think the school has either since I'm not at school yet. I was able to run DDS and here's the log, as mentioned in the Prep Guide, the Attach.txt file is attached.

Edit: And my laptop is running okay, but I haven't really tried anything since I got it back from Geek Squad.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Maivboon at 15:00:22 on 2012-09-02
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2623 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
C:\Windows\SysWOW64\nisvcloc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
BHO: {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - No File
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758} - hxxps://mygroups2.stanford.edu/SSEBanking/DynamicWebTWAIN.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9841B59B-1B1B-46A1-8399-1C923BB8FE00} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F8A30777-FFEE-47B2-95A5-FE01E3378AE0} : DhcpNameServer = 168.94.0.14 168.94.0.15
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - No File
BHO-X64: EmailBHO - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Hosts: 10.254.254.253 AFS
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Maivboon\AppData\Roaming\Mozilla\Firefox\Profiles\7qc3dfe3.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.stanford.edu/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=60637&p=
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120823.007\BHDrvx64.sys [2012-9-2 1161376]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120831.001\IDSviA64.sys [2012-9-2 512672]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMTDIV.SYS [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-5-1 913792]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2010-1-20 20376]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe [2012-8-19 138272]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\SymcPCCULaunchSvc.exe [2012-1-12 177080]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe [2012-1-12 126392]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-6-1 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-2-4 296320]
R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-2-24 116104]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-20 138912]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-29 135664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 250568]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-6-1 227896]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-12-15 1030600]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-29 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-19 129976]
S3 netr7364;Linksys Compact Wireless-G USB Adapter Driver for Vista;C:\Windows\system32\DRIVERS\WUSB54GCx64.sys --> C:\Windows\system32\DRIVERS\WUSB54GCx64.sys [?]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
S3 NiRioRpc;National Instruments RIO Server; [x]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-4 89920]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-09-02 19:56:59 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-02 16:32:53 -------- d-----w- C:\Users\Maivboon\AppData\Local\temp
2012-09-02 16:05:35 98816 ----a-w- C:\Windows\sed.exe
2012-09-02 16:05:35 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-02 16:05:35 256000 ----a-w- C:\Windows\PEV.exe
2012-09-02 16:05:35 208896 ----a-w- C:\Windows\MBR.exe
2012-09-02 05:56:12 -------- d-----w- C:\Program Files (x86)\NirSoft
2012-09-01 19:35:59 -------- d-----w- C:\FRST
2012-08-20 14:33:06 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner
2012-08-20 14:21:47 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5FC0608F-5D0B-4173-B884-3F123EBEF8CC}\mpengine.dll
2012-08-20 06:44:42 -------- d-----w- C:\Program Files\Microsoft ATS
2012-08-20 06:44:00 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-08-20 06:43:56 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-08-20 06:43:53 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-08-20 06:43:52 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-08-20 06:43:51 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-08-20 06:43:51 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-08-20 06:19:50 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-08-20 06:19:50 708608 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-08-20 05:25:18 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-08-20 05:07:52 -------- d-----w- C:\a18c476f78e97c8caf17
2012-08-20 05:04:42 -------- d-----w- C:\03fe9c998ec1445c21a9116c
2012-08-20 04:24:59 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-08-20 04:24:41 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-08-20 04:24:40 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-08-20 04:24:39 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-08-20 04:24:39 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-08-20 04:24:39 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-08-20 04:24:39 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-08-20 04:24:39 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-08-20 04:24:39 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-08-20 04:24:38 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-08-20 04:15:33 2594632 ----a-r- C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL
2012-08-20 03:45:05 788480 ----a-w- C:\Windows\System32\localspl.dll
2012-08-20 03:45:04 623616 ----a-w- C:\Windows\SysWow64\localspl.dll
2012-08-20 03:25:59 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtsp64.sys
2012-08-20 03:25:59 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1308000.00E\symds64.sys
2012-08-20 03:25:59 445560 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\symtdiv.sys
2012-08-20 03:25:59 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\symnets.sys
2012-08-20 03:25:59 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtspx64.sys
2012-08-20 03:25:59 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\ironx64.sys
2012-08-20 03:25:59 167072 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\ccsetx64.sys
2012-08-20 03:25:59 1129120 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\symefa64.sys
2012-08-20 03:25:36 -------- d-----w- C:\Windows\System32\drivers\NISx64\1308000.00E
2012-08-20 03:14:00 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-08-20 03:14:00 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-08-20 03:14:00 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-08-20 03:14:00 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
.
==================== Find3M ====================
.
2012-09-02 16:39:14 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-02 16:39:14 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-28 03:28:35 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-28 03:21:17 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-28 03:20:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-28 03:16:25 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-28 03:12:35 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-28 00:27:12 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-28 00:19:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-28 00:18:16 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-28 00:12:08 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-28 00:07:44 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-07 01:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
.
============= FINISH: 15:05:07.97 ===============

Attached Files


Edited by mikako17, 02 September 2012 - 03:14 PM.


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:14 PM

Posted 02 September 2012 - 04:05 PM

Greetings mikako17,

Glad DDS runs now. There are a few things to address.


===================================================


Use of Registry Cleaner Not Recommended

--------------------

I notice you have Eusing Free Registry Cleaner installed on your computer.

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    • The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
  • Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

If you persist in using a registry cleaner you should always backup the registry before doing so.


===================================================


P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.


===================================================


Running Combofix Script

-------------------

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text below into the Notepad document

    DDS::
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Norton Identity Protection - No File
    BHO-X64: EmailBHO - No File
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    

  • Save this on your desktop as CFScript.txt.


    Posted Image

  • Referring to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix.txt
  • I would like you to enable Norton, run your computer normally for a bit and let me know how it does

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users