Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible mbr virus - please help


  • This topic is locked This topic is locked
27 replies to this topic

#1 jeeper31

jeeper31

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 05 November 2012 - 10:06 AM

You guys have been awesome in the past and I was hoping not to need your help again but unfortunately I do.

My desktop is gone except for the recycle bin and the Office 2010 shortcut. My programs in the start menu are gone. I am getting a File Restore windw one which says Hard drive boot sector reading error - Critical. System blocks were not found - Critical. The DRm attribute is too small before disk scan. Error 0x00000024 - NTFS_Fike_System - Dangerous. And a few others. I am assuming this is a virus.

In addition I have about 50 System Message -Write Fault Error windows open stating "a write command during the test has failed to complete. this may be due to media or read/write error. The system genres an exception error when using reference to an invalid system memory address.

There also seems to be a network event trying to open called "Uniblue speeduomypc monitor" it is recommended to allow and says it is trying to act as a server.

This is the new computer that brought cause of the last virus and don't want to get another.

I look forward to your reply.

Thanks.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 PM

Posted 05 November 2012 - 09:31 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jeeper31

jeeper31
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 05 November 2012 - 10:12 PM

HI and thanks for getting back to me. I did run Malwarebyes and TDSSkiller and then ubhide program. It seemed to bring a lot of my things back and the windows stopped popping up. The media finder program is still on there. I will run the defogger now.

Thanks again.

Dan

#4 jeeper31

jeeper31
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 05 November 2012 - 10:17 PM

Here is the result of the Security Check.

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton Internet Security
AntiVir Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X 10.1.3 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#5 jeeper31

jeeper31
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 05 November 2012 - 10:19 PM

And here's the dds.scr

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-05.02)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/5/2012 11:37:13 PM
System Uptime: 11/5/2012 7:39:35 PM (3 hours ago)
.
Motherboard: PEGATRON CORPORATION | | 2AB5
Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz | CPU 1 | 1581/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 919 GiB total, 219.279 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.483 GiB free.
E: is CDROM ()
F: is Removable
H: is Removable
L: is FIXED (NTFS) - 1863 GiB total, 693.445 GiB free.
P: is Removable
Q: is Removable
R: is Removable
S: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP81: 10/10/2012 3:00:25 AM - Windows Update
RP82: 10/14/2012 7:43:02 PM - Windows Backup
RP83: 10/21/2012 7:56:57 PM - Windows Backup
RP84: 10/26/2012 10:20:03 PM - HPSF Restore Point
RP85: 10/28/2012 7:00:28 PM - Windows Backup
RP86: 11/5/2012 6:55:17 AM - Windows Backup
RP87: 11/5/2012 1:25:11 PM - Restore Operation
.
==== Installed Programs ======================
.
µTorrent
35mm Film Scanner X64
802.11n Wireless LAN Card
Adobe AIR
Adobe Anchor Service CS4
Adobe Community Help
Adobe CSI CS4
Adobe Flash Player 11 ActiveX
Adobe Photoshop CS4
Adobe Photoshop CS6
Adobe Photoshop Elements 10
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 10
Adobe Reader X (10.1.3)
Adobe Setup
Agatha Christie - Peril at End House
AMD APP SDK Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
AudioBox USB driver
AuthenTec TrueAPI
Avira Premium Security Suite
AXWare For Windows (Timing and Scoring)
AXWare TS (Timing and Scoring)
BabylonObjectInstaller
Bejeweled 3
Bing Bar
Blackhawk Striker 2
Blasterball 3
Blio
Bonjour
Bounce Symphony
Cake Mania
Canon Utilities Easy-PhotoPrint
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Desktop
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDDRV_Installer
Chronicles of Albian
Chuzzle Deluxe
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
Claro LTD toolbar on IE
Coupon Printer for Windows
Cradle of Rome 2
CyberLink PowerDVD 10
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DetectorTools
Elements 10 Organizer
erLT
EZdrummer Lite Installer
Farm Frenzy
FATE
Finale 2011
Fitbit Base Station (Driver Removal)
Fitbit v2.1.0.8
Garmin Communicator Plugin x64
Garmin Lifetime Updater
GEAR driver installer for x64 WinXP
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.1.2.0
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Games
HP Keyboard
HP LinkUp
HP MovieStore
HP Odometer
HP Photo Creations
HP Photosmart 7510 series Basic Device Software
HP Photosmart 7510 series Help
HP Remote Solution
HP Setup
HP Setup Manager
HP SimplePass PE 2011
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
HydraVision
iCloud
IDT Audio
Intel® Identity Protection Technology 1.1.2.0
Intel® Management Engine Components
Internet TV for Windows Media Center
iTunes
Java Auto Updater
Java™ 6 Update 31
Jewel Quest: The Sleepless Star - Collector's Edition
Junk Mail filter update
KhalInstallWrapper
Kobo
LabelPrint
LilyPond
Logitech SetPoint
MagicTunePremium
Mah Jong Medley
Malwarebytes Anti-Malware version 1.65.1.1000
Media Finder 1.0.9.31
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Mathematics
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MultiScreen
MuseScore 1.2 MuseScore score typesetter
Mystery of Mortlake Mansion
Namco All-Stars: PAC-MAN
Netflix in Windows Media Center
Norton Internet Security
Norton Online Backup
Online Plug-in
PDF Complete Special Edition
PDF Settings CS6
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Polar Precision Performance SW 4
Polar UpLink Tool
Power2Go
PRE10STI64Installer
PreSonus Studio One 2 x64
PreSonus Studio One x64
PressReader
PSE10 STI Installer
QuickTime
Recovery Manager
Remote Graphics Receiver
Renesas Electronics USB 3.0 Host Controller Driver
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Self-service Plug-in
Sibelius Scorch (ActiveX Only)
Slingo Supreme
SmartSound Common Data
SmartSound Premiere Elements 10 x64 Plugin
SmartSound Sonicfire Pro 5
Suite Shared Configuration CS4
Uniblue SpeedUpMyPC
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
uTorrentControl2 Toolbar
Vacation Quest - The Hawaiian Islands
VIP Access SDK (1.0.1.4)
Virtual Villagers 5 - New Believers
WeatherBug
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Media Center Add-in for Silverlight
WinRAR 4.11 (64-bit)
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
11/5/2012 9:32:33 AM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/5/2012 9:32:33 AM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/5/2012 9:32:33 AM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024846.
11/5/2012 9:32:33 AM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
11/5/2012 9:32:33 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.
11/5/2012 9:32:33 AM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80070032.
11/5/2012 9:18:31 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
11/5/2012 9:18:31 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/5/2012 9:17:35 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Biometric Service service to connect.
11/5/2012 9:17:35 AM, Error: Service Control Manager [7000] - The Windows Biometric Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/5/2012 6:54:48 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
11/5/2012 10:33:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
11/5/2012 10:33:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/5/2012 10:31:41 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/5/2012 10:31:40 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/5/2012 10:31:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/5/2012 10:31:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/5/2012 10:31:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/5/2012 10:31:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/5/2012 10:31:28 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb BHDrvx64 ccSet_NIS ctxusbm discache IDSVia64 MagicTune spldr SRTSPX SymIRON SymNetS Wanarpv6
11/5/2012 1:51:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MagicTune
11/5/2012 1:50:35 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\MTiCtwl.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/3/2012 8:35:34 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Dan-HP\Dan SID (S-1-5-21-292792581-748624849-1270849434-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/3/2012 7:59:28 PM, Error: Service Control Manager [7001] - The Avira AntiVir WebGuard service depends on the Avira AntiVir Guard service which failed to start because of the following error: The operation completed successfully.
11/3/2012 7:59:28 PM, Error: Service Control Manager [7001] - The Avira AntiVir MailGuard service depends on the Avira AntiVir Guard service which failed to start because of the following error: The operation completed successfully.
11/2/2012 6:49:55 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Dan-HP\Dan SID (S-1-5-21-292792581-748624849-1270849434-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/2/2012 6:49:55 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Dan-HP\Dan SID (S-1-5-21-292792581-748624849-1270849434-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

#6 jeeper31

jeeper31
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 05 November 2012 - 10:21 PM

Log 2:


DDS (Ver_2012-11-05.02) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by Dan at 22:14:11 on 2012-11-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6123.4183 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: Avira FireWall *Enabled* {31341D0C-2EA1-6D37-1CC3-F0344A49C2CC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Fitbit\fitbit.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe
C:\Program Files\IDT\WDM\beats64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\hp\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\MultiScreen\MultiScreen.exe
C:\Program Files (x86)\Media Finder\Media Finder.exe
C:\Program Files (x86)\Fitbit\fitbit-tray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\hp\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\mcGlidHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_4_402_287_ActiveX.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
mWinlogon: Userinit = userinit.exe,
BHO: Claro LTD Helper Object: {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: CtxIEInterceptorBHO Class: {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
TB: Claro LTD Toolbar: {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [HP Photosmart 7510 series (NET)] "C:\Program Files\hp\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1CJ354PF05PX:NW" -scfn "HP Photosmart 7510 series (NET)" -AutoStart 1
uRun: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe
uRun: [Google Update] "C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [SpeedUpMyPC] "C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000
uRun: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray
uRun: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [MagicTuneEngine] C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Dan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMMAT~1.LNK - C:\Program Files (x86)\MagicTune Premium\GammaTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{31BEB1B7-0AC8-47D8-9672-4ABF920FAA89} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D3E79299-6216-47FE-A12F-C586B14488A0} : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Plugin for Media Finder: {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\Dan\AppData\Roaming\Media Finder\Extensions\IEPlugin64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-8-16 55856]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys [2012-10-1 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys [2012-10-1 1129120]
R1 avfwot;avfwot;C:\Windows\System32\drivers\avfwot.sys [2012-3-7 131336]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20110519.002\BHDrvx64.sys [2011-10-13 1143416]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys [2012-10-1 167072]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-2-14 93272]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20110519.031\IDSviA64.sys [2011-10-13 488056]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys [2012-10-1 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309000.009\symnets.sys [2012-10-1 405624]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-12 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-10-12 203776]
R2 AntiVirFirewallService;Avira FireWall;C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-3-7 567464]
R2 AntiVirMailService;Avira AntiVir MailGuard;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-3-7 340136]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-3-7 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-3-7 269480]
R2 AntiVirWebService;Avira AntiVir WebGuard;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-3-7 428200]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-3-7 88288]
R2 Fitbit;Fitbit Data Uploader;C:\Program Files (x86)\Fitbit\fitbit.exe [2012-9-1 770080]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-6-9 264008]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-5 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-5 676936]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [2012-10-1 138272]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-10-13 1128952]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-12 2656280]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-10-12 114704]
R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\System32\drivers\avfwim.sys [2012-3-7 101984]
R3 HCW723x;Hauppauge WinTV 723x PCIe Card;C:\Windows\System32\drivers\HCW723x.sys [2011-10-12 1843712]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-5 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-10-12 1360960]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-19 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-19 181248]
R3 PRESONUS_AUDIOBOX_MIDI;Presonus AudioBox WDM MIDI Device;C:\Windows\System32\drivers\psabusbm.sys [2012-3-12 37496]
R3 PRESONUS_AUDIOBOX_USB;Presonus AudioBox USB driver;C:\Windows\System32\drivers\psabusbu.sys [2012-3-12 462968]
R3 PRESONUS_AUDIOBOX_WDM;Presonus AudioBox USB WDM;C:\Windows\System32\drivers\psabusba.sys [2012-3-12 50808]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-12 471144]
R3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2011-10-12 131656]
R3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2011-10-12 399944]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/10/12 22:03:34;C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [2011-2-24 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 OV550I;35mm Film Scanner;C:\Windows\System32\drivers\FilmScan.sys [2008-2-21 196992]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2011-10-13 31152]
S3 SIUSBXP;SIUSBXP;C:\Windows\System32\drivers\SiUSBXp.sys [2012-9-1 26856]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-7 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-11-05 15:37:18 -------- d-----w- C:\Users\Dan\AppData\Roaming\Malwarebytes
2012-11-05 15:37:05 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-05 15:37:04 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-05 15:37:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-09 10:34:37 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-10-09 10:34:04 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-09 10:34:04 -------- d-----w- C:\Program Files\iTunes
2012-10-09 10:34:04 -------- d-----w- C:\Program Files\iPod
2012-10-09 10:34:04 -------- d-----w- C:\Program Files (x86)\iTunes
2012-10-09 10:32:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-10-09 10:32:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-10-09 10:32:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-10-09 10:32:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-10-09 10:32:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-10-09 10:32:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-10-09 10:32:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2012-11-05 18:51:30 151552 ----a-w- C:\Windows\KMSEmulator.exe
2012-10-08 23:18:02 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 23:18:02 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
.
============= FINISH: 22:14:25.64 ===============

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 PM

Posted 05 November 2012 - 10:22 PM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 jeeper31

jeeper31
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 05 November 2012 - 11:36 PM

adwaRE LOG:

# AdwCleaner v2.006 - Logfile created 11/05/2012 at 23:25:07
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dan - DAN-HP
# Boot Mode : Normal
# Running from : C:\Users\Dan\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Public\Desktop\Media Finder.lnk
Folder Deleted : C:\Program Files (x86)\Claro LTD
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Media Finder
Folder Deleted : C:\Program Files (x86)\uTorrentControl2
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Dan\AppData\Local\Conduit
Folder Deleted : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Deleted : C:\Users\Dan\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dan\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Dan\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Dan\AppData\Roaming\BabylonToolbar
Folder Deleted : C:\Users\Dan\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Dan\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com
Folder Deleted : C:\Users\Dan\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Claro LTD
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\incredibar.com
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\Claro LTD
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3F39D17D-50C7-4AC4-A63A-CDF6CDBD0C61}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook
Key Deleted : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{71E3A30E-9444-49D9-ABDB-B4B531D0BBA3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\Software\uTorrentControl2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B34E1228-FED9-43CB-96F7-79228657E4DD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C94DCB46-4897-4A8E-9FF1-23027CE59CD4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\claro
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.983] : homepage = "hxxp://isearch.claro-search.com/?affID=115131&tt=3312_8&babsrc=HP_iclro&mntrId=14104c12000000000000ac8112c5c6c2",
Deleted [l.1431] : urls_to_restore_on_startup ="session": {"restore_on_startup": 4, [ "hxxp://isearch.claro-search.com/?affID=115131&tt=3312_8&babsrc=HP_iclro&mntrId=14104c12000000000000ac8112c5c6c2" ]},

*************************

AdwCleaner[S1].txt - [347 octets] - [05/11/2012 23:04:51]
AdwCleaner[S2].txt - [9603 octets] - [05/11/2012 23:25:07]

########## EOF - C:\AdwCleaner[S2].txt - [9663 octets] ##########

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 PM

Posted 05 November 2012 - 11:40 PM

did you run the rougekiller program?


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 jeeper31

jeeper31
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 05 November 2012 - 11:43 PM

Here's the roguekiller
RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dan [Admin rights]
Mode : Remove -- Date : 11/05/2012 23:36:33

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[STARTUP][BLACKLIST DLL] Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk @Dan : C:\Windows\system32\RunDll32.exe|"C:\Program Files\HP\HP Photosmart 7510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1CJ354PF05PX;CONNECTION=NW;MONITOR=1; -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721010CLA632 +++++
--- User ---
[MBR] d7524287a82c37e05df8bb4047c59f39
[BSP] e70faed360b135171ca5262733506a01 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 941359 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1928110080 | Size: 12408 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 4e4d54b0ce05d37af8651941a410c554
[BSP] b8a742ef472d230ce0b22c388b8a1d8e : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 226125824 | Size: 300 Mo

Finished : << RKreport[2]_D_11052012_02d2336.txt >>
RKreport[1]_S_11052012_02d2336.txt ; RKreport[2]_D_11052012_02d2336.txt

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 PM

Posted 05 November 2012 - 11:46 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 jeeper31

jeeper31
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 06 November 2012 - 12:01 AM

Here's the combofix log:

ComboFix 12-11-05.03 - Dan 11/05/2012 23:50:10.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6123.4074 [GMT -5:00]
Running from: c:\users\Dan\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Avira FireWall *Disabled* {31341D0C-2EA1-6D37-1CC3-F0344A49C2CC}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\CouponAlert_2pEI
c:\program files (x86)\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll
c:\program files (x86)\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll
c:\program files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll
c:\programdata\Z4Q5uJxES0GnOe
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{478E8C36-5D47-481C-944A-BB66ECC555D4}.xps
.
.
((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))
.
.
2012-11-06 04:54 . 2012-11-06 04:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-05 15:37 . 2012-11-05 15:37 -------- d-----w- c:\users\Dan\AppData\Roaming\Malwarebytes
2012-11-05 15:37 . 2012-11-05 15:37 -------- d-----w- c:\programdata\Malwarebytes
2012-11-05 15:37 . 2012-11-05 18:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-05 15:37 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-09 10:34 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-09 10:34 . 2012-10-09 10:34 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-09 10:34 . 2012-10-09 10:34 -------- d-----w- c:\program files\iTunes
2012-10-09 10:34 . 2012-10-09 10:34 -------- d-----w- c:\program files (x86)\iTunes
2012-10-09 10:34 . 2012-10-09 10:34 -------- d-----w- c:\program files\iPod
2012-10-09 10:32 . 2012-10-09 10:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-10-09 10:32 . 2012-10-09 10:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-10-09 10:32 . 2012-10-09 10:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-10-09 10:32 . 2012-10-09 10:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-10-09 10:32 . 2012-10-09 10:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-10-09 10:32 . 2012-10-09 10:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-10-09 10:32 . 2012-10-09 10:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-10-09 10:32 . 2012-10-09 10:32 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-06 04:27 . 2012-04-02 01:42 151552 ----a-w- c:\windows\KMSEmulator.exe
2012-10-31 11:35 . 2012-03-18 02:57 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-10-31 11:35 . 2012-03-18 02:57 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-10-31 11:35 . 2012-03-18 02:57 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-10-08 23:18 . 2012-05-08 10:09 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 23:18 . 2011-10-13 05:01 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-25 12:26 . 2012-09-25 12:26 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-09-25 12:26 . 2012-08-31 11:15 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-09-25 12:25 . 2012-08-31 11:15 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-09-25 12:25 . 2012-09-25 12:25 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-08-24 11:15 . 2012-09-23 07:00 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-23 07:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-23 07:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-23 07:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-23 07:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-23 07:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-23 07:00 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-23 07:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-23 07:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-23 07:00 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-23 07:00 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-23 07:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-23 07:00 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-23 07:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-23 07:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-23 07:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-23 07:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-23 07:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-23 07:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 07:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 07:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-23 07:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 05:04 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 05:04 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 05:04 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 05:04 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 00:04 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 17:01 . 2012-04-09 19:12 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2012-04-09 19:12 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 02:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"HP Photosmart 7510 series (NET)"="c:\program files\hp\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe" [2011-08-31 2676584]
"MultiScreen"="c:\program files (x86)\MultiScreen\MultiScreen.exe" [2009-08-11 303104]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736]
"SpeedUpMyPC"="c:\program files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" [2012-07-08 68504]
"Fitbit Service Monitor"="c:\program files (x86)\Fitbit\fitbit-tray.exe" [2012-04-11 2177056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-01 336384]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe" [2009-04-04 385024]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-05 658424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2011-09-28 1039872]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"MagicTuneEngine"="c:\program files (x86)\MagicTune Premium\MagicTuneEngine.exe" [2009-05-08 58368]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-04-05 371864]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GammaTray.lnk - c:\program files (x86)\MagicTune Premium\GammaTray.exe [2012-3-9 36864]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-3-6 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/10/12 22:03;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 OV550I;35mm Film Scanner;c:\windows\system32\Drivers\FilmScan.sys [2008-02-22 196992]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-10-13 31152]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2012-04-02 26856]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-07 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [2011-05-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2011-07-21 131336]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20110519.002\BHDrvx64.sys [2011-05-13 1143416]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [2012-06-07 167072]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2012-02-14 93272]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20110519.031\IDSVia64.sys [2011-05-13 488056]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [2012-04-18 405624]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-01 203776]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-07-21 567464]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-07-21 340136]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-07-21 428200]
S2 Fitbit;Fitbit Data Uploader;c:\program files (x86)\Fitbit\fitbit.exe [2012-04-11 770080]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-06-09 264008]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-05 1128952]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-31 114704]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2011-07-21 101984]
S3 HCW723x;Hauppauge WinTV 723x PCIe Card;c:\windows\system32\DRIVERS\HCW723x.sys [2011-06-02 1843712]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2009-06-17 74256]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2009-06-17 13328]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-04-22 1360960]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 PRESONUS_AUDIOBOX_MIDI;Presonus AudioBox WDM MIDI Device;c:\windows\system32\drivers\psabusbm.sys [2009-12-04 37496]
S3 PRESONUS_AUDIOBOX_USB;Presonus AudioBox USB driver;c:\windows\system32\Drivers\psabusbu.sys [2009-12-04 462968]
S3 PRESONUS_AUDIOBOX_WDM;Presonus AudioBox USB WDM;c:\windows\system32\drivers\psabusba.sys [2009-12-04 50808]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [2011-04-20 131656]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [2011-04-20 399944]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 23:18]
.
2012-11-06 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-10-09 10:23]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-08 22:28]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-08 22:28]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-292792581-748624849-1270849434-1001Core.job
- c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-06 22:08]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-292792581-748624849-1270849434-1001UA.job
- c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-06 22:08]
.
2012-11-06 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-11-03 c:\windows\Tasks\HPCeeScheduleForDan.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-11-06 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-08-19 11:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2010-10-21 37888]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-10 1128448]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-09-03 444856]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-BATINDICATOR - c:\program files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-FITBIT&10C4&84C4 - c:\program files (x86)\Fitbit\Base Station\DriverUninstaller.exe USBXpress\FITBIT&10C4&84C4
AddRemove-{6DA399FC-350F-41AC-8CA6-B9F8496753BE}_is1 - c:\program files (x86)\Media Finder\unins000.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-05 23:55:59
ComboFix-quarantined-files.txt 2012-11-06 04:55
.
Pre-Run: 281,888,346,112 bytes free
Post-Run: 284,550,557,696 bytes free
.
- - End Of File - - 922B2D6244CCA898DE0FED934E4EC2A8

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 PM

Posted 06 November 2012 - 12:15 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 jeeper31

jeeper31
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 06 November 2012 - 07:00 AM

06:53:53.0832 7408 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
06:53:55.0844 7408 ============================================================
06:53:55.0844 7408 Current date / time: 2012/11/06 06:53:55.0844
06:53:55.0844 7408 SystemInfo:
06:53:55.0844 7408
06:53:55.0844 7408 OS Version: 6.1.7601 ServicePack: 1.0
06:53:55.0844 7408 Product type: Workstation
06:53:55.0844 7408 ComputerName: DAN-HP
06:53:55.0844 7408 UserName: Dan
06:53:55.0844 7408 Windows directory: C:\Windows
06:53:55.0844 7408 System windows directory: C:\Windows
06:53:55.0844 7408 Running under WOW64
06:53:55.0844 7408 Processor architecture: Intel x64
06:53:55.0844 7408 Number of processors: 4
06:53:55.0844 7408 Page size: 0x1000
06:53:55.0844 7408 Boot type: Normal boot
06:53:55.0844 7408 ============================================================
06:53:56.0468 7408 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:53:56.0515 7408 ============================================================
06:53:56.0515 7408 \Device\Harddisk0\DR0:
06:53:56.0515 7408 MBR partitions:
06:53:56.0515 7408 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
06:53:56.0515 7408 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72E97800
06:53:56.0515 7408 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72ECA000, BlocksNum 0x183C000
06:53:56.0515 7408 ============================================================
06:53:56.0546 7408 C: <-> \Device\Harddisk0\DR0\Partition2
06:53:56.0593 7408 D: <-> \Device\Harddisk0\DR0\Partition3
06:53:56.0593 7408 ============================================================
06:53:56.0593 7408 Initialize success
06:53:56.0593 7408 ============================================================
06:53:59.0198 3160 ============================================================
06:53:59.0198 3160 Scan started
06:53:59.0198 3160 Mode: Manual;
06:53:59.0198 3160 ============================================================
06:54:00.0633 3160 ================ Scan system memory ========================
06:54:00.0633 3160 System memory - ok
06:54:00.0633 3160 ================ Scan services =============================
06:54:00.0852 3160 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
06:54:00.0852 3160 1394ohci - ok
06:54:00.0961 3160 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
06:54:00.0961 3160 ACPI - ok
06:54:00.0992 3160 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
06:54:00.0992 3160 AcpiPmi - ok
06:54:01.0210 3160 [ C245E08EC469A52A622EFDC9787A0DCC ] AdobeActiveFileMonitor10.0 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
06:54:01.0210 3160 AdobeActiveFileMonitor10.0 - ok
06:54:01.0320 3160 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
06:54:01.0335 3160 AdobeARMservice - ok
06:54:01.0460 3160 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
06:54:01.0476 3160 AdobeFlashPlayerUpdateSvc - ok
06:54:01.0507 3160 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
06:54:01.0507 3160 adp94xx - ok
06:54:01.0538 3160 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
06:54:01.0554 3160 adpahci - ok
06:54:01.0569 3160 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
06:54:01.0569 3160 adpu320 - ok
06:54:01.0600 3160 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
06:54:01.0600 3160 AeLookupSvc - ok
06:54:01.0647 3160 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
06:54:01.0647 3160 AESTFilters - ok
06:54:01.0788 3160 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
06:54:01.0803 3160 AFD - ok
06:54:01.0850 3160 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
06:54:01.0866 3160 agp440 - ok
06:54:01.0866 3160 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
06:54:01.0881 3160 ALG - ok
06:54:01.0897 3160 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
06:54:01.0897 3160 aliide - ok
06:54:01.0912 3160 [ 998021E7C3DE3E97E441ABACE498FFB6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
06:54:01.0928 3160 AMD External Events Utility - ok
06:54:01.0944 3160 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
06:54:01.0944 3160 amdide - ok
06:54:01.0975 3160 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
06:54:01.0975 3160 AmdK8 - ok
06:54:02.0115 3160 [ 250D5B746FFF9B7D88591EE60B63B3E4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
06:54:02.0146 3160 amdkmdag - ok
06:54:02.0178 3160 [ 781DAEC0C3E63950CCA53D193582F2E8 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
06:54:02.0193 3160 amdkmdap - ok
06:54:02.0209 3160 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
06:54:02.0209 3160 AmdPPM - ok
06:54:02.0240 3160 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
06:54:02.0240 3160 amdsata - ok
06:54:02.0271 3160 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
06:54:02.0287 3160 amdsbs - ok
06:54:02.0302 3160 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
06:54:02.0302 3160 amdxata - ok
06:54:02.0380 3160 [ 50B8638D9B335B78DFDBD6BB2A0FFCC7 ] AntiVirFirewallService C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
06:54:02.0380 3160 AntiVirFirewallService - ok
06:54:02.0396 3160 [ 64F64BD9EBB0B2CDDDC4A14B0692CC6D ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
06:54:02.0396 3160 AntiVirMailService - ok
06:54:02.0443 3160 [ C6D49917FA843852075F7E4F7029C9D7 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
06:54:02.0443 3160 AntiVirSchedulerService - ok
06:54:02.0458 3160 [ EFD2BB1DA2F7E34AB46AE8C356CC1753 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
06:54:02.0458 3160 AntiVirService - ok
06:54:02.0505 3160 [ 7E1D585A3B478B561B414E841D1742D3 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
06:54:02.0521 3160 AntiVirWebService - ok
06:54:02.0552 3160 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
06:54:02.0552 3160 AppID - ok
06:54:02.0568 3160 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
06:54:02.0583 3160 AppIDSvc - ok
06:54:02.0583 3160 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
06:54:02.0599 3160 Appinfo - ok
06:54:02.0646 3160 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:54:02.0661 3160 Apple Mobile Device - ok
06:54:02.0708 3160 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
06:54:02.0708 3160 arc - ok
06:54:02.0755 3160 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
06:54:02.0755 3160 arcsas - ok
06:54:02.0895 3160 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
06:54:02.0895 3160 aspnet_state - ok
06:54:02.0989 3160 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
06:54:03.0004 3160 AsyncMac - ok
06:54:03.0020 3160 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
06:54:03.0036 3160 atapi - ok
06:54:03.0051 3160 [ CBD14F698DEF12EE3557604B726CB8EB ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
06:54:03.0067 3160 AtiHDAudioService - ok
06:54:03.0098 3160 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
06:54:03.0114 3160 AudioEndpointBuilder - ok
06:54:03.0114 3160 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
06:54:03.0129 3160 AudioSrv - ok
06:54:03.0160 3160 [ 33EED63EC03EB4F1E32AE98548EF8D82 ] avfwim C:\Windows\system32\DRIVERS\avfwim.sys
06:54:03.0160 3160 avfwim - ok
06:54:03.0223 3160 [ ABE753B6883F2AD24654F74718FFD6E9 ] avfwot C:\Windows\system32\DRIVERS\avfwot.sys
06:54:03.0223 3160 avfwot - ok
06:54:03.0238 3160 [ B1224E6B086CD6548315B04AB575A23E ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
06:54:03.0238 3160 avgntflt - ok
06:54:03.0254 3160 [ ED45F12CFA62B83765C9C1496758CC87 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
06:54:03.0270 3160 avipbb - ok
06:54:03.0270 3160 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
06:54:03.0285 3160 AxInstSV - ok
06:54:03.0316 3160 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
06:54:03.0316 3160 b06bdrv - ok
06:54:03.0348 3160 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
06:54:03.0348 3160 b57nd60a - ok
06:54:03.0394 3160 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
06:54:03.0394 3160 BBSvc - ok
06:54:03.0426 3160 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
06:54:03.0426 3160 BDESVC - ok
06:54:03.0472 3160 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
06:54:03.0472 3160 Beep - ok
06:54:03.0504 3160 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
06:54:03.0519 3160 BFE - ok
06:54:03.0644 3160 [ 2175FBC1639E623872081B0F057409C8 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20110519.002\BHDrvx64.sys
06:54:03.0660 3160 BHDrvx64 - ok
06:54:03.0706 3160 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
06:54:03.0706 3160 BITS - ok
06:54:03.0738 3160 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
06:54:03.0738 3160 blbdrive - ok
06:54:03.0769 3160 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
06:54:03.0769 3160 Bonjour Service - ok
06:54:03.0800 3160 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
06:54:03.0800 3160 bowser - ok
06:54:03.0831 3160 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
06:54:03.0831 3160 BrFiltLo - ok
06:54:03.0847 3160 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
06:54:03.0847 3160 BrFiltUp - ok
06:54:03.0862 3160 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
06:54:03.0862 3160 BridgeMP - ok
06:54:03.0909 3160 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
06:54:03.0925 3160 Browser - ok
06:54:03.0940 3160 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
06:54:03.0940 3160 Brserid - ok
06:54:03.0956 3160 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
06:54:03.0956 3160 BrSerWdm - ok
06:54:03.0972 3160 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
06:54:03.0972 3160 BrUsbMdm - ok
06:54:03.0987 3160 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
06:54:03.0987 3160 BrUsbSer - ok
06:54:03.0987 3160 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
06:54:04.0003 3160 BTHMODEM - ok
06:54:04.0018 3160 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
06:54:04.0018 3160 bthserv - ok
06:54:04.0050 3160 catchme - ok
06:54:04.0159 3160 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys
06:54:04.0159 3160 ccSet_NIS - ok
06:54:04.0206 3160 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
06:54:04.0206 3160 cdfs - ok
06:54:04.0221 3160 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
06:54:04.0221 3160 cdrom - ok
06:54:04.0237 3160 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
06:54:04.0252 3160 CertPropSvc - ok
06:54:04.0252 3160 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
06:54:04.0252 3160 circlass - ok
06:54:04.0268 3160 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
06:54:04.0284 3160 CLFS - ok
06:54:04.0362 3160 [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe
06:54:04.0440 3160 CLKMSVC10_38F51D56 - ok
06:54:04.0518 3160 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:54:04.0549 3160 clr_optimization_v2.0.50727_32 - ok
06:54:04.0596 3160 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:54:04.0596 3160 clr_optimization_v2.0.50727_64 - ok
06:54:04.0627 3160 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:54:04.0627 3160 clr_optimization_v4.0.30319_32 - ok
06:54:04.0658 3160 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:54:04.0658 3160 clr_optimization_v4.0.30319_64 - ok
06:54:04.0689 3160 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
06:54:04.0689 3160 CmBatt - ok
06:54:04.0705 3160 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
06:54:04.0720 3160 cmdide - ok
06:54:04.0798 3160 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
06:54:04.0798 3160 CNG - ok
06:54:04.0814 3160 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
06:54:04.0830 3160 Compbatt - ok
06:54:04.0845 3160 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
06:54:04.0861 3160 CompositeBus - ok
06:54:04.0861 3160 COMSysApp - ok
06:54:04.0892 3160 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
06:54:04.0892 3160 crcdisk - ok
06:54:04.0939 3160 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
06:54:04.0939 3160 CryptSvc - ok
06:54:05.0001 3160 [ F02D7FD231AF76C69A8F09C619DEE384 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
06:54:05.0001 3160 ctxusbm - ok
06:54:05.0048 3160 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
06:54:05.0048 3160 DcomLaunch - ok
06:54:05.0079 3160 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
06:54:05.0079 3160 defragsvc - ok
06:54:05.0110 3160 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
06:54:05.0110 3160 DfsC - ok
06:54:05.0126 3160 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
06:54:05.0142 3160 Dhcp - ok
06:54:05.0157 3160 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
06:54:05.0157 3160 discache - ok
06:54:05.0173 3160 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
06:54:05.0173 3160 Disk - ok
06:54:05.0204 3160 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
06:54:05.0204 3160 Dnscache - ok
06:54:05.0220 3160 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
06:54:05.0235 3160 dot3svc - ok
06:54:05.0266 3160 [ B42ED0320C6E41102FDE0005154849BB ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
06:54:05.0266 3160 dot4 - ok
06:54:05.0282 3160 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
06:54:05.0282 3160 Dot4Print - ok
06:54:05.0298 3160 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
06:54:05.0298 3160 dot4usb - ok
06:54:05.0329 3160 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
06:54:05.0329 3160 DPS - ok
06:54:05.0360 3160 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
06:54:05.0360 3160 drmkaud - ok
06:54:05.0391 3160 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
06:54:05.0407 3160 DXGKrnl - ok
06:54:05.0422 3160 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
06:54:05.0422 3160 EapHost - ok
06:54:05.0485 3160 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
06:54:05.0516 3160 ebdrv - ok
06:54:05.0516 3160 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
06:54:05.0532 3160 EFS - ok
06:54:05.0578 3160 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
06:54:05.0578 3160 ehRecvr - ok
06:54:05.0594 3160 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
06:54:05.0610 3160 ehSched - ok
06:54:05.0625 3160 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
06:54:05.0641 3160 elxstor - ok
06:54:05.0656 3160 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
06:54:05.0656 3160 ErrDev - ok
06:54:05.0688 3160 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
06:54:05.0688 3160 EventSystem - ok
06:54:05.0719 3160 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
06:54:05.0719 3160 exfat - ok
06:54:05.0750 3160 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
06:54:05.0750 3160 fastfat - ok
06:54:05.0781 3160 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
06:54:05.0797 3160 Fax - ok
06:54:05.0797 3160 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
06:54:05.0812 3160 fdc - ok
06:54:05.0812 3160 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
06:54:05.0828 3160 fdPHost - ok
06:54:05.0828 3160 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
06:54:05.0844 3160 FDResPub - ok
06:54:05.0844 3160 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
06:54:05.0859 3160 FileInfo - ok
06:54:05.0875 3160 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
06:54:05.0875 3160 Filetrace - ok
06:54:05.0937 3160 [ 98AB9EFEFD56483BA2F5FCD09691112F ] Fitbit C:\Program Files (x86)\Fitbit\fitbit.exe
06:54:05.0953 3160 Fitbit - ok
06:54:06.0015 3160 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
06:54:06.0062 3160 FLEXnet Licensing Service - ok
06:54:06.0093 3160 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
06:54:06.0109 3160 flpydisk - ok
06:54:06.0124 3160 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
06:54:06.0124 3160 FltMgr - ok
06:54:06.0171 3160 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
06:54:06.0187 3160 FontCache - ok
06:54:06.0234 3160 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:54:06.0249 3160 FontCache3.0.0.0 - ok
06:54:06.0280 3160 [ 71CDC1D7F58D5EC49EBC2E2332AD3FAE ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
06:54:06.0280 3160 FPLService - ok
06:54:06.0296 3160 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
06:54:06.0296 3160 FsDepends - ok
06:54:06.0343 3160 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
06:54:06.0343 3160 Fs_Rec - ok
06:54:06.0358 3160 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
06:54:06.0374 3160 fvevol - ok
06:54:06.0390 3160 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
06:54:06.0405 3160 gagp30kx - ok
06:54:06.0421 3160 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
06:54:06.0468 3160 GamesAppService - ok
06:54:06.0546 3160 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:54:06.0546 3160 GEARAspiWDM - ok
06:54:06.0592 3160 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
06:54:06.0608 3160 gpsvc - ok
06:54:06.0639 3160 [ B9893A68032A6D9ADDB5B98287C630F7 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
06:54:06.0655 3160 grmnusb - ok
06:54:06.0733 3160 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:54:06.0748 3160 gupdate - ok
06:54:06.0795 3160 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:54:06.0795 3160 gupdatem - ok
06:54:06.0826 3160 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
06:54:06.0858 3160 gusvc - ok
06:54:06.0920 3160 [ 02B592C2AECFF69F844AA8F4520C39E9 ] HCW723x C:\Windows\system32\DRIVERS\HCW723x.sys
06:54:06.0951 3160 HCW723x - ok
06:54:06.0967 3160 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
06:54:06.0967 3160 hcw85cir - ok
06:54:07.0014 3160 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
06:54:07.0014 3160 HdAudAddService - ok
06:54:07.0029 3160 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
06:54:07.0029 3160 HDAudBus - ok
06:54:07.0045 3160 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
06:54:07.0045 3160 HidBatt - ok
06:54:07.0060 3160 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
06:54:07.0060 3160 HidBth - ok
06:54:07.0076 3160 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
06:54:07.0076 3160 HidIr - ok
06:54:07.0107 3160 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
06:54:07.0107 3160 hidserv - ok
06:54:07.0123 3160 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
06:54:07.0123 3160 HidUsb - ok
06:54:07.0138 3160 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
06:54:07.0138 3160 hkmsvc - ok
06:54:07.0154 3160 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
06:54:07.0170 3160 HomeGroupListener - ok
06:54:07.0185 3160 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
06:54:07.0201 3160 HomeGroupProvider - ok
06:54:07.0263 3160 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
06:54:07.0263 3160 HP Support Assistant Service - ok
06:54:07.0326 3160 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
06:54:07.0326 3160 HPClientSvc - ok
06:54:07.0372 3160 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
06:54:07.0372 3160 HPDrvMntSvc.exe - ok
06:54:07.0404 3160 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
06:54:07.0450 3160 hpqwmiex - ok
06:54:07.0482 3160 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
06:54:07.0497 3160 HpSAMD - ok
06:54:07.0528 3160 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
06:54:07.0544 3160 HTTP - ok
06:54:07.0560 3160 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
06:54:07.0560 3160 hwpolicy - ok
06:54:07.0591 3160 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
06:54:07.0591 3160 i8042prt - ok
06:54:07.0622 3160 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\drivers\iaStor.sys
06:54:07.0622 3160 iaStor - ok
06:54:07.0653 3160 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
06:54:07.0653 3160 iaStorV - ok
06:54:07.0700 3160 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:54:07.0731 3160 idsvc - ok
06:54:07.0778 3160 [ 34AC90D62C9F003A470183393C061D84 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20110519.031\IDSVia64.sys
06:54:07.0778 3160 IDSVia64 - ok
06:54:07.0887 3160 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
06:54:07.0918 3160 igfx - ok
06:54:07.0934 3160 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
06:54:07.0934 3160 iirsp - ok
06:54:07.0965 3160 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
06:54:07.0981 3160 IKEEXT - ok
06:54:07.0996 3160 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
06:54:08.0012 3160 intelide - ok
06:54:08.0028 3160 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
06:54:08.0028 3160 intelppm - ok
06:54:08.0028 3160 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
06:54:08.0043 3160 IPBusEnum - ok
06:54:08.0059 3160 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:54:08.0059 3160 IpFilterDriver - ok
06:54:08.0074 3160 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
06:54:08.0090 3160 iphlpsvc - ok
06:54:08.0106 3160 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
06:54:08.0106 3160 IPMIDRV - ok
06:54:08.0121 3160 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
06:54:08.0121 3160 IPNAT - ok
06:54:08.0152 3160 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
06:54:08.0168 3160 iPod Service - ok
06:54:08.0184 3160 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
06:54:08.0184 3160 IRENUM - ok
06:54:08.0215 3160 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
06:54:08.0215 3160 isapnp - ok
06:54:08.0230 3160 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
06:54:08.0230 3160 iScsiPrt - ok
06:54:08.0262 3160 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
06:54:08.0277 3160 jhi_service - ok
06:54:08.0293 3160 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
06:54:08.0293 3160 kbdclass - ok
06:54:08.0308 3160 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
06:54:08.0308 3160 kbdhid - ok
06:54:08.0308 3160 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
06:54:08.0324 3160 KeyIso - ok
06:54:08.0355 3160 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
06:54:08.0355 3160 KSecDD - ok
06:54:08.0371 3160 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
06:54:08.0386 3160 KSecPkg - ok
06:54:08.0402 3160 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
06:54:08.0418 3160 ksthunk - ok
06:54:08.0433 3160 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
06:54:08.0449 3160 KtmRm - ok
06:54:08.0480 3160 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
06:54:08.0480 3160 LanmanServer - ok
06:54:08.0511 3160 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
06:54:08.0527 3160 LanmanWorkstation - ok
06:54:08.0589 3160 [ 88E52495B47C67126B510AF53FDB0BC7 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
06:54:08.0605 3160 LBTServ - ok
06:54:08.0620 3160 [ BECBD7CD46776B8739EE18061F45A581 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
06:54:08.0620 3160 LEqdUsb - ok
06:54:08.0636 3160 [ 21D6BD7D62C270059EB8E2B1D4095880 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
06:54:08.0636 3160 LHidEqd - ok
06:54:08.0652 3160 [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
06:54:08.0652 3160 LHidFilt - ok
06:54:08.0667 3160 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
06:54:08.0667 3160 lltdio - ok
06:54:08.0698 3160 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
06:54:08.0698 3160 lltdsvc - ok
06:54:08.0714 3160 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
06:54:08.0714 3160 lmhosts - ok
06:54:08.0730 3160 [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
06:54:08.0745 3160 LMouFilt - ok
06:54:08.0792 3160 [ D75C4B4A8FE6D7FD74A7EECDBAEC729F ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
06:54:08.0808 3160 LMS - ok
06:54:08.0823 3160 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
06:54:08.0839 3160 LSI_FC - ok
06:54:08.0839 3160 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
06:54:08.0854 3160 LSI_SAS - ok
06:54:08.0870 3160 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
06:54:08.0870 3160 LSI_SAS2 - ok
06:54:08.0886 3160 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
06:54:08.0886 3160 LSI_SCSI - ok
06:54:08.0917 3160 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
06:54:08.0917 3160 luafv - ok
06:54:08.0932 3160 MagicTune - ok
06:54:08.0979 3160 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
06:54:08.0979 3160 MBAMProtector - ok
06:54:09.0010 3160 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
06:54:09.0026 3160 MBAMScheduler - ok
06:54:09.0057 3160 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
06:54:09.0073 3160 MBAMService - ok
06:54:09.0104 3160 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
06:54:09.0104 3160 Mcx2Svc - ok
06:54:09.0135 3160 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
06:54:09.0135 3160 megasas - ok
06:54:09.0166 3160 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
06:54:09.0166 3160 MegaSR - ok
06:54:09.0182 3160 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
06:54:09.0182 3160 MEIx64 - ok
06:54:09.0229 3160 Microsoft SharePoint Workspace Audit Service - ok
06:54:09.0244 3160 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
06:54:09.0244 3160 MMCSS - ok
06:54:09.0260 3160 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
06:54:09.0260 3160 Modem - ok
06:54:09.0291 3160 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
06:54:09.0291 3160 monitor - ok
06:54:09.0307 3160 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
06:54:09.0307 3160 mouclass - ok
06:54:09.0322 3160 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
06:54:09.0322 3160 mouhid - ok
06:54:09.0338 3160 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
06:54:09.0338 3160 mountmgr - ok
06:54:09.0354 3160 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
06:54:09.0369 3160 mpio - ok
06:54:09.0369 3160 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
06:54:09.0385 3160 mpsdrv - ok
06:54:09.0416 3160 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
06:54:09.0432 3160 MpsSvc - ok
06:54:09.0447 3160 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
06:54:09.0463 3160 MRxDAV - ok
06:54:09.0478 3160 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
06:54:09.0494 3160 mrxsmb - ok
06:54:09.0510 3160 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:54:09.0525 3160 mrxsmb10 - ok
06:54:09.0541 3160 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:54:09.0541 3160 mrxsmb20 - ok
06:54:09.0556 3160 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
06:54:09.0556 3160 msahci - ok
06:54:09.0572 3160 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
06:54:09.0588 3160 msdsm - ok
06:54:09.0603 3160 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
06:54:09.0603 3160 MSDTC - ok
06:54:09.0634 3160 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
06:54:09.0634 3160 Msfs - ok
06:54:09.0650 3160 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
06:54:09.0650 3160 mshidkmdf - ok
06:54:09.0666 3160 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
06:54:09.0666 3160 msisadrv - ok
06:54:09.0681 3160 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
06:54:09.0697 3160 MSiSCSI - ok
06:54:09.0697 3160 msiserver - ok
06:54:09.0697 3160 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
06:54:09.0712 3160 MSKSSRV - ok
06:54:09.0728 3160 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
06:54:09.0728 3160 MSPCLOCK - ok
06:54:09.0728 3160 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
06:54:09.0728 3160 MSPQM - ok
06:54:09.0744 3160 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
06:54:09.0759 3160 MsRPC - ok
06:54:09.0790 3160 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
06:54:09.0790 3160 mssmbios - ok
06:54:09.0790 3160 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
06:54:09.0790 3160 MSTEE - ok
06:54:09.0806 3160 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
06:54:09.0806 3160 MTConfig - ok
06:54:09.0837 3160 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
06:54:09.0837 3160 Mup - ok
06:54:09.0931 3160 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
06:54:09.0946 3160 napagent - ok
06:54:09.0978 3160 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
06:54:09.0978 3160 NativeWifiP - ok
06:54:10.0009 3160 [ F594E1ACBBB3BA48586B5DD69B3A6BC2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20110607.003\ENG64.SYS
06:54:10.0024 3160 NAVENG - ok
06:54:10.0056 3160 [ CFE00B55488ACF0CD9F62B0401297864 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20110607.003\EX64.SYS
06:54:10.0087 3160 NAVEX15 - ok
06:54:10.0134 3160 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
06:54:10.0134 3160 NDIS - ok
06:54:10.0165 3160 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
06:54:10.0165 3160 NdisCap - ok
06:54:10.0180 3160 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
06:54:10.0180 3160 NdisTapi - ok
06:54:10.0196 3160 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
06:54:10.0212 3160 Ndisuio - ok
06:54:10.0212 3160 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
06:54:10.0227 3160 NdisWan - ok
06:54:10.0243 3160 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
06:54:10.0243 3160 NDProxy - ok
06:54:10.0258 3160 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
06:54:10.0258 3160 NetBIOS - ok
06:54:10.0274 3160 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
06:54:10.0290 3160 NetBT - ok
06:54:10.0305 3160 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
06:54:10.0305 3160 Netlogon - ok
06:54:10.0321 3160 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
06:54:10.0336 3160 Netman - ok
06:54:10.0352 3160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:54:10.0399 3160 NetMsmqActivator - ok
06:54:10.0430 3160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:54:10.0446 3160 NetPipeActivator - ok
06:54:10.0461 3160 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
06:54:10.0461 3160 netprofm - ok
06:54:10.0508 3160 [ 8B5D2D7CB0EF5B1967860B8AB742A46C ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
06:54:10.0524 3160 netr28x - ok
06:54:10.0524 3160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:54:10.0524 3160 NetTcpActivator - ok
06:54:10.0539 3160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:54:10.0539 3160 NetTcpPortSharing - ok
06:54:10.0555 3160 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
06:54:10.0555 3160 nfrd960 - ok
06:54:10.0633 3160 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
06:54:10.0648 3160 NIS - ok
06:54:10.0664 3160 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
06:54:10.0664 3160 NlaSvc - ok
06:54:10.0758 3160 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
06:54:10.0789 3160 NOBU - ok
06:54:10.0836 3160 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
06:54:10.0836 3160 Npfs - ok
06:54:10.0882 3160 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
06:54:10.0882 3160 nsi - ok
06:54:10.0882 3160 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
06:54:10.0898 3160 nsiproxy - ok
06:54:10.0960 3160 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
06:54:10.0976 3160 Ntfs - ok
06:54:10.0992 3160 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
06:54:10.0992 3160 Null - ok
06:54:11.0038 3160 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
06:54:11.0038 3160 nusb3hub - ok
06:54:11.0070 3160 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
06:54:11.0070 3160 nusb3xhc - ok
06:54:11.0085 3160 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
06:54:11.0101 3160 nvraid - ok
06:54:11.0101 3160 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
06:54:11.0116 3160 nvstor - ok
06:54:11.0132 3160 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
06:54:11.0148 3160 nv_agp - ok
06:54:11.0163 3160 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
06:54:11.0179 3160 ohci1394 - ok
06:54:11.0210 3160 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:54:11.0226 3160 ose - ok
06:54:11.0335 3160 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
06:54:11.0366 3160 osppsvc - ok
06:54:11.0413 3160 [ 5F79934084DF6DC0635578864376CE54 ] OV550I C:\Windows\system32\Drivers\FilmScan.sys
06:54:11.0428 3160 OV550I - ok
06:54:11.0460 3160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
06:54:11.0460 3160 p2pimsvc - ok
06:54:11.0475 3160 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
06:54:11.0491 3160 p2psvc - ok
06:54:11.0522 3160 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
06:54:11.0522 3160 Parport - ok
06:54:11.0569 3160 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
06:54:11.0569 3160 partmgr - ok
06:54:11.0584 3160 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
06:54:11.0600 3160 PcaSvc - ok
06:54:11.0600 3160 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
06:54:11.0600 3160 pci - ok
06:54:11.0631 3160 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
06:54:11.0631 3160 pciide - ok
06:54:11.0662 3160 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
06:54:11.0662 3160 pcmcia - ok
06:54:11.0678 3160 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
06:54:11.0678 3160 pcw - ok
06:54:11.0740 3160 pdfcDispatcher - ok
06:54:11.0787 3160 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
06:54:11.0803 3160 PEAUTH - ok
06:54:11.0896 3160 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
06:54:11.0896 3160 PerfHost - ok
06:54:11.0959 3160 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
06:54:11.0974 3160 pla - ok
06:54:11.0990 3160 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
06:54:12.0006 3160 PlugPlay - ok
06:54:12.0037 3160 [ 64CA1485214340CACC315FFDFDED73EF ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
06:54:12.0037 3160 Pml Driver HPZ12 - ok
06:54:12.0052 3160 [ 0BEE791C7C7ACE453C134E73633C497D ] pmxdrv C:\Windows\system32\drivers\pmxdrv.sys
06:54:12.0052 3160 pmxdrv - ok
06:54:12.0068 3160 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
06:54:12.0068 3160 PNRPAutoReg - ok
06:54:12.0099 3160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
06:54:12.0099 3160 PNRPsvc - ok
06:54:12.0130 3160 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
06:54:12.0130 3160 PolicyAgent - ok
06:54:12.0162 3160 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
06:54:12.0162 3160 Power - ok
06:54:12.0193 3160 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
06:54:12.0193 3160 PptpMiniport - ok
06:54:12.0208 3160 [ 87D84513E913011CE408BFA99903965C ] PRESONUS_AUDIOBOX_MIDI C:\Windows\system32\drivers\psabusbm.sys
06:54:12.0224 3160 PRESONUS_AUDIOBOX_MIDI - ok
06:54:12.0255 3160 [ 96D337F025ABAFE7CADDDEC495413895 ] PRESONUS_AUDIOBOX_USB C:\Windows\system32\Drivers\psabusbu.sys
06:54:12.0255 3160 PRESONUS_AUDIOBOX_USB - ok
06:54:12.0286 3160 [ 5F1134087929E1A0D3A8E0BBDEC89A8B ] PRESONUS_AUDIOBOX_WDM C:\Windows\system32\drivers\psabusba.sys
06:54:12.0286 3160 PRESONUS_AUDIOBOX_WDM - ok
06:54:12.0302 3160 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
06:54:12.0302 3160 Processor - ok
06:54:12.0364 3160 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
06:54:12.0364 3160 ProfSvc - ok
06:54:12.0380 3160 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
06:54:12.0380 3160 ProtectedStorage - ok
06:54:12.0396 3160 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
06:54:12.0396 3160 Psched - ok
06:54:12.0442 3160 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
06:54:12.0442 3160 PxHlpa64 - ok
06:54:12.0489 3160 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
06:54:12.0505 3160 ql2300 - ok
06:54:12.0520 3160 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
06:54:12.0520 3160 ql40xx - ok
06:54:12.0552 3160 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
06:54:12.0567 3160 QWAVE - ok
06:54:12.0583 3160 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
06:54:12.0583 3160 QWAVEdrv - ok
06:54:12.0598 3160 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
06:54:12.0598 3160 RasAcd - ok
06:54:12.0614 3160 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
06:54:12.0614 3160 RasAgileVpn - ok
06:54:12.0645 3160 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
06:54:12.0645 3160 RasAuto - ok
06:54:12.0661 3160 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
06:54:12.0661 3160 Rasl2tp - ok
06:54:12.0676 3160 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
06:54:12.0692 3160 RasMan - ok
06:54:12.0692 3160 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
06:54:12.0708 3160 RasPppoe - ok
06:54:12.0723 3160 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
06:54:12.0723 3160 RasSstp - ok
06:54:12.0754 3160 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
06:54:12.0770 3160 rdbss - ok
06:54:12.0786 3160 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
06:54:12.0786 3160 rdpbus - ok
06:54:12.0801 3160 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
06:54:12.0801 3160 RDPCDD - ok
06:54:12.0801 3160 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
06:54:12.0817 3160 RDPENCDD - ok
06:54:12.0817 3160 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
06:54:12.0817 3160 RDPREFMP - ok
06:54:12.0864 3160 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
06:54:12.0864 3160 RDPWD - ok
06:54:12.0879 3160 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
06:54:12.0879 3160 rdyboost - ok
06:54:12.0910 3160 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
06:54:12.0910 3160 RemoteAccess - ok
06:54:12.0942 3160 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
06:54:12.0942 3160 RemoteRegistry - ok
06:54:12.0988 3160 [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
06:54:13.0004 3160 RoxioNow Service - ok
06:54:13.0020 3160 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
06:54:13.0020 3160 RpcEptMapper - ok
06:54:13.0035 3160 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
06:54:13.0035 3160 RpcLocator - ok
06:54:13.0051 3160 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
06:54:13.0066 3160 RpcSs - ok
06:54:13.0098 3160 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
06:54:13.0098 3160 rspndr - ok
06:54:13.0129 3160 [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
06:54:13.0129 3160 RTL8167 - ok
06:54:13.0144 3160 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
06:54:13.0144 3160 SamSs - ok
06:54:13.0176 3160 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
06:54:13.0176 3160 sbp2port - ok
06:54:13.0207 3160 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
06:54:13.0207 3160 SCardSvr - ok
06:54:13.0222 3160 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
06:54:13.0222 3160 scfilter - ok
06:54:13.0254 3160 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
06:54:13.0269 3160 Schedule - ok
06:54:13.0285 3160 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
06:54:13.0285 3160 SCPolicySvc - ok
06:54:13.0300 3160 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
06:54:13.0316 3160 SDRSVC - ok
06:54:13.0347 3160 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
06:54:13.0363 3160 SeaPort - ok
06:54:13.0378 3160 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
06:54:13.0394 3160 secdrv - ok
06:54:13.0410 3160 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
06:54:13.0410 3160 seclogon - ok
06:54:13.0425 3160 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
06:54:13.0425 3160 SENS - ok
06:54:13.0441 3160 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
06:54:13.0441 3160 SensrSvc - ok
06:54:13.0456 3160 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
06:54:13.0456 3160 Serenum - ok
06:54:13.0472 3160 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
06:54:13.0472 3160 Serial - ok
06:54:13.0503 3160 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
06:54:13.0503 3160 sermouse - ok
06:54:13.0519 3160 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
06:54:13.0534 3160 SessionEnv - ok
06:54:13.0550 3160 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
06:54:13.0550 3160 sffdisk - ok
06:54:13.0566 3160 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
06:54:13.0566 3160 sffp_mmc - ok
06:54:13.0581 3160 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
06:54:13.0581 3160 sffp_sd - ok
06:54:13.0597 3160 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
06:54:13.0597 3160 sfloppy - ok
06:54:13.0659 3160 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
06:54:13.0675 3160 SharedAccess - ok
06:54:13.0690 3160 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:54:13.0690 3160 ShellHWDetection - ok
06:54:13.0722 3160 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
06:54:13.0722 3160 SiSRaid2 - ok
06:54:13.0737 3160 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
06:54:13.0737 3160 SiSRaid4 - ok
06:54:13.0768 3160 [ 4C9F8E72F87F50A6125AAA31B63B2D18 ] SIUSBXP C:\Windows\system32\drivers\SiUSBXp.sys
06:54:13.0784 3160 SIUSBXP - ok
06:54:13.0800 3160 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
06:54:13.0800 3160 Smb - ok
06:54:13.0831 3160 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
06:54:13.0831 3160 SNMPTRAP - ok
06:54:13.0846 3160 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
06:54:13.0846 3160 spldr - ok
06:54:13.0909 3160 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
06:54:13.0909 3160 Spooler - ok
06:54:13.0971 3160 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
06:54:14.0018 3160 sppsvc - ok
06:54:14.0018 3160 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
06:54:14.0034 3160 sppuinotify - ok
06:54:14.0127 3160 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS
06:54:14.0143 3160 SRTSP - ok
06:54:14.0158 3160 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS
06:54:14.0158 3160 SRTSPX - ok
06:54:14.0205 3160 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
06:54:14.0221 3160 srv - ok
06:54:14.0236 3160 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
06:54:14.0236 3160 srv2 - ok
06:54:14.0252 3160 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
06:54:14.0268 3160 srvnet - ok
06:54:14.0283 3160 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
06:54:14.0283 3160 SSDPSRV - ok
06:54:14.0299 3160 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
06:54:14.0314 3160 SstpSvc - ok
06:54:14.0361 3160 [ 4C351F1A847EBBD3AF39A229A699DC29 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
06:54:14.0377 3160 STacSV - ok
06:54:14.0377 3160 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
06:54:14.0392 3160 stexstor - ok
06:54:14.0408 3160 [ DCC8845692DEA3477BCF6CE9D06C711F ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
06:54:14.0424 3160 STHDA - ok
06:54:14.0439 3160 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
06:54:14.0439 3160 StillCam - ok
06:54:14.0470 3160 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
06:54:14.0486 3160 stisvc - ok
06:54:14.0502 3160 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
06:54:14.0502 3160 swenum - ok
06:54:14.0595 3160 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
06:54:14.0642 3160 SwitchBoard - ok
06:54:14.0689 3160 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
06:54:14.0704 3160 swprv - ok
06:54:14.0782 3160 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS
06:54:14.0798 3160 SymDS - ok
06:54:14.0860 3160 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS
06:54:14.0876 3160 SymEFA - ok
06:54:14.0923 3160 [ 894579207E39C465737E850A252CE4F2 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
06:54:14.0923 3160 SymEvent - ok
06:54:14.0954 3160 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS
06:54:14.0954 3160 SymIRON - ok
06:54:14.0985 3160 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS
06:54:15.0001 3160 SymNetS - ok
06:54:15.0048 3160 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
06:54:15.0063 3160 SysMain - ok
06:54:15.0079 3160 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:54:15.0094 3160 TabletInputService - ok
06:54:15.0110 3160 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
06:54:15.0110 3160 TapiSrv - ok
06:54:15.0141 3160 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
06:54:15.0141 3160 TBS - ok
06:54:15.0219 3160 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
06:54:15.0250 3160 Tcpip - ok
06:54:15.0266 3160 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
06:54:15.0282 3160 TCPIP6 - ok
06:54:15.0297 3160 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
06:54:15.0297 3160 tcpipreg - ok
06:54:15.0313 3160 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
06:54:15.0313 3160 TDPIPE - ok
06:54:15.0344 3160 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
06:54:15.0360 3160 TDTCP - ok
06:54:15.0375 3160 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
06:54:15.0375 3160 tdx - ok
06:54:15.0406 3160 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
06:54:15.0406 3160 TermDD - ok
06:54:15.0438 3160 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
06:54:15.0453 3160 TermService - ok
06:54:15.0453 3160 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
06:54:15.0469 3160 Themes - ok
06:54:15.0484 3160 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
06:54:15.0484 3160 THREADORDER - ok
06:54:15.0500 3160 [ FF879027C552A37897D107BE6CEDF6DF ] tihub3 C:\Windows\system32\drivers\tihub3.sys
06:54:15.0516 3160 tihub3 - ok
06:54:15.0547 3160 [ 133C3B4A3E44616F8F571A0EBBEF9B74 ] tixhci C:\Windows\system32\drivers\tixhci.sys
06:54:15.0562 3160 tixhci - ok
06:54:15.0578 3160 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
06:54:15.0578 3160 TrkWks - ok
06:54:15.0609 3160 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:54:15.0625 3160 TrustedInstaller - ok
06:54:15.0640 3160 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
06:54:15.0656 3160 tssecsrv - ok
06:54:15.0656 3160 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
06:54:15.0672 3160 TsUsbFlt - ok
06:54:15.0687 3160 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
06:54:15.0703 3160 TsUsbGD - ok
06:54:15.0703 3160 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
06:54:15.0718 3160 tunnel - ok
06:54:15.0734 3160 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
06:54:15.0734 3160 uagp35 - ok
06:54:15.0750 3160 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
06:54:15.0765 3160 udfs - ok
06:54:15.0781 3160 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
06:54:15.0781 3160 UI0Detect - ok
06:54:15.0796 3160 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
06:54:15.0796 3160 uliagpkx - ok
06:54:15.0828 3160 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
06:54:15.0828 3160 umbus - ok
06:54:15.0843 3160 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
06:54:15.0843 3160 UmPass - ok
06:54:15.0921 3160 [ 758C2CE427C343F780A205E28555C98D ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
06:54:15.0952 3160 UNS - ok
06:54:15.0968 3160 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
06:54:15.0968 3160 upnphost - ok
06:54:15.0999 3160 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
06:54:16.0015 3160 USBAAPL64 - ok
06:54:16.0030 3160 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
06:54:16.0046 3160 usbaudio - ok
06:54:16.0062 3160 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
06:54:16.0062 3160 usbccgp - ok
06:54:16.0077 3160 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
06:54:16.0093 3160 usbcir - ok
06:54:16.0108 3160 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
06:54:16.0108 3160 usbehci - ok
06:54:16.0124 3160 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
06:54:16.0140 3160 usbhub - ok
06:54:16.0155 3160 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
06:54:16.0155 3160 usbohci - ok
06:54:16.0171 3160 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
06:54:16.0171 3160 usbprint - ok
06:54:16.0186 3160 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:54:16.0186 3160 USBSTOR - ok
06:54:16.0202 3160 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
06:54:16.0218 3160 usbuhci - ok
06:54:16.0233 3160 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
06:54:16.0233 3160 UxSms - ok
06:54:16.0249 3160 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
06:54:16.0249 3160 VaultSvc - ok
06:54:16.0264 3160 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
06:54:16.0264 3160 vdrvroot - ok
06:54:16.0280 3160 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
06:54:16.0296 3160 vds - ok
06:54:16.0311 3160 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
06:54:16.0311 3160 vga - ok
06:54:16.0327 3160 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
06:54:16.0327 3160 VgaSave - ok
06:54:16.0342 3160 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
06:54:16.0358 3160 vhdmp - ok
06:54:16.0374 3160 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
06:54:16.0374 3160 viaide - ok
06:54:16.0389 3160 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
06:54:16.0389 3160 volmgr - ok
06:54:16.0405 3160 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
06:54:16.0420 3160 volmgrx - ok
06:54:16.0436 3160 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
06:54:16.0436 3160 volsnap - ok
06:54:16.0467 3160 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
06:54:16.0467 3160 vsmraid - ok
06:54:16.0514 3160 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
06:54:16.0530 3160 VSS - ok
06:54:16.0545 3160 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
06:54:16.0545 3160 vwifibus - ok
06:54:16.0561 3160 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
06:54:16.0561 3160 vwififlt - ok
06:54:16.0592 3160 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
06:54:16.0592 3160 vwifimp - ok
06:54:16.0608 3160 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
06:54:16.0623 3160 W32Time - ok
06:54:16.0639 3160 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
06:54:16.0639 3160 WacomPen - ok
06:54:16.0654 3160 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
06:54:16.0654 3160 WANARP - ok
06:54:16.0654 3160 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
06:54:16.0654 3160 Wanarpv6 - ok
06:54:16.0717 3160 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
06:54:16.0732 3160 WatAdminSvc - ok
06:54:16.0764 3160 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
06:54:16.0779 3160 wbengine - ok
06:54:16.0795 3160 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
06:54:16.0810 3160 WbioSrvc - ok
06:54:16.0810 3160 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
06:54:16.0826 3160 wcncsvc - ok
06:54:16.0826 3160 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:54:16.0826 3160 WcsPlugInService - ok
06:54:16.0857 3160 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
06:54:16.0857 3160 Wd - ok
06:54:16.0920 3160 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
06:54:16.0920 3160 WDC_SAM - ok
06:54:16.0935 3160 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
06:54:16.0951 3160 Wdf01000 - ok
06:54:16.0966 3160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
06:54:16.0966 3160 WdiServiceHost - ok
06:54:16.0966 3160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
06:54:16.0982 3160 WdiSystemHost - ok
06:54:16.0998 3160 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
06:54:16.0998 3160 WebClient - ok
06:54:17.0013 3160 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
06:54:17.0029 3160 Wecsvc - ok
06:54:17.0029 3160 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
06:54:17.0044 3160 wercplsupport - ok
06:54:17.0044 3160 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
06:54:17.0060 3160 WerSvc - ok
06:54:17.0060 3160 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
06:54:17.0076 3160 WfpLwf - ok
06:54:17.0076 3160 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
06:54:17.0091 3160 WIMMount - ok
06:54:17.0107 3160 WinDefend - ok
06:54:17.0107 3160 WinHttpAutoProxySvc - ok
06:54:17.0154 3160 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
06:54:17.0169 3160 Winmgmt - ok
06:54:17.0216 3160 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
06:54:17.0247 3160 WinRM - ok
06:54:17.0294 3160 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
06:54:17.0294 3160 WinUsb - ok
06:54:17.0325 3160 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
06:54:17.0341 3160 Wlansvc - ok
06:54:17.0372 3160 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
06:54:17.0372 3160 wlcrasvc - ok
06:54:17.0434 3160 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
06:54:17.0466 3160 wlidsvc - ok
06:54:17.0481 3160 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
06:54:17.0481 3160 WmiAcpi - ok
06:54:17.0497 3160 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
06:54:17.0497 3160 wmiApSrv - ok
06:54:17.0512 3160 WMPNetworkSvc - ok
06:54:17.0528 3160 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
06:54:17.0528 3160 WPCSvc - ok
06:54:17.0528 3160 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
06:54:17.0544 3160 WPDBusEnum - ok
06:54:17.0559 3160 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
06:54:17.0559 3160 ws2ifsl - ok
06:54:17.0575 3160 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
06:54:17.0590 3160 wscsvc - ok
06:54:17.0590 3160 WSearch - ok
06:54:17.0668 3160 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
06:54:17.0700 3160 wuauserv - ok
06:54:17.0715 3160 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
06:54:17.0715 3160 WudfPf - ok
06:54:17.0731 3160 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
06:54:17.0731 3160 WUDFRd - ok
06:54:17.0746 3160 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
06:54:17.0762 3160 wudfsvc - ok
06:54:17.0778 3160 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
06:54:17.0778 3160 WwanSvc - ok
06:54:17.0793 3160 ================ Scan global ===============================
06:54:17.0824 3160 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
06:54:17.0871 3160 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
06:54:17.0887 3160 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
06:54:17.0918 3160 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
06:54:17.0918 3160 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
06:54:17.0934 3160 [Global] - ok
06:54:17.0934 3160 ================ Scan MBR ==================================
06:54:17.0949 3160 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
06:54:18.0214 3160 \Device\Harddisk0\DR0 - ok
06:54:18.0214 3160 ================ Scan VBR ==================================
06:54:18.0214 3160 [ 4AD8CC44D09E1E998078F775BAA50940 ] \Device\Harddisk0\DR0\Partition1
06:54:18.0214 3160 \Device\Harddisk0\DR0\Partition1 - ok
06:54:18.0230 3160 [ 3BAD5C6B07CF06DA2CAA5226439B9246 ] \Device\Harddisk0\DR0\Partition2
06:54:18.0230 3160 \Device\Harddisk0\DR0\Partition2 - ok
06:54:18.0277 3160 [ FA00D25FC0F1027A1F8ABBB1A1707F57 ] \Device\Harddisk0\DR0\Partition3
06:54:18.0277 3160 \Device\Harddisk0\DR0\Partition3 - ok
06:54:18.0277 3160 ============================================================
06:54:18.0277 3160 Scan finished
06:54:18.0277 3160 ============================================================
06:54:18.0277 2088 Detected object count: 0
06:54:18.0277 2088 Actual detected object count: 0

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 PM

Posted 06 November 2012 - 11:40 AM

Hello


did you run the aswMBR program and did it make a report?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users