Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD's & Rootkit.Boot.Pihar.c


  • This topic is locked This topic is locked
21 replies to this topic

#1 rebelnyell

rebelnyell

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 24 March 2013 - 03:29 AM

I have been getting multiple BSODs upon logging onto my computer. In most cases the desktop begins to load and then the BSOD occurs. The BSOD message isn't consistent and this cycle repeats after each restart. Sometimes the error is PAGE_FAULT_IN_NONPAGED_AREA, SYSTEM_SERVICE_EXCEPTION, and sometimes no specific message at the top. Once in a while the computer just shuts down and no BSOD is displayed. Occasionally a BSOD won't occur immediately and I can use the computer for a while though it is still slow booting up and loading the desktop. I also encountered errors similar to the ones mentioned here http://www.bleepingcomputer.com/forums/t/478447/infected-with-rootkitbootpiharc/ with respect to running system restore on occasion. TDSS Killer did identified Rootkit.Boot.Pihar.c and cured it; following that Symantec Endpoint Protection (which I'm required to use at my college) began identifying Trojans from the TDSS Killer quarantine location and attempted to delete them. I also ran ComboFix which I realize now I should have probably waited to do. It ran fine and generated a log. I can post that if you'd like to see it.

My computer's an Asus G72GX-RBBX05 running 64-bit Windows 7. If any more information or clarification is needed just ask.

 

Here's the dds.txt file generated.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470  BrowserJavaVersion: 10.5.1
Run by Matthew at 4:05:43 on 2013-03-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6143.3648 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
C:\Program Files\ASUS\Turbo Gear\TurboGear.exe
C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
F:\FirefoxPortable\FirefoxPortable.exe
C:\Windows\system32\taskmgr.exe
F:\FirefoxPortable\App\firefox\firefox.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\SysWOW64\ACEngSvr.exe
F:\FirefoxPortable\App\firefox\plugin-container.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\SymcPCCULaunchSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ie
uURLSearchHooks: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll
dURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
mWinlogon: Userinit = C:\Windows\System32\userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Complitly: {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - LocalServer32 - <no file>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Turbo Gear Help] "C:\Program Files\ASUS\Turbo Gear\GearHelp.exe"
mRun: [Turbo Gear] "C:\Program Files\ASUS\Turbo Gear\TurboGear.exe" -r
mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun: [VMonitorVMUVC] "C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
Trusted Zone: cinemanow.com
Trusted Zone: cinemanow.com
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 132.238.2.17 132.238.130.12
TCP: Interfaces\{3E5EAAC2-543A-4141-8208-14003C681EAD} : DHCPNameServer = 132.238.2.17 132.238.130.12
TCP: Interfaces\{3F5A0E7E-EE74-4B2E-90FC-E8F2DC35B869} : DHCPNameServer = 132.238.2.17 132.238.130.12
TCP: Interfaces\{3F5A0E7E-EE74-4B2E-90FC-E8F2DC35B869}\C696E6B6379737 : DHCPNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{3F5A0E7E-EE74-4B2E-90FC-E8F2DC35B869}\E4544574541425 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RunDLLEntry] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\AmbRunE.dll,RunDLLEntry
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\eo9rymt3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 1
FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - component: C:\Program Files (x86)\Vuze Remote Toolbar\FF\components\vuzeFF.dll
FF - ExtSQL: !HIDDEN! 2011-11-29 23:55; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-23 55856]
R1 EIO64;EIO Driver;C:\Windows\System32\drivers\EIO64.sys [2009-11-6 16384]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2009-11-6 359552]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-2-23 805752]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-11-6 14904]
R2 EraserSvc11220;Symantec Eraser Service;C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2010-9-7 108392]
R2 NACAgent;Cisco NAC Agent;C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2012-12-3 1270744]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\SymcPCCULaunchSvc.exe [2011-12-4 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe [2011-12-4 126392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-3-24 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-3-24 168384]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-9-7 1832072]
R2 WBVGAservice;WB VGA Service;C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-11-6 72248]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-3-20 138912]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-6 215040]
R3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-3-31 126464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-24 398184]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-24 682344]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-3-24 1103392]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-6 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-6 79360]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-1-29 1038088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-26 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 JLTECH0227;Dual Mode Camera;C:\Windows\System32\drivers\jl2005c.sys [2010-8-16 79920]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-3-21 24176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2011-3-23 30720]
S3 tmpreflt;tmpreflt;C:\Windows\System32\drivers\tmpreflt.sys [2009-8-22 42000]
S3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-11-6 917768]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-24 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 VMUVC;Vimicro Camera Service VMUVC;C:\Windows\System32\drivers\vmuvc.sys [2011-8-26 198400]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;C:\Windows\System32\drivers\vvftUVC.sys [2011-8-26 303616]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-27 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-03-24 07:19:02    --------    d-----w-    C:\Users\Matthew\AppData\Roaming\SUPERAntiSpyware.com
2013-03-24 07:18:56    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-03-24 07:18:55    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-03-24 07:16:54    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2013-03-24 07:16:46    17272    ----a-w-    C:\Windows\System32\sdnclean64.exe
2013-03-24 07:16:41    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-03-24 07:13:17    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-03-24 06:48:46    98816    ----a-w-    C:\Windows\sed.exe
2013-03-24 06:48:46    256000    ----a-w-    C:\Windows\PEV.exe
2013-03-24 06:48:46    208896    ----a-w-    C:\Windows\MBR.exe
2013-03-24 06:46:42    --------    d-----w-    C:\Users\Matthew\AppData\Local\Programs
2013-03-24 06:36:26    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-03-24 03:14:15    --------    d-----w-    C:\Users\Matthew\AppData\Roaming\Auslogics
2013-03-24 03:11:06    --------    d-----w-    C:\Program Files (x86)\Auslogics
2013-03-20 21:53:29    --------    d-----w-    C:\Program Files\CPUID
2013-03-19 17:21:27    --------    d-----w-    C:\Users\Matthew\AppData\Local\{193778E7-F6F9-4355-8EA5-F3D51942EB5D}
2013-03-18 04:24:41    --------    d-----w-    C:\Users\Matthew\AppData\Local\{8564BCED-B996-454C-AA95-E3315D128A75}
2013-03-18 03:48:33    --------    d-----w-    C:\Users\Matthew\AppData\Local\{069A9C43-3A9A-478F-86BD-1FC9074B6419}
2013-03-15 00:43:54    --------    d-----w-    C:\Users\Matthew\AppData\Local\{4F8D1865-C666-42C5-A8A2-E9B517EFFECC}
2013-03-10 23:24:27    --------    d-----w-    C:\Users\Matthew\AppData\Local\{1B55AF30-F8E3-42FE-B303-87927C295CD0}
2013-03-07 05:23:28    --------    d-----w-    C:\Program Files (x86)\Vuze Remote Toolbar
2013-03-07 05:23:28    --------    d-----w-    C:\Program Files (x86)\Application Updater
2013-02-28 08:01:05    2776576    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2013-02-28 08:01:05    2284544    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2013-02-28 08:01:05    221184    ----a-w-    C:\Windows\System32\UIAnimation.dll
2013-02-28 08:01:05    187392    ----a-w-    C:\Windows\SysWow64\UIAnimation.dll
.
==================== Find3M  ====================
.
2013-03-18 03:56:21    82816    ----a-w-    C:\Users\Matthew\AppData\Roaming\pcouffin.sys
2013-03-02 05:42:14    45056    ----a-w-    C:\Windows\System32\acovcnt.exe
2013-02-13 19:01:06    71024    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 19:01:06    691568    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-12 05:45:24    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31    474112    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-02-02 06:57:02    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-02-02 06:42:18    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-01-13 21:17:03    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02    2560    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42    10752    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21    4096    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08    5632    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07    5632    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31    2560    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18    10752    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07    3584    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48    4096    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41    5632    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40    5632    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40    3072    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40    3072    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22    1988096    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31    293376    ----a-w-    C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00    249856    ----a-w-    C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43    220160    ----a-w-    C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35    1504768    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28    1175552    ----a-w-    C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01    604160    ----a-w-    C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58    207872    ----a-w-    C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:51:30    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17    363008    ----a-w-    C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47    161792    ----a-w-    C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25    1080832    ----a-w-    C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39    333312    ----a-w-    C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21    296960    ----a-w-    C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04    245248    ----a-w-    C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33    648192    ----a-w-    C:\Windows\System32\d3d10level9.dll
2013-01-13 19:20:42    194560    ----a-w-    C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04    1238528    ----a-w-    C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58    364544    ----a-w-    C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52    522752    ----a-w-    C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42    1158144    ----a-w-    C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09    1682432    ----a-w-    C:\Windows\System32\XpsPrint.dll
2013-01-05 05:53:43    5553512    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15    3967848    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11    3913064    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46:09    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48    3153408    ----a-w-    C:\Windows\System32\win32k.sys
2013-01-04 02:47:35    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54    1913192    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42    288088    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2011-01-10 05:16:35    255497    ----a-w-    C:\Program Files (x86)\RMPly00.exe
2006-05-03 16:06:54    163328    --sh--r-    C:\Windows\SysWOW64\flvDX.dll
2007-02-21 17:47:16    31232    --sh--r-    C:\Windows\SysWOW64\msfDX.dll
2008-03-16 19:30:52    216064    --sh--r-    C:\Windows\SysWOW64\nbDX.dll
.
============= FINISH:  4:08:06.25 ===============
 

Attached Files


Edited by rebelnyell, 24 March 2013 - 10:57 AM.


BC AdBot (Login to Remove)

 


#2 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:12:17 PM

Posted 24 March 2013 - 02:00 PM

Hi rebelnyell,

and welcome on Bleeping Computer. :welcome:

I will be helping with your computer problems.


Before starting please note the following:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know
  • Do not make any changes on your own to the computer (installing/uninstall programs, deleting files, modifying the registry, running scanners or other tools, etc.) without instructions to do it
  • Please read every post completely and perform all steps in the specified order. If you can't understand something or you encounter problems please stop and let me know
  • Do not attach logs, use code or quote boxes. Just copy and paste the text unless directed otherwise
  • Even if things appear to be better, it does not mean we have finished. Follow my instructions and reply back until I tell you that your computer is clean.
  • Please reply using the Add Reply button in the lower right hand corner of your screen
  • Please track this topic by clicking on the Follow this Topic button on the top right on this tread => select Receive Notification => Instantly => click on the black Follow this Topic button
I'm analyzing your logs, I will get back to you as soon as possible.smile.gif

Regards

 



#3 rebelnyell

rebelnyell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 24 March 2013 - 09:35 PM

Thanks man. Ready when you are :thumbsup:

Oh also another thing that may be worth mentioning is that when using Firefox Portable (off a second hard drive) everything works fine and stuff but when opening more than one tab everything seems to hang-up and slow down; also any type of media like youtube video's and GIFs are very glitchy/stop-and-go when playing. I'm not sure if this is related but I guess its worth mentioning anyway. I know there are more up to date drivers for my video card but I'm not going to mess with that to see if that helps until the initial problem is sorted out.


Edited by rebelnyell, 24 March 2013 - 10:31 PM.


#4 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:12:17 PM

Posted 26 March 2013 - 06:36 PM

Hello rebelnyell    :)

 

Before starting to clean your computer I would like to see your logs from ComboFix and TDSSKiller.

Please copy and paste into your next reply the contents of C:\ComboFix.txt and C:\TDSSKiller_version_date_time_log.txt files.

 

Then please answer to the questions below:

  1. Did you already try to boot the machine in Safe Mode? In this way you still have instability troubles?
  2. Can you backup your critical data?
  3. Do you have the Windows DVD?

 

Regards



#5 rebelnyell

rebelnyell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 26 March 2013 - 09:32 PM

ComboFix.txt
ComboFix 13-03-23.01 - Matthew 03/24/2013 2:51.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.3797 [GMT -4:00]
Running from: c:\users\Matthew\Desktop\Virus\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\Microsoft\Windows\DRM\620C.tmp
c:\programdata\Microsoft\Windows\DRM\624C.tmp
c:\users\Matthew\AppData\Local\assembly\tmp
c:\users\Matthew\AppData\Roaming\.#
c:\users\Matthew\AppData\Roaming\72987.exe
c:\users\Matthew\AppData\Roaming\data.dat
c:\users\Matthew\AppData\Roaming\inst.exe
c:\users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\eo9rymt3.default\searchplugins\bing-zugo.xml
c:\users\Matthew\AppData\Roaming\vso_ts_preview.xml
c:\users\Matthew\AppData\Roaming\WinDefender.exe
c:\users\Matthew\Documents\~WRL1216.tmp
c:\users\Matthew\g2mdlhlpx.exe
c:\windows\msvcr71.dll
c:\windows\svchost.exe
c:\windows\SysWow64\mspaint_backup.exe.exe
c:\windows\WINPROD.DLL
.
.
((((((((((((((((((((((((( Files Created from 2013-02-24 to 2013-03-24 )))))))))))))))))))))))))))))))
.
.
2013-03-24 07:07 . 2013-03-24 07:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-24 07:07 . 2013-03-24 07:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-24 07:07 . 2013-03-24 07:07 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-03-24 06:46 . 2013-03-24 06:46 -------- d-----w- c:\users\Matthew\AppData\Local\Programs
2013-03-24 06:36 . 2013-03-24 06:36 -------- d-----w- C:\TDSSKiller_Quarantine
2013-03-24 03:14 . 2013-03-24 03:16 -------- d-----w- c:\users\Matthew\AppData\Roaming\Auslogics
2013-03-24 03:11 . 2013-03-24 03:11 -------- d-----w- c:\program files (x86)\Auslogics
2013-03-20 21:53 . 2013-03-20 21:53 -------- d-----w- c:\program files\CPUID
2013-03-19 23:54 . 2013-03-19 23:54 -------- d-----w- c:\windows\Sun
2013-03-07 05:23 . 2013-03-07 05:23 -------- d-----w- c:\program files (x86)\Vuze Remote Toolbar
2013-03-07 05:23 . 2013-03-07 05:23 -------- d-----w- c:\program files (x86)\Application Updater
2013-02-28 08:01 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-02-28 08:01 . 2013-01-13 19:24 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-02-28 08:01 . 2013-01-04 06:11 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-02-28 08:01 . 2013-01-04 06:11 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-18 04:12 . 2009-11-29 18:37 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-18 03:56 . 2009-12-25 07:39 82816 ----a-w- c:\users\Matthew\AppData\Roaming\pcouffin.sys
2013-03-02 05:42 . 2010-07-14 23:16 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-02-14 22:30 . 2013-02-14 22:30 40960 ----a-r- c:\users\Matthew\AppData\Roaming\Microsoft\Installer\{88AD76C5-D208-4A11-A1B3-ACCCA67A6F26}\Updater.exe_FEF40581F5694A49B7DA66738F7AC16B.exe
2013-02-14 22:30 . 2013-02-14 22:30 40960 ----a-r- c:\users\Matthew\AppData\Roaming\Microsoft\Installer\{88AD76C5-D208-4A11-A1B3-ACCCA67A6F26}\NewShortcut1_D434C24F80B2461C8F554E74F9F19D87.exe
2013-02-13 19:01 . 2012-03-30 05:33 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-13 19:01 . 2011-05-18 02:54 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 05:45 . 2013-03-18 03:55 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-18 03:55 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-18 03:55 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-18 03:55 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-18 03:55 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-18 03:55 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-05 05:53 . 2013-02-13 05:49 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 05:49 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 05:49 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 05:48 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 05:48 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 05:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 05:48 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 05:48 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 05:48 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 05:48 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 05:48 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 05:48 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 05:48 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2011-01-10 05:16 . 2011-01-10 05:16 255497 ----a-w- c:\program files (x86)\RMPly00.exe
2006-05-03 16:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 17:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 19:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{05478A66-EDB6-4A22-A870-A5987F80A7DA}"= "c:\program files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll" [2013-02-24 1352512]
.
[HKEY_CLASSES_ROOT\clsid\{05478a66-edb6-4a22-a870-a5987f80a7da}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
2013-02-24 00:17 1352512 ----a-w- c:\program files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{05478A66-EDB6-4A22-A870-A5987F80A7DA}"= "c:\program files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll" [2013-02-24 1352512]
.
[HKEY_CLASSES_ROOT\clsid\{05478a66-edb6-4a22-a870-a5987f80a7da}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"VolPanel"="c:\program files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" [2008-12-30 237693]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Turbo Gear Help"="c:\program files\ASUS\Turbo Gear\GearHelp.exe" [2009-08-06 1026048]
"Turbo Gear"="c:\program files\ASUS\Turbo Gear\TurboGear.exe" [2009-08-06 2987520]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]
"VMonitorVMUVC"="c:\program files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-03-26 135168]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-09-07 115560]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2012-12-03 610776]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-06 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-06 79360]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-03-14 138912]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-29 1038088]
R3 JLTECH0227;Dual Mode Camera;c:\windows\system32\Drivers\jl2005c.sys [2007-11-17 79920]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2009-12-25 82816]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-03-23 30720]
R3 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2009-08-22 42000]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-08-22 917768]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2009-03-11 198400]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 303616]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-13 834544]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2009-07-22 16384]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-15 359552]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2013-02-23 805752]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2012-12-03 1270744]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.57\SymcPCCULaunchSvc.exe [2011-06-06 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe [2011-06-06 126392]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-07 72248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-03-31 126464]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 05438175
*NewlyCreated* - 14028163
*Deregistered* - 05438175
*Deregistered* - 14028163
*Deregistered* - EraserUtilDrv11220
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 03:10]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 03:10]
.
2013-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-751580679-1929281232-248088088-1001Core.job
- c:\users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03 19:36]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-751580679-1929281232-248088088-1001UA.job
- c:\users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03 19:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-08-22 1022368]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 120328]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ie
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: cinemanow.com
TCP: DhcpNameServer = 132.238.2.17 132.238.130.12
FF - ProfilePath - c:\users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\eo9rymt3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 1
FF - ExtSQL: !HIDDEN! 2011-11-29 23:55; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-05438175.sys
SafeBoot-Symantec Antvirus
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-ASUS_ScreenSaver_GSeries - c:\windows\system32\ASUS_ScreenSaver_GSeries.scr
AddRemove-dBpowerAMP Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.57\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}"=hex:51,66,7a,6c,4c,1d,38,12,72,c0,6c,
d6,0f,20,6b,06,f2,45,ef,9a,ea,fb,bc,76
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}"=hex:51,66,7a,6c,4c,1d,38,12,2e,fd,ed,
e4,cb,b5,c0,07,c5,4e,3a,0c,a2,bd,bf,47
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:2e,dd,3f,55,35,59,cc,01
.
[HKEY_USERS\S-1-5-21-751580679-1929281232-248088088-1001\ *¬ !*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-751580679-1929281232-248088088-1001\p*¬ .*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-751580679-1929281232-248088088-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F41D5081-1599-656A-A457-0D8784641B31}*]
@Allowed: (Read) (RestrictedCode)
"iaeghejhmhejgcajmh"=hex:69,61,67,62,6e,65,6c,67,67,6b,6d,64,6d,69,6e,6e,63,6b,
00,00
"hakhncejdibjmjpb"=hex:69,61,67,62,6e,65,6c,67,67,6b,6d,64,6d,69,6e,6e,63,6b,
00,00
.
[HKEY_USERS\S-1-5-21-751580679-1929281232-248088088-1001\À*9 !*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-751580679-1929281232-248088088-1001\¬ */*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\05\0c\15\1e\15d"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-24 03:12:05
ComboFix-quarantined-files.txt 2013-03-24 07:12
.
Pre-Run: 88,395,976,704 bytes free
Post-Run: 88,088,162,304 bytes free
.
- - End Of File - - A704FCA65C10F86332ABFC41C7F0E810


TDSSKiller.2.8.16.0_24.03.2013_02.13.28_log.txt
02:13:28.0216 4488 TDSS rootkit removing tool 2.8.16.0 Mar 21 2013 15:53:02
02:13:30.0228 4488 ============================================================
02:13:30.0228 4488 Current date / time: 2013/03/24 02:13:30.0228
02:13:30.0228 4488 SystemInfo:
02:13:30.0228 4488
02:13:30.0228 4488 OS Version: 6.1.7601 ServicePack: 1.0
02:13:30.0228 4488 Product type: Workstation
02:13:30.0228 4488 ComputerName: MATTHEW-PC
02:13:30.0228 4488 UserName: Matthew
02:13:30.0228 4488 Windows directory: C:\Windows
02:13:30.0228 4488 System windows directory: C:\Windows
02:13:30.0228 4488 Running under WOW64
02:13:30.0228 4488 Processor architecture: Intel x64
02:13:30.0228 4488 Number of processors: 4
02:13:30.0228 4488 Page size: 0x1000
02:13:30.0228 4488 Boot type: Normal boot
02:13:30.0228 4488 ============================================================
02:13:31.0317 4488 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:13:31.0340 4488 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:13:31.0353 4488 ============================================================
02:13:31.0353 4488 \Device\Harddisk0\DR0:
02:13:31.0353 4488 MBR partitions:
02:13:31.0353 4488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4B800, BlocksNum 0x236E2800
02:13:31.0353 4488 \Device\Harddisk1\DR1:
02:13:31.0354 4488 MBR partitions:
02:13:31.0354 4488 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A16800
02:13:31.0354 4488 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x12A17000, BlocksNum 0x12A166C1
02:13:31.0354 4488 ============================================================
02:13:31.0391 4488 C: <-> \Device\Harddisk0\DR0\Partition1
02:13:31.0424 4488 D: <-> \Device\Harddisk1\DR1\Partition1
02:13:31.0470 4488 F: <-> \Device\Harddisk1\DR1\Partition2
02:13:31.0470 4488 ============================================================
02:13:31.0470 4488 Initialize success
02:13:31.0471 4488 ============================================================
02:13:40.0310 8048 ============================================================
02:13:40.0310 8048 Scan started
02:13:40.0310 8048 Mode: Manual;
02:13:40.0310 8048 ============================================================
02:13:48.0223 8048 ================ Scan system memory ========================
02:13:48.0223 8048 System memory - ok
02:13:48.0223 8048 ================ Scan services =============================
02:13:48.0713 8048 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
02:13:48.0715 8048 1394ohci - ok
02:13:48.0810 8048 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
02:13:48.0814 8048 ACPI - ok
02:13:48.0894 8048 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
02:13:48.0895 8048 AcpiPmi - ok
02:13:48.0926 8048 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
02:13:48.0928 8048 adfs - ok
02:13:49.0081 8048 [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
02:13:49.0095 8048 Adobe Version Cue CS4 - ok
02:13:49.0138 8048 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
02:13:49.0145 8048 adp94xx - ok
02:13:49.0162 8048 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
02:13:49.0166 8048 adpahci - ok
02:13:49.0174 8048 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
02:13:49.0176 8048 adpu320 - ok
02:13:49.0289 8048 [ C0BF554D2277F7A4C735D475ADE2E3B2 ] ADSMService C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
02:13:49.0294 8048 ADSMService - ok
02:13:49.0315 8048 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
02:13:49.0317 8048 AeLookupSvc - ok
02:13:49.0407 8048 [ 114C042FF784B4C5670290A661799357 ] AFBAgent C:\Windows\system32\FBAgent.exe
02:13:49.0452 8048 AFBAgent - ok
02:13:49.0544 8048 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
02:13:49.0548 8048 AFD - ok
02:13:49.0574 8048 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
02:13:49.0576 8048 agp440 - ok
02:13:49.0596 8048 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
02:13:49.0597 8048 ALG - ok
02:13:49.0664 8048 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
02:13:49.0665 8048 aliide - ok
02:13:49.0694 8048 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
02:13:49.0695 8048 amdide - ok
02:13:49.0733 8048 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
02:13:49.0734 8048 AmdK8 - ok
02:13:49.0754 8048 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
02:13:49.0756 8048 AmdPPM - ok
02:13:49.0787 8048 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
02:13:49.0788 8048 amdsata - ok
02:13:49.0842 8048 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
02:13:49.0844 8048 amdsbs - ok
02:13:49.0861 8048 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
02:13:49.0861 8048 amdxata - ok
02:13:49.0886 8048 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
02:13:49.0887 8048 AppID - ok
02:13:49.0901 8048 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
02:13:49.0902 8048 AppIDSvc - ok
02:13:49.0930 8048 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
02:13:49.0936 8048 Appinfo - ok
02:13:50.0054 8048 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:13:50.0097 8048 Apple Mobile Device - ok
02:13:50.0212 8048 [ 5234837DFEC4092E235594B25CF02865 ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
02:13:50.0238 8048 Application Updater - ok
02:13:50.0319 8048 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
02:13:50.0321 8048 arc - ok
02:13:50.0354 8048 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
02:13:50.0355 8048 arcsas - ok
02:13:50.0412 8048 [ 88FBC8BEBFD38566235EAA5E4DBC4E05 ] AsDsm C:\Windows\system32\drivers\AsDsm.sys
02:13:50.0413 8048 AsDsm - ok
02:13:50.0570 8048 ASInsHelp - ok
02:13:50.0646 8048 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
02:13:50.0648 8048 ASLDRService - ok
02:13:50.0750 8048 [ 2DB34EDD17D3A8DA7105A19C95A3DD68 ] ASMMAP64 C:\Program Files\ATKGFNEX\ASMMAP64.sys
02:13:50.0751 8048 ASMMAP64 - ok
02:13:50.0850 8048 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
02:13:50.0875 8048 aspnet_state - ok
02:13:50.0934 8048 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
02:13:50.0935 8048 AsyncMac - ok
02:13:51.0016 8048 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
02:13:51.0016 8048 atapi - ok
02:13:51.0069 8048 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
02:13:51.0102 8048 athr - ok
02:13:51.0121 8048 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
02:13:51.0124 8048 ATKGFNEXSrv - ok
02:13:51.0201 8048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
02:13:51.0210 8048 AudioEndpointBuilder - ok
02:13:51.0251 8048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
02:13:51.0257 8048 AudioSrv - ok
02:13:51.0327 8048 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
02:13:51.0331 8048 AxInstSV - ok
02:13:51.0429 8048 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
02:13:51.0436 8048 b06bdrv - ok
02:13:51.0465 8048 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
02:13:51.0468 8048 b57nd60a - ok
02:13:51.0571 8048 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
02:13:51.0621 8048 BcmSqlStartupSvc - ok
02:13:51.0650 8048 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
02:13:51.0652 8048 BDESVC - ok
02:13:51.0665 8048 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
02:13:51.0665 8048 Beep - ok
02:13:51.0752 8048 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
02:13:51.0773 8048 BFE - ok
02:13:51.0803 8048 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
02:13:51.0895 8048 BITS - ok
02:13:51.0959 8048 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
02:13:51.0960 8048 blbdrive - ok
02:13:52.0094 8048 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
02:13:52.0110 8048 Bonjour Service - ok
02:13:52.0183 8048 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
02:13:52.0185 8048 bowser - ok
02:13:52.0252 8048 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:13:52.0252 8048 BrFiltLo - ok
02:13:52.0271 8048 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:13:52.0272 8048 BrFiltUp - ok
02:13:52.0295 8048 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
02:13:52.0297 8048 Browser - ok
02:13:52.0318 8048 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
02:13:52.0323 8048 Brserid - ok
02:13:52.0336 8048 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
02:13:52.0338 8048 BrSerWdm - ok
02:13:52.0354 8048 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
02:13:52.0355 8048 BrUsbMdm - ok
02:13:52.0369 8048 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
02:13:52.0370 8048 BrUsbSer - ok
02:13:52.0385 8048 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
02:13:52.0386 8048 BTHMODEM - ok
02:13:52.0420 8048 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
02:13:52.0421 8048 bthserv - ok
02:13:52.0509 8048 [ 5E68928BA2412E60FF1C61441313CF8D ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
02:13:52.0526 8048 ccEvtMgr - ok
02:13:52.0531 8048 [ 5E68928BA2412E60FF1C61441313CF8D ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
02:13:52.0533 8048 ccSetMgr - ok
02:13:52.0555 8048 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
02:13:52.0556 8048 cdfs - ok
02:13:52.0622 8048 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
02:13:52.0626 8048 cdrom - ok
02:13:52.0706 8048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
02:13:52.0709 8048 CertPropSvc - ok
02:13:52.0802 8048 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
02:13:52.0803 8048 circlass - ok
02:13:52.0823 8048 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
02:13:52.0831 8048 CLFS - ok
02:13:52.0940 8048 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:13:53.0090 8048 clr_optimization_v2.0.50727_32 - ok
02:13:53.0213 8048 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:13:53.0215 8048 clr_optimization_v2.0.50727_64 - ok
02:13:53.0381 8048 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:13:53.0435 8048 clr_optimization_v4.0.30319_32 - ok
02:13:53.0452 8048 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:13:53.0492 8048 clr_optimization_v4.0.30319_64 - ok
02:13:53.0561 8048 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
02:13:53.0562 8048 CmBatt - ok
02:13:53.0586 8048 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
02:13:53.0586 8048 cmdide - ok
02:13:53.0622 8048 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
02:13:53.0631 8048 CNG - ok
02:13:53.0666 8048 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
02:13:53.0667 8048 Compbatt - ok
02:13:53.0714 8048 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
02:13:53.0715 8048 CompositeBus - ok
02:13:53.0742 8048 COMSysApp - ok
02:13:53.0786 8048 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
02:13:53.0787 8048 crcdisk - ok
02:13:53.0855 8048 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
02:13:53.0856 8048 Creative ALchemy AL6 Licensing Service - ok
02:13:53.0926 8048 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
02:13:53.0927 8048 Creative Audio Engine Licensing Service - ok
02:13:54.0009 8048 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
02:13:54.0012 8048 CryptSvc - ok
02:13:54.0068 8048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
02:13:54.0111 8048 DcomLaunch - ok
02:13:54.0141 8048 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
02:13:54.0145 8048 defragsvc - ok
02:13:54.0175 8048 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
02:13:54.0176 8048 DfsC - ok
02:13:54.0236 8048 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
02:13:54.0239 8048 Dhcp - ok
02:13:54.0263 8048 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
02:13:54.0264 8048 discache - ok
02:13:54.0340 8048 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
02:13:54.0347 8048 Disk - ok
02:13:54.0386 8048 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
02:13:54.0389 8048 Dnscache - ok
02:13:54.0490 8048 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
02:13:54.0497 8048 dot3svc - ok
02:13:54.0568 8048 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
02:13:54.0570 8048 Dot4 - ok
02:13:54.0636 8048 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
02:13:54.0637 8048 Dot4Print - ok
02:13:54.0651 8048 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
02:13:54.0651 8048 dot4usb - ok
02:13:54.0667 8048 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
02:13:54.0673 8048 DPS - ok
02:13:54.0741 8048 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
02:13:54.0742 8048 drmkaud - ok
02:13:54.0787 8048 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
02:13:54.0812 8048 DXGKrnl - ok
02:13:54.0893 8048 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
02:13:54.0897 8048 EapHost - ok
02:13:54.0981 8048 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
02:13:55.0075 8048 ebdrv - ok
02:13:55.0154 8048 eeCtrl - ok
02:13:55.0178 8048 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
02:13:55.0185 8048 EFS - ok
02:13:55.0240 8048 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
02:13:55.0261 8048 ehRecvr - ok
02:13:55.0283 8048 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
02:13:55.0285 8048 ehSched - ok
02:13:55.0298 8048 [ 343ADA10D948DB29251F2D9C809AF204 ] EIO64 C:\Windows\system32\DRIVERS\EIO64.sys
02:13:55.0299 8048 EIO64 - ok
02:13:55.0365 8048 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
02:13:55.0372 8048 elxstor - ok
02:13:55.0483 8048 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
02:13:55.0485 8048 EraserUtilRebootDrv - ok
02:13:55.0497 8048 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
02:13:55.0498 8048 ErrDev - ok
02:13:55.0578 8048 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
02:13:55.0586 8048 EventSystem - ok
02:13:55.0610 8048 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
02:13:55.0613 8048 exfat - ok
02:13:55.0682 8048 [ F7A7DA530618C3700A449FE7971DB924 ] ezplay C:\Windows\system32\Drivers\ezplay.sys
02:13:55.0684 8048 ezplay - ok
02:13:55.0702 8048 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
02:13:55.0704 8048 fastfat - ok
02:13:55.0774 8048 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
02:13:55.0794 8048 Fax - ok
02:13:55.0856 8048 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
02:13:55.0857 8048 fdc - ok
02:13:55.0872 8048 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
02:13:55.0875 8048 fdPHost - ok
02:13:55.0891 8048 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
02:13:55.0895 8048 FDResPub - ok
02:13:55.0912 8048 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
02:13:55.0915 8048 FileInfo - ok
02:13:55.0932 8048 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
02:13:55.0933 8048 Filetrace - ok
02:13:56.0025 8048 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
02:13:56.0054 8048 FLEXnet Licensing Service - ok
02:13:56.0188 8048 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
02:13:56.0223 8048 FLEXnet Licensing Service 64 - ok
02:13:56.0279 8048 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
02:13:56.0280 8048 flpydisk - ok
02:13:56.0425 8048 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
02:13:56.0442 8048 FltMgr - ok
02:13:56.0542 8048 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
02:13:56.0576 8048 FontCache - ok
02:13:56.0613 8048 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:13:56.0614 8048 FontCache3.0.0.0 - ok
02:13:56.0634 8048 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
02:13:56.0636 8048 FsDepends - ok
02:13:56.0723 8048 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
02:13:56.0724 8048 fssfltr - ok
02:13:56.0864 8048 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
02:13:56.0895 8048 fsssvc - ok
02:13:56.0919 8048 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
02:13:56.0920 8048 Fs_Rec - ok
02:13:56.0990 8048 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
02:13:56.0995 8048 fvevol - ok
02:13:57.0050 8048 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
02:13:57.0051 8048 gagp30kx - ok
02:13:57.0115 8048 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:13:57.0116 8048 GEARAspiWDM - ok
02:13:57.0175 8048 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
02:13:57.0214 8048 gpsvc - ok
02:13:57.0323 8048 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:13:57.0328 8048 gupdate - ok
02:13:57.0457 8048 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:13:57.0458 8048 gupdatem - ok
02:13:57.0535 8048 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
02:13:57.0536 8048 hamachi - ok
02:13:57.0565 8048 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
02:13:57.0565 8048 hcw85cir - ok
02:13:57.0640 8048 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
02:13:57.0643 8048 HdAudAddService - ok
02:13:57.0692 8048 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
02:13:57.0693 8048 HDAudBus - ok
02:13:57.0719 8048 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
02:13:57.0720 8048 HidBatt - ok
02:13:57.0739 8048 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
02:13:57.0740 8048 HidBth - ok
02:13:57.0754 8048 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
02:13:57.0755 8048 HidIr - ok
02:13:57.0797 8048 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
02:13:57.0800 8048 hidserv - ok
02:13:57.0860 8048 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
02:13:57.0861 8048 HidUsb - ok
02:13:57.0891 8048 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
02:13:57.0895 8048 hkmsvc - ok
02:13:57.0931 8048 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
02:13:57.0939 8048 HomeGroupListener - ok
02:13:57.0978 8048 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
02:13:57.0991 8048 HomeGroupProvider - ok
02:13:58.0131 8048 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
02:13:58.0136 8048 hpqcxs08 - ok
02:13:58.0211 8048 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
02:13:58.0215 8048 hpqddsvc - ok
02:13:58.0291 8048 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
02:13:58.0292 8048 HpSAMD - ok
02:13:58.0494 8048 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
02:13:58.0538 8048 HPSLPSVC - ok
02:13:58.0630 8048 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
02:13:58.0651 8048 HTTP - ok
02:13:58.0672 8048 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
02:13:58.0674 8048 hwpolicy - ok
02:13:58.0692 8048 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
02:13:58.0694 8048 i8042prt - ok
02:13:58.0760 8048 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
02:13:58.0764 8048 iaStor - ok
02:13:58.0835 8048 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
02:13:58.0841 8048 iaStorV - ok
02:13:58.0944 8048 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
02:13:58.0945 8048 IDriverT - ok
02:13:59.0004 8048 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:13:59.0026 8048 idsvc - ok
02:13:59.0049 8048 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
02:13:59.0051 8048 iirsp - ok
02:13:59.0087 8048 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
02:13:59.0112 8048 IKEEXT - ok
02:13:59.0254 8048 [ 397AF4C77E4AC1B262E4EBAC2958188C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
02:13:59.0323 8048 IntcAzAudAddService - ok
02:13:59.0346 8048 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
02:13:59.0348 8048 intelide - ok
02:13:59.0414 8048 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
02:13:59.0416 8048 intelppm - ok
02:13:59.0444 8048 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
02:13:59.0449 8048 IPBusEnum - ok
02:13:59.0484 8048 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:13:59.0486 8048 IpFilterDriver - ok
02:13:59.0537 8048 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
02:13:59.0555 8048 iphlpsvc - ok
02:13:59.0581 8048 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
02:13:59.0582 8048 IPMIDRV - ok
02:13:59.0597 8048 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
02:13:59.0599 8048 IPNAT - ok
02:13:59.0689 8048 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
02:13:59.0722 8048 iPod Service - ok
02:13:59.0776 8048 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
02:13:59.0777 8048 IRENUM - ok
02:13:59.0795 8048 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
02:13:59.0796 8048 isapnp - ok
02:13:59.0821 8048 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
02:13:59.0826 8048 iScsiPrt - ok
02:13:59.0889 8048 [ 917A1517AB4E8FB9554919FDEC96A8F5 ] JLTECH0227 C:\Windows\system32\Drivers\jl2005c.sys
02:13:59.0891 8048 JLTECH0227 - ok
02:13:59.0912 8048 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
02:13:59.0913 8048 kbdclass - ok
02:13:59.0989 8048 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
02:13:59.0990 8048 kbdhid - ok
02:14:00.0180 8048 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
02:14:00.0181 8048 kbfiltr - ok
02:14:00.0195 8048 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
02:14:00.0198 8048 KeyIso - ok
02:14:00.0235 8048 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
02:14:00.0236 8048 KSecDD - ok
02:14:00.0262 8048 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
02:14:00.0263 8048 KSecPkg - ok
02:14:00.0288 8048 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
02:14:00.0289 8048 ksthunk - ok
02:14:00.0353 8048 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
02:14:00.0361 8048 KtmRm - ok
02:14:00.0440 8048 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
02:14:00.0485 8048 LanmanServer - ok
02:14:00.0545 8048 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
02:14:00.0573 8048 LanmanWorkstation - ok
02:14:00.0737 8048 [ 6105B28F5D03C4AFFA7197B228768849 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
02:14:00.0824 8048 LiveUpdate - ok
02:14:00.0902 8048 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
02:14:00.0903 8048 lltdio - ok
02:14:00.0928 8048 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
02:14:00.0935 8048 lltdsvc - ok
02:14:00.0948 8048 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
02:14:00.0951 8048 lmhosts - ok
02:14:01.0017 8048 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
02:14:01.0019 8048 LSI_FC - ok
02:14:01.0064 8048 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
02:14:01.0065 8048 LSI_SAS - ok
02:14:01.0078 8048 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:14:01.0079 8048 LSI_SAS2 - ok
02:14:01.0107 8048 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:14:01.0109 8048 LSI_SCSI - ok
02:14:01.0171 8048 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
02:14:01.0177 8048 luafv - ok
02:14:01.0353 8048 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
02:14:01.0367 8048 McComponentHostService - ok
02:14:01.0428 8048 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
02:14:01.0432 8048 mcdbus - ok
02:14:01.0458 8048 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
02:14:01.0462 8048 Mcx2Svc - ok
02:14:01.0476 8048 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
02:14:01.0477 8048 megasas - ok
02:14:01.0502 8048 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
02:14:01.0505 8048 MegaSR - ok
02:14:01.0530 8048 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
02:14:01.0535 8048 MMCSS - ok
02:14:01.0549 8048 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
02:14:01.0550 8048 Modem - ok
02:14:01.0609 8048 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
02:14:01.0610 8048 monitor - ok
02:14:01.0676 8048 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
02:14:01.0677 8048 mouclass - ok
02:14:01.0686 8048 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
02:14:01.0687 8048 mouhid - ok
02:14:01.0740 8048 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
02:14:01.0741 8048 mountmgr - ok
02:14:01.0761 8048 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
02:14:01.0763 8048 mpio - ok
02:14:01.0814 8048 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
02:14:01.0815 8048 mpsdrv - ok
02:14:01.0872 8048 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
02:14:01.0897 8048 MpsSvc - ok
02:14:01.0926 8048 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
02:14:01.0928 8048 MRxDAV - ok
02:14:01.0954 8048 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
02:14:01.0956 8048 mrxsmb - ok
02:14:02.0008 8048 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:14:02.0012 8048 mrxsmb10 - ok
02:14:02.0026 8048 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:14:02.0027 8048 mrxsmb20 - ok
02:14:02.0056 8048 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
02:14:02.0057 8048 msahci - ok
02:14:02.0081 8048 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
02:14:02.0083 8048 msdsm - ok
02:14:02.0102 8048 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
02:14:02.0107 8048 MSDTC - ok
02:14:02.0200 8048 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
02:14:02.0201 8048 Msfs - ok
02:14:02.0215 8048 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
02:14:02.0215 8048 mshidkmdf - ok
02:14:02.0237 8048 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
02:14:02.0238 8048 msisadrv - ok
02:14:02.0318 8048 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
02:14:02.0321 8048 MSiSCSI - ok
02:14:02.0326 8048 msiserver - ok
02:14:02.0404 8048 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
02:14:02.0405 8048 MSKSSRV - ok
02:14:02.0411 8048 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
02:14:02.0412 8048 MSPCLOCK - ok
02:14:02.0419 8048 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
02:14:02.0420 8048 MSPQM - ok
02:14:02.0455 8048 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
02:14:02.0460 8048 MsRPC - ok
02:14:02.0480 8048 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
02:14:02.0481 8048 mssmbios - ok
02:14:02.0581 8048 MSSQL$MSSMLBIZ - ok
02:14:02.0661 8048 MSSQL$SQLEXPRESS - ok
02:14:02.0700 8048 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
02:14:02.0701 8048 MSSQLServerADHelper - ok
02:14:02.0752 8048 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
02:14:02.0753 8048 MSSQLServerADHelper100 - ok
02:14:02.0829 8048 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
02:14:02.0829 8048 MSTEE - ok
02:14:02.0840 8048 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
02:14:02.0841 8048 MTConfig - ok
02:14:02.0901 8048 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
02:14:02.0901 8048 MTsensor - ok
02:14:02.0954 8048 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
02:14:02.0955 8048 Mup - ok
02:14:03.0079 8048 [ AB452EB22B48D618AED418E330B5C2A9 ] NACAgent C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
02:14:03.0129 8048 NACAgent - ok
02:14:03.0157 8048 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
02:14:03.0181 8048 napagent - ok
02:14:03.0247 8048 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
02:14:03.0254 8048 NativeWifiP - ok
02:14:03.0403 8048 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130323.008\ENG64.SYS
02:14:03.0405 8048 NAVENG - ok
02:14:03.0482 8048 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130323.008\EX64.SYS
02:14:03.0559 8048 NAVEX15 - ok
02:14:03.0635 8048 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
02:14:03.0661 8048 NDIS - ok
02:14:03.0748 8048 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
02:14:03.0750 8048 NdisCap - ok
02:14:03.0832 8048 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
02:14:03.0833 8048 NdisTapi - ok
02:14:03.0913 8048 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
02:14:03.0916 8048 Ndisuio - ok
02:14:03.0939 8048 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
02:14:03.0942 8048 NdisWan - ok
02:14:03.0969 8048 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
02:14:03.0971 8048 NDProxy - ok
02:14:04.0078 8048 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
02:14:04.0082 8048 Net Driver HPZ12 - ok
02:14:04.0093 8048 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
02:14:04.0094 8048 NetBIOS - ok
02:14:04.0123 8048 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
02:14:04.0126 8048 NetBT - ok
02:14:04.0139 8048 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
02:14:04.0143 8048 Netlogon - ok
02:14:04.0215 8048 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
02:14:04.0225 8048 Netman - ok
02:14:04.0251 8048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:14:04.0256 8048 NetMsmqActivator - ok
02:14:04.0286 8048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:14:04.0288 8048 NetPipeActivator - ok
02:14:04.0360 8048 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
02:14:04.0376 8048 netprofm - ok
02:14:04.0410 8048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:14:04.0413 8048 NetTcpActivator - ok
02:14:04.0418 8048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:14:04.0421 8048 NetTcpPortSharing - ok
02:14:04.0464 8048 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
02:14:04.0465 8048 nfrd960 - ok
02:14:04.0539 8048 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
02:14:04.0549 8048 NlaSvc - ok
02:14:04.0638 8048 Norton PC Checkup Application Launcher - ok
02:14:04.0654 8048 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
02:14:04.0655 8048 Npfs - ok
02:14:04.0679 8048 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
02:14:04.0683 8048 nsi - ok
02:14:04.0696 8048 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
02:14:04.0698 8048 nsiproxy - ok
02:14:04.0783 8048 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
02:14:04.0827 8048 Ntfs - ok
02:14:04.0834 8048 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
02:14:04.0835 8048 Null - ok
02:14:05.0119 8048 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:14:05.0410 8048 nvlddmkm - ok
02:14:05.0480 8048 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
02:14:05.0482 8048 nvraid - ok
02:14:05.0518 8048 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
02:14:05.0520 8048 nvstor - ok
02:14:05.0615 8048 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
02:14:05.0641 8048 nvsvc - ok
02:14:05.0747 8048 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
02:14:05.0780 8048 nvUpdatusService - ok
02:14:05.0798 8048 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
02:14:05.0799 8048 nv_agp - ok
02:14:05.0893 8048 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:14:05.0900 8048 odserv - ok
02:14:05.0920 8048 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
02:14:05.0921 8048 ohci1394 - ok
02:14:05.0993 8048 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:14:05.0997 8048 ose - ok
02:14:06.0084 8048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
02:14:06.0094 8048 p2pimsvc - ok
02:14:06.0112 8048 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
02:14:06.0122 8048 p2psvc - ok
02:14:06.0145 8048 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
02:14:06.0147 8048 Parport - ok
02:14:06.0171 8048 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
02:14:06.0172 8048 partmgr - ok
02:14:06.0187 8048 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
02:14:06.0193 8048 PcaSvc - ok
02:14:06.0275 8048 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe
02:14:06.0321 8048 PCCUJobMgr - ok
02:14:06.0346 8048 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
02:14:06.0348 8048 pci - ok
02:14:06.0377 8048 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
02:14:06.0379 8048 pciide - ok
02:14:06.0410 8048 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
02:14:06.0412 8048 pcmcia - ok
02:14:06.0520 8048 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
02:14:06.0521 8048 pcouffin - ok
02:14:06.0537 8048 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
02:14:06.0538 8048 pcw - ok
02:14:06.0560 8048 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
02:14:06.0569 8048 PEAUTH - ok
02:14:06.0641 8048 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
02:14:06.0647 8048 PerfHost - ok
02:14:06.0707 8048 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
02:14:06.0747 8048 pla - ok
02:14:06.0827 8048 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
02:14:06.0859 8048 PlugPlay - ok
02:14:06.0934 8048 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
02:14:06.0937 8048 Pml Driver HPZ12 - ok
02:14:06.0975 8048 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
02:14:06.0979 8048 PNRPAutoReg - ok
02:14:07.0000 8048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
02:14:07.0006 8048 PNRPsvc - ok
02:14:07.0025 8048 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
02:14:07.0036 8048 PolicyAgent - ok
02:14:07.0066 8048 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
02:14:07.0076 8048 Power - ok
02:14:07.0150 8048 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
02:14:07.0152 8048 PptpMiniport - ok
02:14:07.0174 8048 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
02:14:07.0175 8048 Processor - ok
02:14:07.0207 8048 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
02:14:07.0215 8048 ProfSvc - ok
02:14:07.0224 8048 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
02:14:07.0228 8048 ProtectedStorage - ok
02:14:07.0252 8048 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
02:14:07.0255 8048 Psched - ok
02:14:07.0324 8048 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
02:14:07.0325 8048 PxHlpa64 - ok
02:14:07.0373 8048 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
02:14:07.0423 8048 ql2300 - ok
02:14:07.0441 8048 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
02:14:07.0443 8048 ql40xx - ok
02:14:07.0472 8048 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
02:14:07.0481 8048 QWAVE - ok
02:14:07.0497 8048 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
02:14:07.0498 8048 QWAVEdrv - ok
02:14:07.0512 8048 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
02:14:07.0513 8048 RasAcd - ok
02:14:07.0587 8048 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
02:14:07.0588 8048 RasAgileVpn - ok
02:14:07.0609 8048 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
02:14:07.0614 8048 RasAuto - ok
02:14:07.0636 8048 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
02:14:07.0638 8048 Rasl2tp - ok
02:14:07.0662 8048 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
02:14:07.0670 8048 RasMan - ok
02:14:07.0686 8048 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
02:14:07.0688 8048 RasPppoe - ok
02:14:07.0702 8048 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
02:14:07.0703 8048 RasSstp - ok
02:14:07.0737 8048 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
02:14:07.0744 8048 rdbss - ok
02:14:07.0754 8048 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
02:14:07.0756 8048 rdpbus - ok
02:14:07.0770 8048 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
02:14:07.0771 8048 RDPCDD - ok
02:14:07.0830 8048 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
02:14:07.0831 8048 RDPENCDD - ok
02:14:07.0860 8048 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
02:14:07.0861 8048 RDPREFMP - ok
02:14:07.0889 8048 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
02:14:07.0894 8048 RDPWD - ok
02:14:07.0924 8048 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
02:14:07.0930 8048 rdyboost - ok
02:14:07.0959 8048 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
02:14:07.0963 8048 RemoteAccess - ok
02:14:07.0997 8048 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
02:14:08.0003 8048 RemoteRegistry - ok
02:14:08.0539 8048 [ 6FAF5B04BEDC66D300D9D233B2D222F0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
02:14:08.0540 8048 rimmptsk - ok
02:14:08.0558 8048 [ 67F50C31713106FD1B0F286F86AA2B2E ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
02:14:08.0560 8048 rimsptsk - ok
02:14:08.0570 8048 [ 4D7EF3D46346EC4C58784DB964B365DE ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
02:14:08.0572 8048 rismxdp - ok
02:14:08.0590 8048 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
02:14:08.0597 8048 RpcEptMapper - ok
02:14:08.0624 8048 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
02:14:08.0628 8048 RpcLocator - ok
02:14:08.0655 8048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
02:14:08.0663 8048 RpcSs - ok
02:14:08.0745 8048 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
02:14:08.0752 8048 RsFx0103 - ok
02:14:08.0804 8048 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
02:14:08.0806 8048 rspndr - ok
02:14:08.0871 8048 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
02:14:08.0873 8048 RTL8167 - ok
02:14:08.0952 8048 [ 24510C4A77ABA3B07AEFA840DB888637 ] RzSynapse C:\Windows\system32\DRIVERS\RzSynapse.sys
02:14:08.0954 8048 RzSynapse - ok
02:14:08.0973 8048 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
02:14:08.0977 8048 SamSs - ok
02:14:08.0999 8048 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
02:14:09.0000 8048 sbp2port - ok
02:14:09.0031 8048 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
02:14:09.0041 8048 SCardSvr - ok
02:14:09.0061 8048 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
02:14:09.0062 8048 scfilter - ok
02:14:09.0103 8048 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
02:14:09.0138 8048 Schedule - ok
02:14:09.0159 8048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
02:14:09.0160 8048 SCPolicySvc - ok
02:14:09.0235 8048 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
02:14:09.0237 8048 sdbus - ok
02:14:09.0266 8048 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
02:14:09.0272 8048 SDRSVC - ok
02:14:09.0356 8048 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
02:14:09.0357 8048 secdrv - ok
02:14:09.0387 8048 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
02:14:09.0392 8048 seclogon - ok
02:14:09.0410 8048 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
02:14:09.0417 8048 SENS - ok
02:14:09.0431 8048 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
02:14:09.0436 8048 SensrSvc - ok
02:14:09.0515 8048 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
02:14:09.0516 8048 Serenum - ok
02:14:09.0548 8048 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
02:14:09.0549 8048 Serial - ok
02:14:09.0572 8048 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
02:14:09.0573 8048 sermouse - ok
02:14:09.0605 8048 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
02:14:09.0610 8048 SessionEnv - ok
02:14:09.0735 8048 [ 6E81D09BEBB45D072C077C05567097E8 ] SfCtlCom C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
02:14:09.0851 8048 SfCtlCom - ok
02:14:09.0871 8048 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
02:14:09.0872 8048 sffdisk - ok
02:14:09.0889 8048 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
02:14:09.0890 8048 sffp_mmc - ok
02:14:09.0899 8048 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
02:14:09.0900 8048 sffp_sd - ok
02:14:09.0926 8048 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
02:14:09.0927 8048 sfloppy - ok
02:14:09.0952 8048 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
02:14:09.0962 8048 SharedAccess - ok
02:14:10.0357 8048 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
02:14:10.0368 8048 ShellHWDetection - ok
02:14:10.0429 8048 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
02:14:10.0431 8048 SiSGbeLH - ok
02:14:10.0491 8048 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:14:10.0492 8048 SiSRaid2 - ok
02:14:10.0515 8048 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
02:14:10.0516 8048 SiSRaid4 - ok
02:14:10.0596 8048 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
02:14:10.0600 8048 SkypeUpdate - ok
02:14:10.0607 8048 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
02:14:10.0608 8048 Smb - ok
02:14:10.0755 8048 [ 48BFC901748A6CBDBCADD7991C867060 ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
02:14:10.0833 8048 SmcService - ok
02:14:10.0933 8048 [ 767DE5FFE38B673C03551F50D96EBA0B ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
02:14:10.0939 8048 SNAC - ok
02:14:11.0024 8048 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
02:14:11.0029 8048 SNMPTRAP - ok
02:14:11.0156 8048 [ 2D280B5799F9C143FA7D49E032FBCE46 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
02:14:11.0200 8048 SNP2UVC - ok
02:14:11.0290 8048 [ 5F9785E7535F8F602CB294A54962C9E7 ] speedfan C:\Windows\syswow64\speedfan.sys
02:14:11.0294 8048 speedfan - ok
02:14:11.0314 8048 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
02:14:11.0315 8048 spldr - ok
02:14:11.0346 8048 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
02:14:11.0371 8048 Spooler - ok
02:14:11.0456 8048 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
02:14:11.0556 8048 sppsvc - ok
02:14:11.0588 8048 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
02:14:11.0594 8048 sppuinotify - ok
02:14:11.0695 8048 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
02:14:11.0695 8048 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
02:14:11.0698 8048 sptd ( LockedFile.Multi.Generic ) - warning
02:14:11.0698 8048 sptd - detected LockedFile.Multi.Generic (1)
02:14:11.0799 8048 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
02:14:11.0806 8048 SQLAgent$SQLEXPRESS - ok
02:14:11.0860 8048 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
02:14:11.0865 8048 SQLBrowser - ok
02:14:11.0886 8048 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
02:14:11.0890 8048 SQLWriter - ok
02:14:11.0923 8048 [ B531FC8918DCDAAE638511A123C3465E ] SRTSP C:\Windows\system32\Drivers\SRTSP64.SYS
02:14:11.0932 8048 SRTSP - ok
02:14:11.0952 8048 [ 2BD3A73D0601320B72486FC3EBC2544F ] SRTSPL C:\Windows\system32\Drivers\SRTSPL64.SYS
02:14:11.0959 8048 SRTSPL - ok
02:14:11.0973 8048 [ 529B337C1AEEB289F0B502EB0EE6A8F5 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX64.SYS
02:14:11.0974 8048 SRTSPX - ok
02:14:12.0012 8048 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
02:14:12.0019 8048 srv - ok
02:14:12.0048 8048 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
02:14:12.0051 8048 srv2 - ok
02:14:12.0082 8048 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
02:14:12.0084 8048 srvnet - ok
02:14:12.0206 8048 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
02:14:12.0213 8048 SSDPSRV - ok
02:14:12.0252 8048 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
02:14:12.0259 8048 SstpSvc - ok
02:14:12.0350 8048 Steam Client Service - ok
02:14:12.0461 8048 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
02:14:12.0468 8048 Stereo Service - ok
02:14:12.0487 8048 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
02:14:12.0488 8048 stexstor - ok
02:14:12.0565 8048 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
02:14:12.0566 8048 StillCam - ok
02:14:12.0641 8048 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
02:14:12.0664 8048 stisvc - ok
02:14:12.0704 8048 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
02:14:12.0705 8048 swenum - ok
02:14:12.0794 8048 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
02:14:12.0816 8048 swprv - ok
02:14:12.0873 8048 [ D880FBD65B6F4885AC89628225B91398 ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
02:14:12.0887 8048 Symantec AntiVirus - ok
02:14:12.0977 8048 [ D1F1A5E72E33D6BE449F5F1F4A513DD1 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
02:14:12.0979 8048 SymEvent - ok
02:14:13.0075 8048 [ BE7311DA9D6833FA69ED04B744A1C8F8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
02:14:13.0080 8048 SynTP - ok
02:14:13.0132 8048 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
02:14:13.0201 8048 SysMain - ok
02:14:13.0220 8048 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
02:14:13.0227 8048 TabletInputService - ok
02:14:13.0262 8048 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
02:14:13.0271 8048 TapiSrv - ok
02:14:13.0347 8048 [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas C:\Windows\system32\DRIVERS\tapoas.sys
02:14:13.0348 8048 tapoas - ok
02:14:13.0372 8048 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
02:14:13.0380 8048 TBS - ok
02:14:13.0501 8048 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
02:14:13.0559 8048 Tcpip - ok
02:14:13.0609 8048 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
02:14:13.0622 8048 TCPIP6 - ok
02:14:13.0648 8048 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
02:14:13.0651 8048 tcpipreg - ok
02:14:13.0716 8048 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
02:14:13.0718 8048 TDPIPE - ok
02:14:13.0738 8048 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
02:14:13.0740 8048 TDTCP - ok
02:14:13.0769 8048 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
02:14:13.0770 8048 tdx - ok
02:14:14.0004 8048 [ EF6CCF8B483201F7196D83FC136FA43A ] Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys
02:14:14.0006 8048 Teefer2 - ok
02:14:14.0187 8048 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
02:14:14.0188 8048 TermDD - ok
02:14:14.0376 8048 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
02:14:14.0413 8048 TermService - ok
02:14:14.0623 8048 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
02:14:14.0629 8048 Themes - ok
02:14:14.0658 8048 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
02:14:14.0662 8048 THREADORDER - ok
02:14:14.0925 8048 [ 963C903E5176C5CDCAE321D48635B21F ] TMBMServer C:\Program Files\Trend Micro\BM\TMBMSRV.exe
02:14:14.0934 8048 TMBMServer - ok
02:14:15.0069 8048 [ 1E051F36680AA502EADAE4F0F7069091 ] tmpreflt C:\Windows\system32\DRIVERS\tmpreflt.sys
02:14:15.0070 8048 tmpreflt - ok
02:14:15.0154 8048 [ 3AE913B4FBF06EE49831FF9DB2330830 ] TmProxy C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
02:14:15.0212 8048 TmProxy - ok
02:14:15.0271 8048 [ 21CC12B7F8B44E91D03EAD5B17AAF0B2 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
02:14:15.0273 8048 tmtdi - ok
02:14:15.0332 8048 [ BB2C72500AE87AA178CF97674F210F21 ] tmxpflt C:\Windows\system32\DRIVERS\tmxpflt.sys
02:14:15.0335 8048 tmxpflt - ok
02:14:15.0365 8048 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
02:14:15.0371 8048 TrkWks - ok
02:14:15.0420 8048 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
02:14:15.0464 8048 TrustedInstaller - ok
02:14:15.0492 8048 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
02:14:15.0493 8048 tssecsrv - ok
02:14:15.0559 8048 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
02:14:15.0562 8048 TsUsbFlt - ok
02:14:15.0634 8048 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
02:14:15.0638 8048 tunnel - ok
02:14:15.0674 8048 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
02:14:15.0675 8048 uagp35 - ok
02:14:15.0733 8048 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
02:14:15.0736 8048 udfs - ok
02:14:15.0791 8048 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
02:14:15.0797 8048 UI0Detect - ok
02:14:15.0814 8048 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
02:14:15.0816 8048 uliagpkx - ok
02:14:15.0879 8048 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
02:14:15.0880 8048 umbus - ok
02:14:15.0908 8048 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
02:14:15.0909 8048 UmPass - ok
02:14:15.0937 8048 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
02:14:15.0947 8048 upnphost - ok
02:14:16.0105 8048 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
02:14:16.0107 8048 USBAAPL64 - ok
02:14:16.0116 8048 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
02:14:16.0118 8048 usbccgp - ok
02:14:16.0198 8048 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
02:14:16.0200 8048 usbcir - ok
02:14:16.0220 8048 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
02:14:16.0221 8048 usbehci - ok
02:14:16.0290 8048 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
02:14:16.0297 8048 usbhub - ok
02:14:16.0316 8048 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
02:14:16.0318 8048 usbohci - ok
02:14:16.0384 8048 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
02:14:16.0386 8048 usbprint - ok
02:14:16.0475 8048 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
02:14:16.0476 8048 usbscan - ok
02:14:16.0496 8048 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:14:16.0498 8048 USBSTOR - ok
02:14:16.0515 8048 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
02:14:16.0516 8048 usbuhci - ok
02:14:16.0614 8048 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
02:14:16.0616 8048 usbvideo - ok
02:14:16.0641 8048 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
02:14:16.0648 8048 UxSms - ok
02:14:16.0666 8048 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
02:14:16.0670 8048 VaultSvc - ok
02:14:16.0723 8048 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
02:14:16.0727 8048 vdrvroot - ok
02:14:16.0804 8048 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
02:14:16.0821 8048 vds - ok
02:14:16.0845 8048 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
02:14:16.0846 8048 vga - ok
02:14:16.0866 8048 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
02:14:16.0867 8048 VgaSave - ok
02:14:16.0894 8048 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
02:14:16.0900 8048 vhdmp - ok
02:14:16.0922 8048 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
02:14:16.0923 8048 viaide - ok
02:14:16.0997 8048 [ DE96EF88C1EB0CE2FE68BEC3DF1BCAAA ] VMUVC C:\Windows\system32\Drivers\VMUVC.sys
02:14:16.0999 8048 VMUVC - ok
02:14:17.0023 8048 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
02:14:17.0025 8048 volmgr - ok
02:14:17.0051 8048 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
02:14:17.0055 8048 volmgrx - ok
02:14:17.0076 8048 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\vol
[/code]

Edited by Elise, 31 March 2013 - 02:51 PM.
removed code tags to prevent slow loading


#6 rebelnyell

rebelnyell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 26 March 2013 - 09:35 PM

TDSSKiller.2.8.16.0_24.03.2013_02.44.08_log.txt

 
02:44:08.0020 3888 TDSS rootkit removing tool 2.8.16.0 Mar 21 2013 15:53:02
02:44:08.0269 3888 ============================================================
02:44:08.0269 3888 Current date / time: 2013/03/24 02:44:08.0269
02:44:08.0269 3888 SystemInfo:
02:44:08.0269 3888
02:44:08.0269 3888 OS Version: 6.1.7601 ServicePack: 1.0
02:44:08.0269 3888 Product type: Workstation
02:44:08.0269 3888 ComputerName: MATTHEW-PC
02:44:08.0269 3888 UserName: Matthew
02:44:08.0269 3888 Windows directory: C:\Windows
02:44:08.0269 3888 System windows directory: C:\Windows
02:44:08.0269 3888 Running under WOW64
02:44:08.0269 3888 Processor architecture: Intel x64
02:44:08.0269 3888 Number of processors: 4
02:44:08.0269 3888 Page size: 0x1000
02:44:08.0269 3888 Boot type: Normal boot
02:44:08.0270 3888 ============================================================
02:44:11.0829 3888 BG loaded
02:44:12.0362 3888 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:44:12.0598 3888 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:44:12.0673 3888 ============================================================
02:44:12.0673 3888 \Device\Harddisk0\DR0:
02:44:12.0676 3888 MBR partitions:
02:44:12.0676 3888 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4B800, BlocksNum 0x236E2800
02:44:12.0676 3888 \Device\Harddisk1\DR1:
02:44:12.0677 3888 MBR partitions:
02:44:12.0677 3888 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A16800
02:44:12.0677 3888 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x12A17000, BlocksNum 0x12A166C1
02:44:12.0677 3888 ============================================================
02:44:12.0745 3888 C: <-> \Device\Harddisk0\DR0\Partition1
02:44:12.0800 3888 D: <-> \Device\Harddisk1\DR1\Partition1
02:44:12.0827 3888 F: <-> \Device\Harddisk1\DR1\Partition2
02:44:12.0827 3888 ============================================================
02:44:12.0827 3888 Initialize success
02:44:12.0827 3888 ============================================================
02:44:28.0554 4328 ============================================================
02:44:28.0554 4328 Scan started
02:44:28.0554 4328 Mode: Manual; SigCheck; TDLFS;
02:44:28.0554 4328 ============================================================
02:44:30.0603 4328 ================ Scan system memory ========================
02:44:30.0603 4328 System memory - ok
02:44:30.0603 4328 ================ Scan services =============================
02:44:31.0425 4328 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
02:44:31.0577 4328 1394ohci - ok
02:44:31.0656 4328 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
02:44:31.0691 4328 ACPI - ok
02:44:31.0763 4328 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
02:44:31.0905 4328 AcpiPmi - ok
02:44:31.0935 4328 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
02:44:31.0966 4328 adfs - ok
02:44:32.0193 4328 [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
02:44:32.0270 4328 Adobe Version Cue CS4 - ok
02:44:32.0370 4328 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
02:44:32.0424 4328 adp94xx - ok
02:44:32.0492 4328 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
02:44:32.0527 4328 adpahci - ok
02:44:32.0533 4328 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
02:44:32.0579 4328 adpu320 - ok
02:44:32.0692 4328 [ C0BF554D2277F7A4C735D475ADE2E3B2 ] ADSMService C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
02:44:32.0769 4328 ADSMService ( UnsignedFile.Multi.Generic ) - warning
02:44:32.0769 4328 ADSMService - detected UnsignedFile.Multi.Generic (1)
02:44:32.0827 4328 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
02:44:32.0991 4328 AeLookupSvc - ok
02:44:33.0101 4328 [ 114C042FF784B4C5670290A661799357 ] AFBAgent C:\Windows\system32\FBAgent.exe
02:44:33.0130 4328 AFBAgent - ok
02:44:33.0206 4328 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
02:44:33.0305 4328 AFD - ok
02:44:33.0384 4328 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
02:44:33.0412 4328 agp440 - ok
02:44:33.0471 4328 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
02:44:33.0567 4328 ALG - ok
02:44:33.0646 4328 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
02:44:33.0685 4328 aliide - ok
02:44:33.0718 4328 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
02:44:33.0746 4328 amdide - ok
02:44:33.0815 4328 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
02:44:33.0896 4328 AmdK8 - ok
02:44:33.0959 4328 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
02:44:34.0030 4328 AmdPPM - ok
02:44:34.0075 4328 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
02:44:34.0117 4328 amdsata - ok
02:44:34.0187 4328 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
02:44:34.0230 4328 amdsbs - ok
02:44:34.0282 4328 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
02:44:34.0311 4328 amdxata - ok
02:44:34.0389 4328 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
02:44:34.0583 4328 AppID - ok
02:44:34.0601 4328 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
02:44:34.0697 4328 AppIDSvc - ok
02:44:34.0737 4328 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
02:44:34.0834 4328 Appinfo - ok
02:44:35.0010 4328 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:44:35.0111 4328 Apple Mobile Device - ok
02:44:35.0226 4328 [ 5234837DFEC4092E235594B25CF02865 ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
02:44:35.0270 4328 Application Updater - ok
02:44:35.0341 4328 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
02:44:35.0383 4328 arc - ok
02:44:35.0409 4328 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
02:44:35.0442 4328 arcsas - ok
02:44:35.0459 4328 [ 88FBC8BEBFD38566235EAA5E4DBC4E05 ] AsDsm C:\Windows\system32\drivers\AsDsm.sys
02:44:35.0486 4328 AsDsm - ok
02:44:35.0592 4328 ASInsHelp - ok
02:44:35.0668 4328 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
02:44:35.0714 4328 ASLDRService - ok
02:44:35.0813 4328 [ 2DB34EDD17D3A8DA7105A19C95A3DD68 ] ASMMAP64 C:\Program Files\ATKGFNEX\ASMMAP64.sys
02:44:35.0834 4328 ASMMAP64 - ok
02:44:35.0913 4328 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
02:44:35.0981 4328 aspnet_state - ok
02:44:36.0047 4328 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
02:44:36.0139 4328 AsyncMac - ok
02:44:36.0186 4328 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
02:44:36.0220 4328 atapi - ok
02:44:36.0263 4328 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
02:44:36.0374 4328 athr - ok
02:44:36.0390 4328 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
02:44:36.0450 4328 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
02:44:36.0450 4328 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
02:44:36.0512 4328 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
02:44:36.0620 4328 AudioEndpointBuilder - ok
02:44:36.0631 4328 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
02:44:36.0706 4328 AudioSrv - ok
02:44:36.0786 4328 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
02:44:36.0908 4328 AxInstSV - ok
02:44:36.0996 4328 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
02:44:37.0107 4328 b06bdrv - ok
02:44:37.0140 4328 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
02:44:37.0201 4328 b57nd60a - ok
02:44:37.0319 4328 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
02:44:37.0403 4328 BcmSqlStartupSvc - ok
02:44:37.0430 4328 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
02:44:37.0519 4328 BDESVC - ok
02:44:37.0527 4328 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
02:44:37.0608 4328 Beep - ok
02:44:37.0706 4328 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
02:44:37.0796 4328 BFE - ok
02:44:37.0831 4328 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
02:44:37.0944 4328 BITS - ok
02:44:37.0995 4328 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
02:44:38.0049 4328 blbdrive - ok
02:44:38.0187 4328 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
02:44:38.0217 4328 Bonjour Service - ok
02:44:38.0294 4328 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
02:44:38.0386 4328 bowser - ok
02:44:38.0444 4328 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:44:38.0556 4328 BrFiltLo - ok
02:44:38.0571 4328 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:44:38.0595 4328 BrFiltUp - ok
02:44:38.0628 4328 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
02:44:38.0713 4328 Browser - ok
02:44:38.0733 4328 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
02:44:38.0827 4328 Brserid - ok
02:44:38.0872 4328 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
02:44:38.0926 4328 BrSerWdm - ok
02:44:38.0952 4328 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
02:44:39.0012 4328 BrUsbMdm - ok
02:44:39.0041 4328 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
02:44:39.0063 4328 BrUsbSer - ok
02:44:39.0082 4328 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
02:44:39.0143 4328 BTHMODEM - ok
02:44:39.0191 4328 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
02:44:39.0278 4328 bthserv - ok
02:44:39.0371 4328 [ 5E68928BA2412E60FF1C61441313CF8D ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
02:44:39.0400 4328 ccEvtMgr - ok
02:44:39.0470 4328 [ 5E68928BA2412E60FF1C61441313CF8D ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
02:44:39.0500 4328 ccSetMgr - ok
02:44:39.0516 4328 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
02:44:39.0597 4328 cdfs - ok
02:44:39.0648 4328 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
02:44:39.0721 4328 cdrom - ok
02:44:39.0782 4328 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
02:44:39.0870 4328 CertPropSvc - ok
02:44:39.0911 4328 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
02:44:39.0985 4328 circlass - ok
02:44:40.0031 4328 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
02:44:40.0067 4328 CLFS - ok
02:44:40.0115 4328 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:44:40.0189 4328 clr_optimization_v2.0.50727_32 - ok
02:44:40.0223 4328 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:44:40.0260 4328 clr_optimization_v2.0.50727_64 - ok
02:44:40.0358 4328 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:44:40.0417 4328 clr_optimization_v4.0.30319_32 - ok
02:44:40.0430 4328 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:44:40.0465 4328 clr_optimization_v4.0.30319_64 - ok
02:44:40.0530 4328 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
02:44:40.0589 4328 CmBatt - ok
02:44:40.0629 4328 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
02:44:40.0655 4328 cmdide - ok
02:44:40.0690 4328 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
02:44:40.0744 4328 CNG - ok
02:44:40.0774 4328 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
02:44:40.0800 4328 Compbatt - ok
02:44:40.0840 4328 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
02:44:40.0894 4328 CompositeBus - ok
02:44:40.0909 4328 COMSysApp - ok
02:44:40.0937 4328 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
02:44:40.0966 4328 crcdisk - ok
02:44:41.0039 4328 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
02:44:41.0095 4328 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
02:44:41.0095 4328 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
02:44:41.0143 4328 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
02:44:41.0187 4328 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
02:44:41.0187 4328 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
02:44:41.0234 4328 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
02:44:41.0322 4328 CryptSvc - ok
02:44:41.0351 4328 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
02:44:41.0437 4328 DcomLaunch - ok
02:44:41.0490 4328 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
02:44:41.0592 4328 defragsvc - ok
02:44:41.0639 4328 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
02:44:41.0718 4328 DfsC - ok
02:44:41.0763 4328 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
02:44:41.0853 4328 Dhcp - ok
02:44:41.0868 4328 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
02:44:41.0944 4328 discache - ok
02:44:41.0994 4328 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
02:44:42.0026 4328 Disk - ok
02:44:42.0048 4328 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
02:44:42.0138 4328 Dnscache - ok
02:44:42.0210 4328 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
02:44:42.0296 4328 dot3svc - ok
02:44:42.0354 4328 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
02:44:42.0422 4328 Dot4 - ok
02:44:42.0472 4328 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
02:44:42.0532 4328 Dot4Print - ok
02:44:42.0560 4328 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
02:44:42.0618 4328 dot4usb - ok
02:44:42.0651 4328 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
02:44:42.0733 4328 DPS - ok
02:44:42.0783 4328 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
02:44:42.0836 4328 drmkaud - ok
02:44:42.0903 4328 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
02:44:42.0951 4328 DXGKrnl - ok
02:44:43.0017 4328 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
02:44:43.0099 4328 EapHost - ok
02:44:43.0413 4328 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
02:44:43.0588 4328 ebdrv - ok
02:44:43.0682 4328 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
02:44:43.0713 4328 eeCtrl - ok
02:44:43.0756 4328 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
02:44:43.0867 4328 EFS - ok
02:44:44.0066 4328 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
02:44:44.0207 4328 ehRecvr - ok
02:44:44.0257 4328 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
02:44:44.0348 4328 ehSched - ok
02:44:44.0379 4328 [ 343ADA10D948DB29251F2D9C809AF204 ] EIO64 C:\Windows\system32\DRIVERS\EIO64.sys
02:44:44.0452 4328 EIO64 - ok
02:44:44.0524 4328 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
02:44:44.0579 4328 elxstor - ok
02:44:44.0652 4328 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilDrv11220 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys
02:44:44.0671 4328 EraserUtilDrv11220 - ok
02:44:44.0770 4328 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
02:44:44.0803 4328 EraserUtilRebootDrv - ok
02:44:44.0834 4328 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
02:44:44.0886 4328 ErrDev - ok
02:44:45.0006 4328 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
02:44:45.0104 4328 EventSystem - ok
02:44:45.0134 4328 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
02:44:45.0203 4328 exfat - ok
02:44:45.0259 4328 [ F7A7DA530618C3700A449FE7971DB924 ] ezplay C:\Windows\system32\Drivers\ezplay.sys
02:44:45.0337 4328 ezplay - ok
02:44:45.0361 4328 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
02:44:45.0437 4328 fastfat - ok
02:44:45.0631 4328 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
02:44:45.0784 4328 Fax - ok
02:44:45.0844 4328 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
02:44:45.0904 4328 fdc - ok
02:44:45.0951 4328 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
02:44:46.0009 4328 fdPHost - ok
02:44:46.0020 4328 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
02:44:46.0067 4328 FDResPub - ok
02:44:46.0091 4328 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
02:44:46.0122 4328 FileInfo - ok
02:44:46.0136 4328 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
02:44:46.0236 4328 Filetrace - ok
02:44:46.0414 4328 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
02:44:46.0494 4328 FLEXnet Licensing Service - ok
02:44:46.0812 4328 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
02:44:46.0850 4328 FLEXnet Licensing Service 64 - ok
02:44:46.0903 4328 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
02:44:46.0945 4328 flpydisk - ok
02:44:47.0011 4328 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
02:44:47.0049 4328 FltMgr - ok
02:44:47.0141 4328 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
02:44:47.0192 4328 FontCache - ok
02:44:47.0271 4328 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:44:47.0295 4328 FontCache3.0.0.0 - ok
02:44:47.0333 4328 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
02:44:47.0374 4328 FsDepends - ok
02:44:47.0479 4328 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
02:44:47.0513 4328 fssfltr - ok
02:44:48.0025 4328 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
02:44:48.0190 4328 fsssvc - ok
02:44:48.0236 4328 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
02:44:48.0264 4328 Fs_Rec - ok
02:44:48.0332 4328 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
02:44:48.0390 4328 fvevol - ok
02:44:48.0466 4328 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
02:44:48.0498 4328 gagp30kx - ok
02:44:48.0589 4328 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:44:48.0610 4328 GEARAspiWDM - ok
02:44:48.0646 4328 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
02:44:48.0738 4328 gpsvc - ok
02:44:48.0871 4328 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:44:48.0910 4328 gupdate - ok
02:44:48.0994 4328 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:44:49.0032 4328 gupdatem - ok
02:44:49.0116 4328 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
02:44:49.0147 4328 hamachi - ok
02:44:49.0179 4328 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
02:44:49.0266 4328 hcw85cir - ok
02:44:49.0345 4328 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
02:44:49.0461 4328 HdAudAddService - ok
02:44:49.0496 4328 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
02:44:49.0559 4328 HDAudBus - ok
02:44:49.0589 4328 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
02:44:49.0611 4328 HidBatt - ok
02:44:49.0625 4328 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
02:44:49.0700 4328 HidBth - ok
02:44:49.0731 4328 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
02:44:49.0784 4328 HidIr - ok
02:44:49.0824 4328 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
02:44:49.0906 4328 hidserv - ok
02:44:49.0945 4328 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
02:44:49.0966 4328 HidUsb - ok
02:44:49.0992 4328 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
02:44:50.0068 4328 hkmsvc - ok
02:44:50.0114 4328 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
02:44:50.0211 4328 HomeGroupListener - ok
02:44:50.0265 4328 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
02:44:50.0329 4328 HomeGroupProvider - ok
02:44:50.0553 4328 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
02:44:50.0949 4328 hpqcxs08 - ok
02:44:51.0039 4328 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
02:44:51.0065 4328 hpqddsvc - ok
02:44:51.0126 4328 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
02:44:51.0172 4328 HpSAMD - ok
02:44:51.0314 4328 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
02:44:51.0390 4328 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
02:44:51.0390 4328 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
02:44:51.0449 4328 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
02:44:51.0539 4328 HTTP - ok
02:44:51.0573 4328 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
02:44:51.0599 4328 hwpolicy - ok
02:44:51.0668 4328 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
02:44:51.0692 4328 i8042prt - ok
02:44:51.0720 4328 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
02:44:51.0744 4328 iaStor - ok
02:44:51.0835 4328 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
02:44:51.0882 4328 iaStorV - ok
02:44:52.0150 4328 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
02:44:52.0198 4328 IDriverT ( UnsignedFile.Multi.Generic ) - warning
02:44:52.0198 4328 IDriverT - detected UnsignedFile.Multi.Generic (1)
02:44:52.0367 4328 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:44:52.0404 4328 idsvc - ok
02:44:52.0471 4328 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
02:44:52.0506 4328 iirsp - ok
02:44:52.0644 4328 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
02:44:52.0736 4328 IKEEXT - ok
02:44:52.0987 4328 [ 397AF4C77E4AC1B262E4EBAC2958188C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
02:44:53.0037 4328 IntcAzAudAddService - ok
02:44:53.0056 4328 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
02:44:53.0091 4328 intelide - ok
02:44:53.0174 4328 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
02:44:53.0224 4328 intelppm - ok
02:44:53.0261 4328 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
02:44:53.0366 4328 IPBusEnum - ok
02:44:53.0410 4328 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:44:53.0497 4328 IpFilterDriver - ok
02:44:53.0569 4328 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
02:44:53.0642 4328 iphlpsvc - ok
02:44:53.0678 4328 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
02:44:53.0723 4328 IPMIDRV - ok
02:44:53.0752 4328 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
02:44:53.0854 4328 IPNAT - ok
02:44:54.0011 4328 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
02:44:54.0070 4328 iPod Service - ok
02:44:54.0138 4328 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
02:44:54.0217 4328 IRENUM - ok
02:44:54.0231 4328 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
02:44:54.0267 4328 isapnp - ok
02:44:54.0324 4328 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
02:44:54.0385 4328 iScsiPrt - ok
02:44:54.0474 4328 [ 917A1517AB4E8FB9554919FDEC96A8F5 ] JLTECH0227 C:\Windows\system32\Drivers\jl2005c.sys
02:44:54.0504 4328 JLTECH0227 - ok
02:44:54.0579 4328 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
02:44:54.0605 4328 kbdclass - ok
02:44:54.0655 4328 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
02:44:54.0718 4328 kbdhid - ok
02:44:54.0797 4328 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
02:44:54.0816 4328 kbfiltr - ok
02:44:54.0829 4328 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
02:44:54.0853 4328 KeyIso - ok
02:44:54.0885 4328 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
02:44:54.0919 4328 KSecDD - ok
02:44:54.0945 4328 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
02:44:54.0993 4328 KSecPkg - ok
02:44:55.0062 4328 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
02:44:55.0158 4328 ksthunk - ok
02:44:55.0209 4328 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
02:44:55.0328 4328 KtmRm - ok
02:44:55.0395 4328 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
02:44:55.0481 4328 LanmanServer - ok
02:44:55.0498 4328 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
02:44:55.0670 4328 LanmanWorkstation - ok
02:44:55.0898 4328 [ 6105B28F5D03C4AFFA7197B228768849 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
02:44:55.0970 4328 LiveUpdate - ok
02:44:56.0039 4328 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
02:44:56.0086 4328 lltdio - ok
02:44:56.0133 4328 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
02:44:56.0337 4328 lltdsvc - ok
02:44:56.0350 4328 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
02:44:56.0401 4328 lmhosts - ok
02:44:56.0461 4328 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
02:44:56.0501 4328 LSI_FC - ok
02:44:56.0532 4328 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
02:44:56.0566 4328 LSI_SAS - ok
02:44:56.0587 4328 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:44:56.0623 4328 LSI_SAS2 - ok
02:44:56.0674 4328 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:44:56.0708 4328 LSI_SCSI - ok
02:44:56.0764 4328 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
02:44:56.0847 4328 luafv - ok
02:44:56.0994 4328 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
02:44:57.0044 4328 McComponentHostService - ok
02:44:57.0077 4328 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
02:44:57.0104 4328 mcdbus - ok
02:44:57.0132 4328 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
02:44:57.0167 4328 Mcx2Svc - ok
02:44:57.0184 4328 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
02:44:57.0214 4328 megasas - ok
02:44:57.0254 4328 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
02:44:57.0298 4328 MegaSR - ok
02:44:57.0361 4328 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
02:44:57.0423 4328 MMCSS - ok
02:44:57.0438 4328 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
02:44:57.0516 4328 Modem - ok
02:44:57.0593 4328 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
02:44:57.0658 4328 monitor - ok
02:44:57.0705 4328 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
02:44:57.0731 4328 mouclass - ok
02:44:57.0737 4328 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
02:44:57.0786 4328 mouhid - ok
02:44:57.0827 4328 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
02:44:57.0865 4328 mountmgr - ok
02:44:57.0882 4328 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
02:44:57.0920 4328 mpio - ok
02:44:57.0934 4328 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
02:44:57.0982 4328 mpsdrv - ok
02:44:58.0083 4328 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
02:44:58.0200 4328 MpsSvc - ok
02:44:58.0320 4328 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
02:44:58.0402 4328 MRxDAV - ok
02:44:58.0463 4328 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
02:44:58.0557 4328 mrxsmb - ok
02:44:58.0614 4328 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:44:58.0669 4328 mrxsmb10 - ok
02:44:58.0699 4328 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:44:58.0727 4328 mrxsmb20 - ok
02:44:58.0762 4328 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
02:44:58.0792 4328 msahci - ok
02:44:58.0860 4328 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
02:44:58.0901 4328 msdsm - ok
02:44:58.0939 4328 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
02:44:58.0990 4328 MSDTC - ok
02:44:59.0079 4328 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
02:44:59.0129 4328 Msfs - ok
02:44:59.0143 4328 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
02:44:59.0238 4328 mshidkmdf - ok
02:44:59.0298 4328 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
02:44:59.0326 4328 msisadrv - ok
02:44:59.0421 4328 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
02:44:59.0544 4328 MSiSCSI - ok
02:44:59.0549 4328 msiserver - ok
02:44:59.0655 4328 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
02:44:59.0717 4328 MSKSSRV - ok
02:44:59.0722 4328 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
02:44:59.0801 4328 MSPCLOCK - ok
02:44:59.0810 4328 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
02:44:59.0897 4328 MSPQM - ok
02:44:59.0936 4328 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
02:44:59.0997 4328 MsRPC - ok
02:45:00.0027 4328 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
02:45:00.0049 4328 mssmbios - ok
02:45:00.0211 4328 MSSQL$MSSMLBIZ - ok
02:45:00.0344 4328 MSSQL$SQLEXPRESS - ok
02:45:00.0462 4328 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
02:45:00.0489 4328 MSSQLServerADHelper - ok
02:45:00.0712 4328 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
02:45:00.0738 4328 MSSQLServerADHelper100 - ok
02:45:00.0805 4328 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
02:45:00.0865 4328 MSTEE - ok
02:45:00.0891 4328 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
02:45:00.0974 4328 MTConfig - ok
02:45:01.0091 4328 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
02:45:01.0112 4328 MTsensor - ok
02:45:01.0161 4328 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
02:45:01.0214 4328 Mup - ok
02:45:01.0650 4328 [ AB452EB22B48D618AED418E330B5C2A9 ] NACAgent C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
02:45:01.0716 4328 NACAgent - ok
02:45:01.0827 4328 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
02:45:01.0909 4328 napagent - ok
02:45:01.0999 4328 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
02:45:02.0053 4328 NativeWifiP - ok
02:45:02.0303 4328 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130323.008\ENG64.SYS
02:45:02.0330 4328 NAVENG - ok
02:45:02.0405 4328 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130323.008\EX64.SYS
02:45:02.0458 4328 NAVEX15 - ok
02:45:02.0560 4328 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
02:45:02.0622 4328 NDIS - ok
02:45:02.0772 4328 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
02:45:02.0885 4328 NdisCap - ok
02:45:02.0939 4328 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
02:45:03.0024 4328 NdisTapi - ok
02:45:03.0045 4328 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
02:45:03.0126 4328 Ndisuio - ok
02:45:03.0194 4328 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
02:45:03.0298 4328 NdisWan - ok
02:45:03.0323 4328 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
02:45:03.0369 4328 NDProxy - ok
02:45:03.0580 4328 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
02:45:03.0671 4328 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
02:45:03.0671 4328 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
02:45:03.0744 4328 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
02:45:03.0828 4328 NetBIOS - ok
02:45:03.0889 4328 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
02:45:03.0979 4328 NetBT - ok
02:45:04.0004 4328 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
02:45:04.0028 4328 Netlogon - ok
02:45:04.0138 4328 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
02:45:04.0238 4328 Netman - ok
02:45:04.0290 4328 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:45:04.0312 4328 NetMsmqActivator - ok
02:45:04.0349 4328 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:45:04.0374 4328 NetPipeActivator - ok
02:45:04.0440 4328 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
02:45:04.0564 4328 netprofm - ok
02:45:04.0597 4328 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:45:04.0617 4328 NetTcpActivator - ok
02:45:04.0622 4328 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:45:04.0642 4328 NetTcpPortSharing - ok
02:45:04.0726 4328 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
02:45:04.0763 4328 nfrd960 - ok
02:45:04.0825 4328 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
02:45:04.0884 4328 NlaSvc - ok
02:45:04.0956 4328 Norton PC Checkup Application Launcher - ok
02:45:04.0973 4328 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
02:45:05.0027 4328 Npfs - ok
02:45:05.0073 4328 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
02:45:05.0183 4328 nsi - ok
02:45:05.0214 4328 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
02:45:05.0296 4328 nsiproxy - ok
02:45:05.0541 4328 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
02:45:05.0668 4328 Ntfs - ok
02:45:05.0681 4328 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
02:45:05.0727 4328 Null - ok
02:45:06.0545 4328 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:45:06.0829 4328 nvlddmkm - ok
02:45:06.0888 4328 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
02:45:06.0931 4328 nvraid - ok
02:45:06.0967 4328 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
02:45:07.0007 4328 nvstor - ok
02:45:07.0126 4328 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
02:45:07.0165 4328 nvsvc - ok
02:45:07.0272 4328 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
02:45:07.0364 4328 nvUpdatusService - ok
02:45:07.0388 4328 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
02:45:07.0422 4328 nv_agp - ok
02:45:07.0517 4328 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:45:07.0589 4328 odserv - ok
02:45:07.0600 4328 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
02:45:07.0631 4328 ohci1394 - ok
02:45:07.0688 4328 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:45:07.0759 4328 ose - ok
02:45:07.0833 4328 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
02:45:07.0919 4328 p2pimsvc - ok
02:45:07.0950 4328 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
02:45:08.0004 4328 p2psvc - ok
02:45:08.0032 4328 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
02:45:08.0063 4328 Parport - ok
02:45:08.0083 4328 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
02:45:08.0114 4328 partmgr - ok
02:45:08.0132 4328 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
02:45:08.0189 4328 PcaSvc - ok
02:45:08.0244 4328 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe
02:45:08.0320 4328 PCCUJobMgr - ok
02:45:08.0342 4328 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
02:45:08.0393 4328 pci - ok
02:45:08.0413 4328 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
02:45:08.0441 4328 pciide - ok
02:45:08.0469 4328 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
02:45:08.0508 4328 pcmcia - ok
02:45:08.0580 4328 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
02:45:08.0667 4328 pcouffin - ok
02:45:08.0679 4328 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
02:45:08.0711 4328 pcw - ok
02:45:08.0752 4328 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
02:45:08.0838 4328 PEAUTH - ok
02:45:09.0411 4328 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
02:45:09.0485 4328 PerfHost - ok
02:45:09.0652 4328 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
02:45:09.0815 4328 pla - ok
02:45:09.0910 4328 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
02:45:10.0024 4328 PlugPlay - ok
02:45:10.0109 4328 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
02:45:10.0124 4328 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
02:45:10.0124 4328 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
02:45:10.0157 4328 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
02:45:10.0226 4328 PNRPAutoReg - ok
02:45:10.0261 4328 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
02:45:10.0293 4328 PNRPsvc - ok
02:45:10.0327 4328 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
02:45:10.0405 4328 PolicyAgent - ok
02:45:10.0479 4328 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
02:45:10.0565 4328 Power - ok
02:45:10.0621 4328 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
02:45:10.0712 4328 PptpMiniport - ok
02:45:10.0752 4328 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
02:45:10.0807 4328 Processor - ok
02:45:10.0862 4328 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
02:45:10.0960 4328 ProfSvc - ok
02:45:10.0976 4328 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
02:45:11.0005 4328 ProtectedStorage - ok
02:45:11.0027 4328 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
02:45:11.0098 4328 Psched - ok
02:45:11.0175 4328 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
02:45:11.0208 4328 PxHlpa64 - ok
02:45:11.0397 4328 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
02:45:11.0505 4328 ql2300 - ok
02:45:11.0523 4328 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
02:45:11.0555 4328 ql40xx - ok
02:45:11.0603 4328 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
02:45:11.0669 4328 QWAVE - ok
02:45:11.0710 4328 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
02:45:11.0775 4328 QWAVEdrv - ok
02:45:11.0800 4328 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
02:45:11.0879 4328 RasAcd - ok
02:45:11.0932 4328 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
02:45:11.0986 4328 RasAgileVpn - ok
02:45:12.0020 4328 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
02:45:12.0101 4328 RasAuto - ok
02:45:12.0130 4328 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
02:45:12.0203 4328 Rasl2tp - ok
02:45:12.0238 4328 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
02:45:12.0310 4328 RasMan - ok
02:45:12.0329 4328 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
02:45:12.0409 4328 RasPppoe - ok
02:45:12.0443 4328 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
02:45:12.0523 4328 RasSstp - ok
02:45:12.0586 4328 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
02:45:12.0682 4328 rdbss - ok
02:45:12.0702 4328 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
02:45:12.0737 4328 rdpbus - ok
02:45:12.0751 4328 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
02:45:12.0830 4328 RDPCDD - ok
02:45:12.0894 4328 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
02:45:12.0976 4328 RDPENCDD - ok
02:45:12.0989 4328 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
02:45:13.0035 4328 RDPREFMP - ok
02:45:13.0058 4328 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
02:45:13.0106 4328 RDPWD - ok
02:45:13.0177 4328 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
02:45:13.0218 4328 rdyboost - ok
02:45:13.0246 4328 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
02:45:13.0335 4328 RemoteAccess - ok
02:45:13.0378 4328 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
02:45:13.0488 4328 RemoteRegistry - ok
02:45:13.0561 4328 [ 6FAF5B04BEDC66D300D9D233B2D222F0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
02:45:13.0651 4328 rimmptsk - ok
02:45:13.0671 4328 [ 67F50C31713106FD1B0F286F86AA2B2E ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
02:45:13.0748 4328 rimsptsk - ok
02:45:13.0757 4328 [ 4D7EF3D46346EC4C58784DB964B365DE ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
02:45:13.0788 4328 rismxdp - ok
02:45:13.0852 4328 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
02:45:13.0944 4328 RpcEptMapper - ok
02:45:13.0977 4328 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
02:45:14.0000 4328 RpcLocator - ok
02:45:14.0140 4328 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
02:45:14.0199 4328 RpcSs - ok
02:45:14.0291 4328 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
02:45:14.0340 4328 RsFx0103 - ok
02:45:14.0397 4328 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
02:45:14.0476 4328 rspndr - ok
02:45:14.0545 4328 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
02:45:14.0585 4328 RTL8167 - ok
02:45:14.0652 4328 [ 24510C4A77ABA3B07AEFA840DB888637 ] RzSynapse C:\Windows\system32\DRIVERS\RzSynapse.sys
02:45:14.0743 4328 RzSynapse - ok
02:45:14.0756 4328 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
02:45:14.0779 4328 SamSs - ok
02:45:14.0798 4328 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
02:45:14.0830 4328 sbp2port - ok
02:45:14.0870 4328 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
02:45:14.0962 4328 SCardSvr - ok
02:45:14.0992 4328 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
02:45:15.0082 4328 scfilter - ok
02:45:15.0126 4328 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
02:45:15.0255 4328 Schedule - ok
02:45:15.0344 4328 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
02:45:15.0398 4328 SCPolicySvc - ok
02:45:15.0479 4328 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
02:45:15.0533 4328 sdbus - ok
02:45:15.0558 4328 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
02:45:15.0658 4328 SDRSVC - ok
02:45:15.0723 4328 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
02:45:15.0776 4328 secdrv - ok
02:45:15.0795 4328 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
02:45:15.0885 4328 seclogon - ok
02:45:15.0967 4328 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
02:45:16.0057 4328 SENS - ok
02:45:16.0144 4328 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
02:45:16.0236 4328 SensrSvc - ok
02:45:16.0295 4328 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
02:45:16.0357 4328 Serenum - ok
02:45:16.0402 4328 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
02:45:16.0439 4328 Serial - ok
02:45:16.0475 4328 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
02:45:16.0542 4328 sermouse - ok
02:45:16.0591 4328 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
02:45:16.0681 4328 SessionEnv - ok
02:45:16.0911 4328 [ 6E81D09BEBB45D072C077C05567097E8 ] SfCtlCom C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
02:45:17.0005 4328 SfCtlCom - ok
02:45:17.0022 4328 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
02:45:17.0109 4328 sffdisk - ok
02:45:17.0122 4328 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
02:45:17.0180 4328 sffp_mmc - ok
02:45:17.0207 4328 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
02:45:17.0277 4328 sffp_sd - ok
02:45:17.0316 4328 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
02:45:17.0351 4328 sfloppy - ok
02:45:17.0375 4328 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
02:45:17.0474 4328 SharedAccess - ok
02:45:17.0516 4328 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
02:45:17.0603 4328 ShellHWDetection - ok
02:45:17.0662 4328 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
02:45:17.0723 4328 SiSGbeLH - ok
02:45:17.0765 4328 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:45:17.0800 4328 SiSRaid2 - ok
02:45:17.0813 4328 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
02:45:17.0846 4328 SiSRaid4 - ok
02:45:17.0913 4328 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
02:45:18.0085 4328 SkypeUpdate - ok
02:45:18.0095 4328 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
02:45:18.0150 4328 Smb - ok
02:45:18.0405 4328 [ 48BFC901748A6CBDBCADD7991C867060 ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
02:45:18.0500 4328 SmcService - ok
02:45:18.0576 4328 [ 767DE5FFE38B673C03551F50D96EBA0B ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
02:45:18.0604 4328 SNAC - ok
02:45:18.0678 4328 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
02:45:18.0740 4328 SNMPTRAP - ok
02:45:18.0819 4328 [ 2D280B5799F9C143FA7D49E032FBCE46 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
02:45:18.0944 4328 SNP2UVC - ok
02:45:19.0027 4328 [ 5F9785E7535F8F602CB294A54962C9E7 ] speedfan C:\Windows\syswow64\speedfan.sys
02:45:19.0054 4328 speedfan - ok
02:45:19.0067 4328 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
02:45:19.0097 4328 spldr - ok
02:45:19.0165 4328 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
02:45:19.0236 4328 Spooler - ok
02:45:19.0326 4328 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
02:45:19.0513 4328 sppsvc - ok
02:45:19.0548 4328 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
02:45:19.0643 4328 sppuinotify - ok
02:45:19.0803 4328 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
02:45:19.0804 4328 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
02:45:19.0806 4328 sptd ( LockedFile.Multi.Generic ) - warning
02:45:19.0806 4328 sptd - detected LockedFile.Multi.Generic (1)
02:45:19.0908 4328 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
02:45:19.0957 4328 SQLAgent$SQLEXPRESS - ok
02:45:20.0107 4328 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
02:45:20.0178 4328 SQLBrowser - ok
02:45:20.0226 4328 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
02:45:20.0264 4328 SQLWriter - ok
02:45:20.0395 4328 [ B531FC8918DCDAAE638511A123C3465E ] SRTSP C:\Windows\system32\Drivers\SRTSP64.SYS
02:45:20.0435 4328 SRTSP - ok
02:45:20.0472 4328 [ 2BD3A73D0601320B72486FC3EBC2544F ] SRTSPL C:\Windows\system32\Drivers\SRTSPL64.SYS
02:45:20.0550 4328 SRTSPL - ok
02:45:20.0567 4328 [ 529B337C1AEEB289F0B502EB0EE6A8F5 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX64.SYS
02:45:20.0593 4328 SRTSPX - ok
02:45:20.0681 4328 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
02:45:20.0783 4328 srv - ok
02:45:20.0840 4328 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
02:45:20.0922 4328 srv2 - ok
02:45:20.0964 4328 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
02:45:21.0030 4328 srvnet - ok
02:45:21.0086 4328 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
02:45:21.0172 4328 SSDPSRV - ok
02:45:21.0193 4328 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
02:45:21.0246 4328 SstpSvc - ok
02:45:21.0349 4328 Steam Client Service - ok
02:45:21.0518 4328 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
02:45:21.0562 4328 Stereo Service - ok
02:45:21.0593 4328 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
02:45:21.0639 4328 stexstor - ok
02:45:21.0712 4328 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
02:45:21.0793 4328 StillCam - ok
02:45:21.0880 4328 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
02:45:21.0953 4328 stisvc - ok
02:45:21.0992 4328 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
02:45:22.0028 4328 swenum - ok
02:45:22.0107 4328 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
02:45:22.0225 4328 swprv - ok
02:45:22.0442 4328 [ D880FBD65B6F4885AC89628225B91398 ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
02:45:22.0512 4328 Symantec AntiVirus - ok
02:45:22.0604 4328 [ D1F1A5E72E33D6BE449F5F1F4A513DD1 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
02:45:22.0657 4328 SymEvent - ok
02:45:22.0732 4328 [ BE7311DA9D6833FA69ED04B744A1C8F8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
02:45:22.0778 4328 SynTP - ok
02:45:22.0974 4328 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
02:45:23.0102 4328 SysMain - ok
02:45:23.0126 4328 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
02:45:23.0166 4328 TabletInputService - ok
02:45:23.0220 4328 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
02:45:23.0345 4328 TapiSrv - ok
02:45:23.0419 4328 [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas C:\Windows\system32\DRIVERS\tapoas.sys
02:45:23.0518 4328 tapoas - ok
02:45:23.0535 4328 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
02:45:23.0585 4328 TBS - ok
02:45:23.0714 4328 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
02:45:23.0836 4328 Tcpip - ok
02:45:23.0932 4328 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
02:45:23.0985 4328 TCPIP6 - ok
02:45:24.0009 4328 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
02:45:24.0078 4328 tcpipreg - ok
02:45:24.0118 4328 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
02:45:24.0207 4328 TDPIPE - ok
02:45:24.0231 4328 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
02:45:24.0277 4328 TDTCP - ok
02:45:24.0327 4328 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
02:45:24.0373 4328 tdx - ok
02:45:24.0472 4328 [ EF6CCF8B483201F7196D83FC136FA43A ] Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys
02:45:24.0490 4328 Teefer2 - ok
02:45:24.0514 4328 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
02:45:24.0536 4328 TermDD - ok
02:45:24.0622 4328 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
02:45:24.0790 4328 TermService - ok
02:45:24.0827 4328 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
02:45:24.0893 4328 Themes - ok
02:45:24.0936 4328 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
02:45:24.0995 4328 THREADORDER - ok
02:45:25.0099 4328 [ 963C903E5176C5CDCAE321D48635B21F ] TMBMServer C:\Program Files\Trend Micro\BM\TMBMSRV.exe
02:45:25.0131 4328 TMBMServer - ok
02:45:25.0239 4328 [ 1E051F36680AA502EADAE4F0F7069091 ] tmpreflt C:\Windows\system32\DRIVERS\tmpreflt.sys
02:45:25.0294 4328 tmpreflt - ok
02:45:25.0507 4328 [ 3AE913B4FBF06EE49831FF9DB2330830 ] TmProxy C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
02:45:25.0560 4328 TmProxy - ok
02:45:25.0632 4328 [ 21CC12B7F8B44E91D03EAD5B17AAF0B2 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
02:45:25.0654 4328 tmtdi - ok
02:45:25.0693 4328 [ BB2C72500AE87AA178CF97674F210F21 ] tmxpflt C:\Windows\system32\DRIVERS\tmxpflt.sys
02:45:25.0730 4328 tmxpflt - ok
02:45:25.0766 4328 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
02:45:25.0824 4328 TrkWks - ok
02:45:25.0912 4328 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
02:45:26.0019 4328 TrustedInstaller - ok
02:45:26.0067 4328 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
02:45:26.0154 4328 tssecsrv - ok
02:45:26.0241 4328 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
02:45:26.0294 4328 TsUsbFlt - ok
02:45:26.0366 4328 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
02:45:26.0449 4328 tunnel - ok
02:45:26.0645 4328 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
02:45:26.0681 4328 uagp35 - ok
02:45:26.0704 4328 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
02:45:26.0809 4328 udfs - ok
02:45:26.0844 4328 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
02:45:26.0870 4328 UI0Detect - ok
02:45:26.0926 4328 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
02:45:26.0965 4328 uliagpkx - ok
02:45:27.0031 4328 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
02:45:27.0084 4328 umbus - ok
02:45:27.0143 4328 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
02:45:27.0219 4328 UmPass - ok
02:45:27.0279 4328 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
02:45:27.0381 4328 upnphost - ok
02:45:27.0472 4328 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
02:45:27.0556 4328 USBAAPL64 - ok
02:45:27.0582 4328 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
02:45:27.0674 4328 usbccgp - ok
02:45:27.0730 4328 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
02:45:27.0767 4328 usbcir - ok
02:45:27.0777 4328 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
02:45:27.0834 4328 usbehci - ok
02:45:27.0905 4328 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
02:45:27.0961 4328 usbhub - ok
02:45:27.0988 4328 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
02:45:28.0051 4328 usbohci - ok
02:45:28.0097 4328 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
02:45:28.0158 4328 usbprint - ok
02:45:28.0213 4328 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
02:45:28.0278 4328 usbscan - ok
02:45:28.0309 4328 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:45:28.0438 4328 USBSTOR - ok
02:45:28.0451 4328 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
02:45:28.0499 4328 usbuhci - ok
02:45:28.0617 4328 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
02:45:28.0696 4328 usbvideo - ok
02:45:28.0718 4328 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
02:45:28.0797 4328 UxSms - ok
02:45:28.0808 4328 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
02:45:28.0833 4328 VaultSvc - ok
02:45:28.0882 4328 [ C5C876CCFC083FF3B128F933823E87BD

 
TDSSKiller.2.8.16.0_24.03.2013_03.37.23_log.txt

 
03:37:23.0321 6892 TDSS rootkit removing tool 2.8.16.0 Mar 21 2013 15:53:02
03:37:23.0587 6892 ============================================================
03:37:23.0587 6892 Current date / time: 2013/03/24 03:37:23.0587
03:37:23.0587 6892 SystemInfo:
03:37:23.0587 6892
03:37:23.0587 6892 OS Version: 6.1.7601 ServicePack: 1.0
03:37:23.0587 6892 Product type: Workstation
03:37:23.0587 6892 ComputerName: MATTHEW-PC
03:37:23.0587 6892 UserName: Matthew
03:37:23.0587 6892 Windows directory: C:\Windows
03:37:23.0587 6892 System windows directory: C:\Windows
03:37:23.0587 6892 Running under WOW64
03:37:23.0588 6892 Processor architecture: Intel x64
03:37:23.0588 6892 Number of processors: 4
03:37:23.0588 6892 Page size: 0x1000
03:37:23.0588 6892 Boot type: Normal boot
03:37:23.0588 6892 ============================================================
03:37:23.0818 6892 BG loaded
03:37:24.0348 6892 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
03:37:24.0389 6892 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
03:37:24.0402 6892 ============================================================
03:37:24.0402 6892 \Device\Harddisk0\DR0:
03:37:24.0403 6892 MBR partitions:
03:37:24.0403 6892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4B800, BlocksNum 0x236E2800
03:37:24.0403 6892 \Device\Harddisk1\DR1:
03:37:24.0403 6892 MBR partitions:
03:37:24.0403 6892 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A16800
03:37:24.0403 6892 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x12A17000, BlocksNum 0x12A166C1
03:37:24.0403 6892 ============================================================
03:37:24.0439 6892 C: <-> \Device\Harddisk0\DR0\Partition1
03:37:24.0465 6892 D: <-> \Device\Harddisk1\DR1\Partition1
03:37:24.0504 6892 F: <-> \Device\Harddisk1\DR1\Partition2
03:37:24.0504 6892 ============================================================
03:37:24.0504 6892 Initialize success
03:37:24.0504 6892 ============================================================
03:37:25.0927 1152 ============================================================
03:37:25.0927 1152 Scan started
03:37:25.0927 1152 Mode: Manual;
03:37:25.0927 1152 ============================================================
03:37:26.0681 1152 ================ Scan system memory ========================
03:37:26.0681 1152 System memory - ok
03:37:26.0681 1152 ================ Scan services =============================
03:37:26.0773 1152 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
03:37:26.0777 1152 !SASCORE - ok
03:37:26.0942 1152 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
03:37:26.0947 1152 1394ohci - ok
03:37:27.0014 1152 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
03:37:27.0020 1152 ACPI - ok
03:37:27.0049 1152 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
03:37:27.0050 1152 AcpiPmi - ok
03:37:27.0073 1152 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
03:37:27.0087 1152 adfs - ok
03:37:27.0261 1152 [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
03:37:27.0312 1152 Adobe Version Cue CS4 - ok
03:37:27.0408 1152 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
03:37:27.0416 1152 adp94xx - ok
03:37:27.0432 1152 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
03:37:27.0437 1152 adpahci - ok
03:37:27.0445 1152 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
03:37:27.0447 1152 adpu320 - ok
03:37:27.0557 1152 [ C0BF554D2277F7A4C735D475ADE2E3B2 ] ADSMService C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
03:37:27.0560 1152 ADSMService - ok
03:37:27.0585 1152 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
03:37:27.0586 1152 AeLookupSvc - ok
03:37:27.0660 1152 [ 114C042FF784B4C5670290A661799357 ] AFBAgent C:\Windows\system32\FBAgent.exe
03:37:27.0668 1152 AFBAgent - ok
03:37:27.0741 1152 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
03:37:27.0772 1152 AFD - ok
03:37:27.0812 1152 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
03:37:27.0815 1152 agp440 - ok
03:37:27.0833 1152 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
03:37:27.0845 1152 ALG - ok
03:37:27.0901 1152 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
03:37:27.0912 1152 aliide - ok
03:37:27.0923 1152 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
03:37:27.0924 1152 amdide - ok
03:37:27.0995 1152 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
03:37:27.0996 1152 AmdK8 - ok
03:37:28.0016 1152 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
03:37:28.0017 1152 AmdPPM - ok
03:37:28.0041 1152 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
03:37:28.0042 1152 amdsata - ok
03:37:28.0062 1152 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
03:37:28.0064 1152 amdsbs - ok
03:37:28.0081 1152 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
03:37:28.0082 1152 amdxata - ok
03:37:28.0148 1152 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
03:37:28.0151 1152 AppID - ok
03:37:28.0163 1152 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
03:37:28.0166 1152 AppIDSvc - ok
03:37:28.0192 1152 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
03:37:28.0193 1152 Appinfo - ok
03:37:28.0291 1152 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
03:37:28.0293 1152 Apple Mobile Device - ok
03:37:28.0408 1152 [ 5234837DFEC4092E235594B25CF02865 ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
03:37:28.0415 1152 Application Updater - ok
03:37:28.0507 1152 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
03:37:28.0508 1152 arc - ok
03:37:28.0525 1152 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
03:37:28.0527 1152 arcsas - ok
03:37:28.0542 1152 [ 88FBC8BEBFD38566235EAA5E4DBC4E05 ] AsDsm C:\Windows\system32\drivers\AsDsm.sys
03:37:28.0555 1152 AsDsm - ok
03:37:28.0658 1152 ASInsHelp - ok
03:37:28.0735 1152 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
03:37:28.0736 1152 ASLDRService - ok
03:37:28.0830 1152 [ 2DB34EDD17D3A8DA7105A19C95A3DD68 ] ASMMAP64 C:\Program Files\ATKGFNEX\ASMMAP64.sys
03:37:28.0840 1152 ASMMAP64 - ok
03:37:28.0922 1152 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
03:37:28.0955 1152 aspnet_state - ok
03:37:29.0022 1152 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
03:37:29.0026 1152 AsyncMac - ok
03:37:29.0096 1152 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
03:37:29.0098 1152 atapi - ok
03:37:29.0142 1152 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
03:37:29.0154 1152 athr - ok
03:37:29.0168 1152 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
03:37:29.0169 1152 ATKGFNEXSrv - ok
03:37:29.0240 1152 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
03:37:29.0248 1152 AudioEndpointBuilder - ok
03:37:29.0265 1152 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
03:37:29.0269 1152 AudioSrv - ok
03:37:29.0342 1152 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
03:37:29.0345 1152 AxInstSV - ok
03:37:29.0435 1152 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
03:37:29.0442 1152 b06bdrv - ok
03:37:29.0471 1152 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
03:37:29.0475 1152 b57nd60a - ok
03:37:29.0577 1152 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
03:37:29.0578 1152 BcmSqlStartupSvc - ok
03:37:29.0606 1152 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
03:37:29.0610 1152 BDESVC - ok
03:37:29.0620 1152 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
03:37:29.0623 1152 Beep - ok
03:37:29.0708 1152 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
03:37:29.0722 1152 BFE - ok
03:37:29.0751 1152 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
03:37:29.0777 1152 BITS - ok
03:37:29.0833 1152 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
03:37:29.0834 1152 blbdrive - ok
03:37:29.0933 1152 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
03:37:29.0937 1152 Bonjour Service - ok
03:37:30.0007 1152 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
03:37:30.0011 1152 bowser - ok
03:37:30.0026 1152 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
03:37:30.0027 1152 BrFiltLo - ok
03:37:30.0046 1152 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
03:37:30.0047 1152 BrFiltUp - ok
03:37:30.0107 1152 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
03:37:30.0109 1152 BridgeMP - ok
03:37:30.0144 1152 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
03:37:30.0147 1152 Browser - ok
03:37:30.0166 1152 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
03:37:30.0171 1152 Brserid - ok
03:37:30.0185 1152 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
03:37:30.0186 1152 BrSerWdm - ok
03:37:30.0203 1152 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
03:37:30.0204 1152 BrUsbMdm - ok
03:37:30.0218 1152 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
03:37:30.0219 1152 BrUsbSer - ok
03:37:30.0234 1152 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
03:37:30.0235 1152 BTHMODEM - ok
03:37:30.0309 1152 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
03:37:30.0313 1152 bthserv - ok
03:37:30.0360 1152 catchme - ok
03:37:30.0424 1152 [ 5E68928BA2412E60FF1C61441313CF8D ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
03:37:30.0426 1152 ccEvtMgr - ok
03:37:30.0434 1152 [ 5E68928BA2412E60FF1C61441313CF8D ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
03:37:30.0435 1152 ccSetMgr - ok
03:37:30.0453 1152 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
03:37:30.0457 1152 cdfs - ok
03:37:30.0528 1152 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
03:37:30.0532 1152 cdrom - ok
03:37:30.0604 1152 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
03:37:30.0614 1152 CertPropSvc - ok
03:37:30.0625 1152 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
03:37:30.0626 1152 circlass - ok
03:37:30.0646 1152 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
03:37:30.0653 1152 CLFS - ok
03:37:30.0705 1152 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:37:30.0743 1152 clr_optimization_v2.0.50727_32 - ok
03:37:30.0764 1152 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:37:30.0766 1152 clr_optimization_v2.0.50727_64 - ok
03:37:30.0866 1152 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:37:30.0888 1152 clr_optimization_v4.0.30319_32 - ok
03:37:30.0905 1152 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:37:30.0906 1152 clr_optimization_v4.0.30319_64 - ok
03:37:30.0964 1152 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
03:37:30.0966 1152 CmBatt - ok
03:37:30.0988 1152 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
03:37:31.0000 1152 cmdide - ok
03:37:31.0033 1152 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
03:37:31.0041 1152 CNG - ok
03:37:31.0100 1152 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
03:37:31.0102 1152 Compbatt - ok
03:37:31.0158 1152 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
03:37:31.0160 1152 CompositeBus - ok
03:37:31.0186 1152 COMSysApp - ok
03:37:31.0214 1152 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
03:37:31.0215 1152 crcdisk - ok
03:37:31.0283 1152 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
03:37:31.0299 1152 Creative ALchemy AL6 Licensing Service - ok
03:37:31.0370 1152 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
03:37:31.0387 1152 Creative Audio Engine Licensing Service - ok
03:37:31.0412 1152 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
03:37:31.0417 1152 CryptSvc - ok
03:37:31.0446 1152 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
03:37:31.0455 1152 DcomLaunch - ok
03:37:31.0486 1152 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
03:37:31.0493 1152 defragsvc - ok
03:37:31.0520 1152 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
03:37:31.0524 1152 DfsC - ok
03:37:31.0595 1152 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
03:37:31.0609 1152 Dhcp - ok
03:37:31.0633 1152 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
03:37:31.0636 1152 discache - ok
03:37:31.0670 1152 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
03:37:31.0673 1152 Disk - ok
03:37:31.0714 1152 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
03:37:31.0719 1152 Dnscache - ok
03:37:31.0745 1152 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
03:37:31.0751 1152 dot3svc - ok
03:37:31.0822 1152 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
03:37:31.0826 1152 Dot4 - ok
03:37:31.0891 1152 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
03:37:31.0893 1152 Dot4Print - ok
03:37:31.0913 1152 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
03:37:31.0916 1152 dot4usb - ok
03:37:31.0938 1152 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
03:37:31.0943 1152 DPS - ok
03:37:31.0996 1152 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
03:37:31.0998 1152 drmkaud - ok
03:37:32.0042 1152 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
03:37:32.0067 1152 DXGKrnl - ok
03:37:32.0098 1152 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
03:37:32.0101 1152 EapHost - ok
03:37:32.0187 1152 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
03:37:32.0254 1152 ebdrv - ok
03:37:32.0351 1152 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
03:37:32.0375 1152 eeCtrl - ok
03:37:32.0408 1152 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
03:37:32.0413 1152 EFS - ok
03:37:32.0519 1152 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
03:37:32.0524 1152 ehRecvr - ok
03:37:32.0546 1152 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
03:37:32.0547 1152 ehSched - ok
03:37:32.0561 1152 [ 343ADA10D948DB29251F2D9C809AF204 ] EIO64 C:\Windows\system32\DRIVERS\EIO64.sys
03:37:32.0562 1152 EIO64 - ok
03:37:32.0636 1152 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
03:37:32.0643 1152 elxstor - ok
03:37:32.0735 1152 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilDrv11220 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys
03:37:32.0746 1152 EraserUtilDrv11220 - ok
03:37:32.0836 1152 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
03:37:32.0854 1152 EraserUtilRebootDrv - ok
03:37:32.0867 1152 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
03:37:32.0869 1152 ErrDev - ok
03:37:32.0940 1152 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
03:37:32.0949 1152 EventSystem - ok
03:37:32.0972 1152 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
03:37:32.0978 1152 exfat - ok
03:37:33.0044 1152 [ F7A7DA530618C3700A449FE7971DB924 ] ezplay C:\Windows\system32\Drivers\ezplay.sys
03:37:33.0046 1152 ezplay - ok
03:37:33.0063 1152 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
03:37:33.0068 1152 fastfat - ok
03:37:33.0153 1152 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
03:37:33.0196 1152 Fax - ok
03:37:33.0258 1152 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
03:37:33.0270 1152 fdc - ok
03:37:33.0324 1152 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
03:37:33.0338 1152 fdPHost - ok
03:37:33.0352 1152 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
03:37:33.0354 1152 FDResPub - ok
03:37:33.0365 1152 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
03:37:33.0368 1152 FileInfo - ok
03:37:33.0385 1152 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
03:37:33.0388 1152 Filetrace - ok
03:37:33.0469 1152 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
03:37:33.0550 1152 FLEXnet Licensing Service - ok
03:37:33.0681 1152 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
03:37:33.0728 1152 FLEXnet Licensing Service 64 - ok
03:37:33.0781 1152 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
03:37:33.0799 1152 flpydisk - ok
03:37:33.0869 1152 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
03:37:33.0874 1152 FltMgr - ok
03:37:33.0954 1152 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
03:37:33.0978 1152 FontCache - ok
03:37:34.0016 1152 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:37:34.0030 1152 FontCache3.0.0.0 - ok
03:37:34.0054 1152 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
03:37:34.0057 1152 FsDepends - ok
03:37:34.0142 1152 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
03:37:34.0143 1152 fssfltr - ok
03:37:34.0293 1152 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
03:37:34.0471 1152 fsssvc - ok
03:37:34.0495 1152 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
03:37:34.0497 1152 Fs_Rec - ok
03:37:34.0566 1152 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
03:37:34.0568 1152 fvevol - ok
03:37:34.0635 1152 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
03:37:34.0636 1152 gagp30kx - ok
03:37:34.0699 1152 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
03:37:34.0712 1152 GEARAspiWDM - ok
03:37:34.0749 1152 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
03:37:34.0771 1152 gpsvc - ok
03:37:34.0874 1152 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:37:34.0878 1152 gupdate - ok
03:37:34.0999 1152 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:37:35.0001 1152 gupdatem - ok
03:37:35.0044 1152 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
03:37:35.0045 1152 hamachi - ok
03:37:35.0058 1152 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
03:37:35.0059 1152 hcw85cir - ok
03:37:35.0134 1152 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
03:37:35.0141 1152 HdAudAddService - ok
03:37:35.0194 1152 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
03:37:35.0196 1152 HDAudBus - ok
03:37:35.0212 1152 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
03:37:35.0224 1152 HidBatt - ok
03:37:35.0241 1152 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
03:37:35.0242 1152 HidBth - ok
03:37:35.0256 1152 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
03:37:35.0257 1152 HidIr - ok
03:37:35.0282 1152 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
03:37:35.0296 1152 hidserv - ok
03:37:35.0346 1152 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
03:37:35.0348 1152 HidUsb - ok
03:37:35.0377 1152 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
03:37:35.0391 1152 hkmsvc - ok
03:37:35.0424 1152 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
03:37:35.0432 1152 HomeGroupListener - ok
03:37:35.0459 1152 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
03:37:35.0465 1152 HomeGroupProvider - ok
03:37:35.0608 1152 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
03:37:35.0633 1152 hpqcxs08 - ok
03:37:35.0696 1152 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
03:37:35.0715 1152 hpqddsvc - ok
03:37:35.0768 1152 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
03:37:35.0769 1152 HpSAMD - ok
03:37:35.0891 1152 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
03:37:35.0911 1152 HPSLPSVC - ok
03:37:35.0985 1152 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
03:37:36.0010 1152 HTTP - ok
03:37:36.0033 1152 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
03:37:36.0036 1152 hwpolicy - ok
03:37:36.0095 1152 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
03:37:36.0099 1152 i8042prt - ok
03:37:36.0122 1152 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
03:37:36.0126 1152 iaStor - ok
03:37:36.0152 1152 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
03:37:36.0157 1152 iaStorV - ok
03:37:36.0248 1152 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
03:37:36.0266 1152 IDriverT - ok
03:37:36.0309 1152 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:37:36.0316 1152 idsvc - ok
03:37:36.0337 1152 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
03:37:36.0338 1152 iirsp - ok
03:37:36.0368 1152 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
03:37:36.0390 1152 IKEEXT - ok
03:37:36.0501 1152 [ 397AF4C77E4AC1B262E4EBAC2958188C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
03:37:36.0553 1152 IntcAzAudAddService - ok
03:37:36.0568 1152 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
03:37:36.0578 1152 intelide - ok
03:37:36.0645 1152 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
03:37:36.0646 1152 intelppm - ok
03:37:36.0675 1152 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
03:37:36.0680 1152 IPBusEnum - ok
03:37:36.0707 1152 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:37:36.0710 1152 IpFilterDriver - ok
03:37:36.0743 1152 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
03:37:36.0760 1152 iphlpsvc - ok
03:37:36.0778 1152 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
03:37:36.0779 1152 IPMIDRV - ok
03:37:36.0795 1152 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
03:37:36.0798 1152 IPNAT - ok
03:37:36.0887 1152 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
03:37:36.0905 1152 iPod Service - ok
03:37:36.0957 1152 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
03:37:36.0959 1152 IRENUM - ok
03:37:36.0976 1152 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
03:37:36.0979 1152 isapnp - ok
03:37:37.0002 1152 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
03:37:37.0007 1152 iScsiPrt - ok
03:37:37.0079 1152 [ 917A1517AB4E8FB9554919FDEC96A8F5 ] JLTECH0227 C:\Windows\system32\Drivers\jl2005c.sys
03:37:37.0080 1152 JLTECH0227 - ok
03:37:37.0134 1152 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
03:37:37.0137 1152 kbdclass - ok
03:37:37.0194 1152 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
03:37:37.0197 1152 kbdhid - ok
03:37:37.0262 1152 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
03:37:37.0263 1152 kbfiltr - ok
03:37:37.0293 1152 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
03:37:37.0297 1152 KeyIso - ok
03:37:37.0334 1152 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
03:37:37.0359 1152 KSecDD - ok
03:37:37.0377 1152 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
03:37:37.0381 1152 KSecPkg - ok
03:37:37.0395 1152 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
03:37:37.0397 1152 ksthunk - ok
03:37:37.0426 1152 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
03:37:37.0447 1152 KtmRm - ok
03:37:37.0522 1152 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
03:37:37.0529 1152 LanmanServer - ok
03:37:37.0550 1152 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
03:37:37.0559 1152 LanmanWorkstation - ok
03:37:37.0737 1152 [ 6105B28F5D03C4AFFA7197B228768849 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
03:37:37.0908 1152 LiveUpdate - ok
03:37:37.0984 1152 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
03:37:37.0987 1152 lltdio - ok
03:37:38.0010 1152 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
03:37:38.0020 1152 lltdsvc - ok
03:37:38.0038 1152 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
03:37:38.0042 1152 lmhosts - ok
03:37:38.0100 1152 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
03:37:38.0101 1152 LSI_FC - ok
03:37:38.0113 1152 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
03:37:38.0114 1152 LSI_SAS - ok
03:37:38.0127 1152 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
03:37:38.0128 1152 LSI_SAS2 - ok
03:37:38.0140 1152 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
03:37:38.0141 1152 LSI_SCSI - ok
03:37:38.0193 1152 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
03:37:38.0194 1152 luafv - ok
03:37:38.0303 1152 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
03:37:38.0333 1152 McComponentHostService - ok
03:37:38.0403 1152 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
03:37:38.0407 1152 mcdbus - ok
03:37:38.0433 1152 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
03:37:38.0439 1152 Mcx2Svc - ok
03:37:38.0451 1152 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
03:37:38.0452 1152 megasas - ok
03:37:38.0477 1152 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
03:37:38.0481 1152 MegaSR - ok
03:37:38.0546 1152 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
03:37:38.0552 1152 MMCSS - ok
03:37:38.0565 1152 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
03:37:38.0568 1152 Modem - ok
03:37:38.0625 1152 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
03:37:38.0626 1152 monitor - ok
03:37:38.0692 1152 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
03:37:38.0695 1152 mouclass - ok
03:37:38.0701 1152 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
03:37:38.0703 1152 mouhid - ok
03:37:38.0756 1152 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
03:37:38.0759 1152 mountmgr - ok
03:37:38.0777 1152 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
03:37:38.0782 1152 mpio - ok
03:37:38.0797 1152 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
03:37:38.0800 1152 mpsdrv - ok
03:37:38.0839 1152 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
03:37:38.0862 1152 MpsSvc - ok
03:37:38.0893 1152 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
03:37:38.0898 1152 MRxDAV - ok
03:37:38.0920 1152 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
03:37:38.0925 1152 mrxsmb - ok
03:37:38.0974 1152 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:37:38.0981 1152 mrxsmb10 - ok
03:37:38.0993 1152 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:37:38.0996 1152 mrxsmb20 - ok
03:37:39.0006 1152 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
03:37:39.0007 1152 msahci - ok
03:37:39.0031 1152 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
03:37:39.0034 1152 msdsm - ok
03:37:39.0052 1152 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
03:37:39.0069 1152 MSDTC - ok
03:37:39.0133 1152 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
03:37:39.0136 1152 Msfs - ok
03:37:39.0156 1152 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
03:37:39.0159 1152 mshidkmdf - ok
03:37:39.0179 1152 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
03:37:39.0182 1152 msisadrv - ok
03:37:39.0243 1152 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
03:37:39.0250 1152 MSiSCSI - ok
03:37:39.0255 1152 msiserver - ok
03:37:39.0305 1152 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
03:37:39.0308 1152 MSKSSRV - ok
03:37:39.0359 1152 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
03:37:39.0362 1152 MSPCLOCK - ok
03:37:39.0371 1152 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
03:37:39.0373 1152 MSPQM - ok
03:37:39.0433 1152 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
03:37:39.0440 1152 MsRPC - ok
03:37:39.0454 1152 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
03:37:39.0455 1152 mssmbios - ok
03:37:39.0547 1152 MSSQL$MSSMLBIZ - ok
03:37:39.0637 1152 MSSQL$SQLEXPRESS - ok
03:37:39.0675 1152 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
03:37:39.0695 1152 MSSQLServerADHelper - ok
03:37:39.0743 1152 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
03:37:39.0756 1152 MSSQLServerADHelper100 - ok
03:37:39.0770 1152 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
03:37:39.0773 1152 MSTEE - ok
03:37:39.0782 1152 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
03:37:39.0783 1152 MTConfig - ok
03:37:39.0842 1152 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
03:37:39.0843 1152 MTsensor - ok
03:37:39.0896 1152 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
03:37:39.0899 1152 Mup - ok
03:37:40.0014 1152 [ AB452EB22B48D618AED418E330B5C2A9 ] NACAgent C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
03:37:40.0024 1152 NACAgent - ok
03:37:40.0058 1152 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
03:37:40.0075 1152 napagent - ok
03:37:40.0140 1152 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
03:37:40.0147 1152 NativeWifiP - ok
03:37:40.0295 1152 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130323.008\ENG64.SYS
03:37:40.0313 1152 NAVENG - ok
03:37:40.0383 1152 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130323.008\EX64.SYS
03:37:40.0484 1152 NAVEX15 - ok
03:37:40.0561 1152 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
03:37:40.0569 1152 NDIS - ok
03:37:40.0610 1152 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
03:37:40.0612 1152 NdisCap - ok
03:37:40.0667 1152 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
03:37:40.0670 1152 NdisTapi - ok
03:37:40.0732 1152 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
03:37:40.0735 1152 Ndisuio - ok
03:37:40.0757 1152 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
03:37:40.0762 1152 NdisWan - ok
03:37:40.0787 1152 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
03:37:40.0790 1152 NDProxy - ok
03:37:40.0871 1152 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
03:37:40.0874 1152 Net Driver HPZ12 - ok
03:37:40.0886 1152 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
03:37:40.0889 1152 NetBIOS - ok
03:37:40.0916 1152 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
03:37:40.0946 1152 NetBT - ok
03:37:40.0957 1152 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
03:37:40.0960 1152 Netlogon - ok
03:37:40.0983 1152 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
03:37:40.0989 1152 Netman - ok
03:37:41.0012 1152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:37:41.0025 1152 NetMsmqActivator - ok
03:37:41.0054 1152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:37:41.0056 1152 NetPipeActivator - ok
03:37:41.0095 1152 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
03:37:41.0112 1152 netprofm - ok
03:37:41.0117 1152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:37:41.0119 1152 NetTcpActivator - ok
03:37:41.0124 1152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:37:41.0126 1152 NetTcpPortSharing - ok
03:37:41.0183 1152 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
03:37:41.0184 1152 nfrd960 - ok
03:37:41.0257 1152 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
03:37:41.0265 1152 NlaSvc - ok
03:37:41.0348 1152 Norton PC Checkup Application Launcher - ok
03:37:41.0364 1152 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
03:37:41.0367 1152 Npfs - ok
03:37:41.0373 1152 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
03:37:41.0378 1152 nsi - ok
03:37:41.0391 1152 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
03:37:41.0393 1152 nsiproxy - ok
03:37:41.0454 1152 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
03:37:41.0498 1152 Ntfs - ok
03:37:41.0505 1152 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
03:37:41.0507 1152 Null - ok
03:37:41.0785 1152 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
03:37:41.0874 1152 nvlddmkm - ok
03:37:41.0935 1152 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
03:37:41.0936 1152 nvraid - ok
03:37:41.0973 1152 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
03:37:41.0975 1152 nvstor - ok
03:37:42.0054 1152 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
03:37:42.0080 1152 nvsvc - ok
03:37:42.0186 1152 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
03:37:42.0285 1152 nvUpdatusService - ok
03:37:42.0302 1152 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
03:37:42.0303 1152 nv_agp - ok
03:37:42.0398 1152 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
03:37:42.0440 1152 odserv - ok
03:37:42.0457 1152 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
03:37:42.0460 1152 ohci1394 - ok
03:37:42.0520 1152 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:37:42.0582 1152 ose - ok
03:37:42.0638 1152 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
03:37:42.0644 1152 p2pimsvc - ok
03:37:42.0666 1152 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
03:37:42.0683 1152 p2psvc - ok
03:37:42.0707 1152 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
03:37:42.0710 1152 Parport - ok
03:37:42.0733 1152 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
03:37:42.0736 1152 partmgr - ok
03:37:42.0749 1152 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
03:37:42.0755 1152 PcaSvc - ok
03:37:42.0821 1152 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe
03:37:42.0824 1152 PCCUJobMgr - ok
03:37:42.0842 1152 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
03:37:42.0847 1152 pci - ok
03:37:42.0857 1152 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
03:37:42.0860 1152 pciide - ok
03:37:42.0881 1152 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
03:37:42.0886 1152 pcmcia - ok
03:37:42.0958 1152 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
03:37:42.0960 1152 pcouffin - ok
03:37:42.0975 1152 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
03:37:42.0978 1152 pcw - ok
03:37:43.0007 1152 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
03:37:43.0017 1152 PEAUTH - ok
03:37:43.0072 1152 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
03:37:43.0094 1152 PerfHost - ok
03:37:43.0147 1152 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
03:37:43.0181 1152 pla - ok
03:37:43.0257 1152 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
03:37:43.0267 1152 PlugPlay - ok
03:37:43.0348 1152 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
03:37:43.0351 1152 Pml Driver HPZ12 - ok
03:37:43.0372 1152 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
03:37:43.0378 1152 PNRPAutoReg - ok
03:37:43.0397 1152 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
03:37:43.0403 1152 PNRPsvc - ok
03:37:43.0422 1152 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
03:37:43.0427 1152 PolicyAgent - ok
03:37:43.0455 1152 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
03:37:43.0461 1152 Power - ok
03:37:43.0531 1152 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
03:37:43.0534 1152 PptpMiniport - ok
03:37:43.0555 1152 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
03:37:43.0558 1152 Processor - ok
03:37:43.0629 1152 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
03:37:43.0635 1152 ProfSvc - ok
03:37:43.0646 1152 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
03:37:43.0650 1152 ProtectedStorage - ok
03:37:43.0673 1152 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
03:37:43.0674 1152 Psched - ok
03:37:43.0746 1152 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
03:37:43.0747 1152 PxHlpa64 - ok
03:37:43.0795 1152 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
03:37:43.0829 1152 ql2300 - ok
03:37:43.0847 1152 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
03:37:43.0849 1152 ql40xx - ok
03:37:43.0877 1152 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
03:37:43.0886 1152 QWAVE - ok
03:37:43.0902 1152 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
03:37:43.0906 1152 QWAVEdrv - ok
03:37:43.0918 1152 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
03:37:43.0920 1152 RasAcd - ok
03:37:43.0951 1152 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
03:37:43.0954 1152 RasAgileVpn - ok
03:37:43.0973 1152 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
03:37:43.0980 1152 RasAuto - ok
03:37:44.0001 1152 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
03:37:44.0004 1152 Rasl2tp - ok
03:37:44.0059 1152 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
03:37:44.0076 1152 RasMan - ok
03:37:44.0092 1152 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
03:37:44.0095 1152 RasPppoe - ok
03:37:44.0107 1152 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
03:37:44.0111 1152 RasSstp - ok
03:37:44.0143 1152 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
03:37:44.0149 1152 rdbss - ok
03:37:44.0160 1152 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
03:37:44.0161 1152 rdpbus - ok
03:37:44.0175 1152 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
03:37:44.0178 1152 RDPCDD - ok
03:37:44.0235 1152 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
03:37:44.0237 1152 RDPENCDD - ok
03:37:44.0249 1152 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
03:37:44.0251 1152 RDPREFMP - ok
03:37:44.0277 1152 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
03:37:44.0282 1152 RDPWD - ok
03:37:44.0346 1152 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
03:37:44.0351 1152 rdyboost - ok
03:37:44.0373 1152 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
03:37:44.0379 1152 RemoteAccess - ok
03:37:44.0390 1152 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
03:37:44.0400 1152 RemoteRegistry - ok
03:37:44.0458 1152 [ 6FAF5B04BEDC66D300D9D233B2D222F0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
03:37:44.0459 1152 rimmptsk - ok
03:37:44.0468 1152 [ 67F50C31713106FD1B0F286F86AA2B2E ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
03:37:44.0470 1152 rimsptsk - ok
03:37:44.0481 1152 [ 4D7EF3D46346EC4C58784DB964B365DE ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
03:37:44.0482 1152 rismxdp - ok
03:37:44.0533 1152 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
03:37:44.0538 1152 RpcEptMapper - ok
03:37:44.0559 1152 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
03:37:44.0570 1152 RpcLocator - ok
03:37:44.0598 1152 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
03:37:44.0605 1152 RpcSs - ok
03:37:44.0680 1152 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
03:37:44.0685 1152 RsFx0103 - ok
03:37:44.0707 1152 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
03:37:44.0710 1152 rspndr - ok
03:37:44.0772 1152 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
03:37:44.0775 1152 RTL8167 - ok
03:37:44.0855 1152 [ 24510C4A77ABA3B07AEFA840DB888637 ] RzSynapse C:\Windows\system32\DRIVERS\RzSynapse.sys
03:37:44.0857 1152 RzSynapse - ok
03:37:44.0862 1152 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
03:37:44.0866 1152 SamSs - ok
03:37:44.0962 1152 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
03:37:44.0963 1152 SASDIFSV - ok
03:37:45.0024 1152 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
03:37:45.0025 1152 SASKUTIL - ok
03:37:45.0050 1152 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
03:37:45.0051 1152 sbp2port - ok
03:37:45.0081 1152 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
03:37:45.0091 1152 SCardSvr - ok
03:37:45.0112 1152 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
03:37:45.0114 1152 scfilter - ok
03:37:45.0153 1152 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
03:37:45.0188 1152 Schedule - ok
03:37:45.0208 1152 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
03:37:45.0210 1152 SCPolicySvc - ok
03:37:45.0269 1152 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
03:37:45.0272 1152 sdbus - ok
03:37:45.0299 1152 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
03:37:45.0308 1152 SDRSVC - ok
03:37:45.0461 1152 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
03:37:45.0470 1152 SDScannerService - ok
03:37:45.0536 1152 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
03:37:45.0546 1152 SDUpdateService - ok
03:37:45.0603 1152 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
03:37:45.0607 1152 SDWSCService - ok
03:37:45.0670 1152 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
03:37:45.0673 1152 secdrv - ok
03:37:45.0701 1152 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
03:37:45.0707 1152 seclogon - ok
03:37:45.0773 1152 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
03:37:45.0779 1152 SENS - ok
03:37:45.0794 1152 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
03:37:45.0800 1152 SensrSvc - ok
03:37:45.0854 1152 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
03:37:45.0857 1152 Serenum - ok
03:37:45.0911 1152 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
03:37:45.0915 1152 Serial - ok
03:37:45.0943 1152 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
03:37:45.0946 1152 sermouse - ok
03:37:45.0976 1152 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
03:37:45.0993 1152 SessionEnv - ok
03:37:46.0099 1152 [ 6E81D09BEBB45D072C077C05567097E8 ] SfCtlCom C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
03:37:46.0106 1152 SfCtlCom - ok
03:37:46.0119 1152 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
03:37:46.0122 1152 sffdisk - ok
03:37:46.0136 1152 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
03:37:46.0139 1152 sffp_mmc - ok
03:37:46.0147 1152 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
03:37:46.0150 1152 sffp_sd - ok
03:37:46.0166 1152 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
03:37:46.0168 1152 sfloppy - ok
03:37:46.0233 1152 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
03:37:46.0250 1152 SharedAccess - ok
03:37:46.0275 1152 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
03:37:46.0289 1152 ShellHWDetection - ok
03:37:46.0338 1152 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
03:37:46.0340 1152 SiSGbeLH - ok
03:37:46.0400 1152 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
03:37:46.0401 1152 SiSRaid2 - ok
03:37:46.0424 1152 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
03:37:46.0425 1152 SiSRaid4 - ok
03:37:46.0488 1152 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
03:37:46.0666 1152 SkypeUpdate - ok
03:37:46.0674 1152 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
03:37:46.0676 1152 Smb - ok
03:37:46.0823 1152 [ 48BFC901748A6CBDBCADD7991C867060 ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
03:37:46.0891 1152 SmcService - ok
03:37:46.0955 1152 [ 767DE5FFE38B673C03551F50D96EBA0B ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
03:37:46.0987 1152 SNAC - ok
03:37:47.0057 1152 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
03:37:47.0062 1152 SNMPTRAP - ok
03:37:47.0149 1152 [ 2D280B5799F9C143FA7D49E032FBCE46 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
03:37:47.0163 1152 SNP2UVC - ok
03:37:47.0241 1152 [ 5F9785E7535F8F602CB294A54962C9E7 ] speedfan C:\Windows\syswow64\speedfan.sys
03:37:47.0247 1152 speedfan - ok
03:37:47.0265 1152 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
03:37:47.0267 1152 spldr - ok
03:37:47.0297 1152 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
03:37:47.0306 1152 Spooler - ok
03:37:47.0392 1152 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
03:37:47.0464 1152 sppsvc - ok
03:37:47.0481 1152 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
03:37:47.0488 1152 sppuinotify - ok
03:37:47.0588 1152 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
03:37:47.0589 1152 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
03:37:47.0591 1152 sptd ( LockedFile.Multi.Generic ) - warning
03:37:47.0591 1152 sptd - detected LockedFile.Multi.Generic (1)
03:37:47.0693 1152 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
03:37:47.0735 1152 SQLAgent$SQLEXPRESS - ok
03:37:47.0794 1152 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
03:37:47.0796 1152 SQLBrowser - ok
03:37:47.0820 1152 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
03:37:47.0822 1152 SQLWriter - ok
03:37:47.0850 1152 [ B531FC8918DCDAAE638511A123C3465E ] SRTSP C:\Windows\system32\Drivers\SRTSP64.SYS
03:37:47.0856 1152 SRTSP - ok
03:37:47.0878 1152 [ 2BD3A73D0601320B72486FC3EBC2544F ] SRTSPL C:\Windows\system32\Drivers\SRTSPL64.SYS
03:37:47.0884 1152 SRTSPL - ok
03:37:47.0899 1152 [ 529B337C1AEEB289F0B502EB0EE6A8F5 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX64.SYS
03:37:47.0900 1152 SRTSPX - ok
03:37:47.0929 1152 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
03:37:47.0937 1152 srv - ok
03:37:47.0965 1152 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
03:37:47.0973 1152 srv2 - ok
03:37:47.0999 1152 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
03:37:48.0003 1152 srvnet - ok
03:37:48.0071 1152 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
03:37:48.0078 1152 SSDPSRV - ok
03:37:48.0095 1152 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
03:37:48.0104 1152 SstpSvc - ok
03:37:48.0194 1152 Steam Client Service - ok
03:37:48.0288 1152 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
03:37:48.0291 1152 Stereo Service - ok
03:37:48.0314 1152 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
03:37:48.0315 1152 stexstor - ok
03:37:48.0384 1152 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
03:37:48.0385 1152 StillCam - ok
03:37:48.0460 1152 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
03:37:48.0471 1152 stisvc - ok
03:37:48.0490 1152 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
03:37:48.0492 1152 swenum - ok
03:37:48.0522 1152 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
03:37:48.0554 1152 swprv - ok
03:37:48.0610 1152 [ D880FBD65B6F4885AC89628225B91398 ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
03:37:48.0653 1152 Symantec AntiVirus - ok
03:37:48.0764 1152 [ D1F1A5E72E33D6BE449F5F1F4A513DD1 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
03:37:48.0766 1152 SymEvent - ok
03:37:48.0834 1152 [ BE7311DA9D6833FA69ED04B744A1C8F8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
03:37:48.0838 1152 SynTP - ok
03:37:48.0894 1152 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
03:37:48.0944 1152 SysMain - ok
03:37:48.0964 1152 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
03:37:48.0973 1152 TabletInputService - ok
03:37:49.0006 1152 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
03:37:49.0027 1152 TapiSrv - ok
03:37:49.0091 1152 [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas C:\Windows\system32\DRIVERS\tapoas.sys
03:37:49.0093 1152 tapoas - ok
03:37:49.0117 1152 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
03:37:49.0124 1152 TBS - ok
03:37:49.0222 1152 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
03:37:49.0265 1152 Tcpip - ok
03:37:49.0354 1152 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
03:37:49.0369 1152 TCPIP6 - ok
03:37:49.0393 1152 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
03:37:49.0395 1152 tcpipreg - ok
03:37:49.0411 1152 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
03:37:49.0414 1152 TDPIPE - ok
03:37:49.0442 1152 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
03:37:49.0444 1152 TDTCP - ok
03:37:49.0513 1152 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
03:37:49.0516 1152 tdx - ok
03:37:49.0592 1152 [ EF6CCF8B483201F7196D83FC136FA43A ] Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys
03:37:49.0593 1152 Teefer2 - ok
03:37:49.0610 1152 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
03:37:49.0613 1152 TermDD - ok
03:37:49.0643 1152 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
03:37:49.0698 1152 TermService - ok
03:37:49.0741 1152 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
03:37:49.0747 1152 Themes - ok
03:37:49.0767 1152 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
03:37:49.0771 1152 THREADORDER - ok
03:37:49.0848 1152 [ 963C903E5176C5CDCAE321D48635B21F ] TMBMServer C:\Program Files\Trend Micro\BM\TMBMSRV.exe
03:37:49.0887 1152 TMBMServer - ok
03:37:49.0972 1152 [ 1E051F36680AA502EADAE4F0F7069091 ] tmpreflt C:\Windows\system32\DRIVERS\tmpreflt.sys
03:37:49.0973 1152 tmpreflt - ok
03:37:50.0056 1152 [ 3AE913B4FBF06EE49831FF9DB2330830 ] TmProxy C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
03:37:50.0101 1152 TmProxy - ok
03:37:50.0158 1152 [ 21CC12B7F8B44E91D03EAD5B17AAF0B2 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
03:37:50.0160 1152 tmtdi - ok
03:37:50.0186 1152 [ BB2C72500AE87AA178CF97674F210F21 ] tmxpflt C:\Windows\system32\DRIVERS\tmxpflt.sys
03:37:50.0190 1152 tmxpflt - ok
03:37:50.0210 1152 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
03:37:50.0216 1152 TrkWks - ok
03:37:50.0256 1152 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
03:37:50.0259 1152 TrustedInstaller - ok
03:37:50.0287 1152 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
03:37:50.0290 1152 tssecsrv - ok
03:37:50.0355 1152 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
03:37:50.0358 1152 TsUsbFlt - ok
03:37:50.0430 1152 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
03:37:50.0434 1152 tunnel - ok
03:37:50.0461 1152 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
03:37:50.0463 1152 uagp35 - ok
03:37:50.0496 1152 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
03:37:50.0503 1152 udfs - ok
03:37:50.0529 1152 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
03:37:50.0535 1152 UI0Detect - ok
03:37:50.0561 1152 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
03:37:50.0562 1152 uliagpkx - ok
03:37:50.0625 1152 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
03:37:50.0628 1152 umbus - ok
03:37:50.0646 1152 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
03:37:50.0647 1152 UmPass - ok
03:37:50.0667 1152 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
03:37:50.0675 1152 upnphost - ok
03:37:50.0744 1152 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
03:37:50.0745 1152 USBAAPL64 - ok
03:37:50.0755 1152 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
03:37:50.0758 1152 usbccgp - ok
03:37:50.0812 1152 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
03:37:50.0814 1152 usbcir - ok
03:37:50.0834 1152 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
03:37:50.0837 1152 usbehci - ok
03:37:50.0871 1152 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
03:37:50.0878 1152 usbhub - ok
03:37:50.0897 1152 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
03:37:50.0900 1152 usbohci - ok
03:37:50.0957 1152 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
03:37:50.0960 1152 usbprint - ok
03:37:51.0031 1152 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
03:37:51.0034 1152 usbscan - ok
03:37:51.0053 1152 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:37:51.0056 1152 USBSTOR - ok
03:37:51.0071 1152 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
03:37:51.0074 1152 usbuhci - ok
03:37:51.0131 1152 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
03:37:51.0136 1152 usbvideo - ok
03:37:51.0165 1152 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.d
 
 
TDSSKiller.2.8.16.0_24.03.2013_04.09.51_log.txt

 
04:09:51.0736 5356 TDSS rootkit removing tool 2.8.16.0 Mar 21 2013 15:53:02
04:09:52.0275 5356 ============================================================
04:09:52.0275 5356 Current date / time: 2013/03/24 04:09:52.0275
04:09:52.0276 5356 SystemInfo:
04:09:52.0276 5356
04:09:52.0276 5356 OS Version: 6.1.7601 ServicePack: 1.0
04:09:52.0276 5356 Product type: Workstation
04:09:52.0276 5356 ComputerName: MATTHEW-PC
04:09:52.0276 5356 UserName: Matthew
04:09:52.0276 5356 Windows directory: C:\Windows
04:09:52.0276 5356 System windows directory: C:\Windows
04:09:52.0276 5356 Running under WOW64
04:09:52.0276 5356 Processor architecture: Intel x64
04:09:52.0276 5356 Number of processors: 4
04:09:52.0276 5356 Page size: 0x1000
04:09:52.0276 5356 Boot type: Normal boot
04:09:52.0276 5356 ============================================================
04:09:53.0110 5356 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:09:53.0330 5356 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:09:53.0404 5356 ============================================================
04:09:53.0404 5356 \Device\Harddisk0\DR0:
04:09:53.0404 5356 MBR partitions:
04:09:53.0404 5356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4B800, BlocksNum 0x236E2800
04:09:53.0404 5356 \Device\Harddisk1\DR1:
04:09:53.0405 5356 MBR partitions:
04:09:53.0405 5356 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A16800
04:09:53.0405 5356 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x12A17000, BlocksNum 0x12A166C1
04:09:53.0405 5356 ============================================================
04:09:53.0497 5356 C: <-> \Device\Harddisk0\DR0\Partition1
04:09:53.0520 5356 D: <-> \Device\Harddisk1\DR1\Partition1
04:09:53.0559 5356 F: <-> \Device\Harddisk1\DR1\Partition2
04:09:53.0559 5356 ============================================================
04:09:53.0559 5356 Initialize success
04:09:53.0559 5356 ============================================================
04:10:12.0315 3832 ============================================================
04:10:12.0315 3832 Scan started
04:10:12.0315 3832 Mode: Manual; SigCheck; TDLFS;
04:10:12.0315 3832 ============================================================
04:10:12.0886 3832 ================ Scan system memory ========================
04:10:12.0886 3832 System memory - ok
04:10:12.0887 3832 ================ Scan services =============================
04:10:12.0962 3832 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
04:10:13.0021 3832 !SASCORE - ok
04:10:13.0378 3832 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
04:10:13.0473 3832 1394ohci - ok
04:10:13.0532 3832 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
04:10:13.0560 3832 ACPI - ok
04:10:13.0592 3832 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
04:10:13.0732 3832 AcpiPmi - ok
04:10:13.0806 3832 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
04:10:13.0832 3832 adfs - ok
04:10:14.0068 3832 [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
04:10:14.0124 3832 Adobe Version Cue CS4 - ok
04:10:14.0199 3832 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
04:10:14.0231 3832 adp94xx - ok
04:10:14.0256 3832 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
04:10:14.0284 3832 adpahci - ok
04:10:14.0291 3832 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
04:10:14.0314 3832 adpu320 - ok
04:10:14.0364 3832 [ C0BF554D2277F7A4C735D475ADE2E3B2 ] ADSMService C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
04:10:14.0434 3832 ADSMService ( UnsignedFile.Multi.Generic ) - warning
04:10:14.0434 3832 ADSMService - detected UnsignedFile.Multi.Generic (1)
04:10:14.0475 3832 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
04:10:14.0708 3832 AeLookupSvc - ok
04:10:14.0733 3832 [ 114C042FF784B4C5670290A661799357 ] AFBAgent C:\Windows\system32\FBAgent.exe
04:10:14.0759 3832 AFBAgent - ok
04:10:14.0798 3832 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
04:10:14.0895 3832 AFD - ok
04:10:14.0924 3832 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
04:10:14.0945 3832 agp440 - ok
04:10:15.0004 3832 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
04:10:15.0087 3832 ALG - ok
04:10:15.0162 3832 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
04:10:15.0182 3832 aliide - ok
04:10:15.0193 3832 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
04:10:15.0213 3832 amdide - ok
04:10:15.0248 3832 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
04:10:15.0325 3832 AmdK8 - ok
04:10:15.0343 3832 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
04:10:15.0395 3832 AmdPPM - ok
04:10:15.0434 3832 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
04:10:15.0461 3832 amdsata - ok
04:10:15.0480 3832 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
04:10:15.0503 3832 amdsbs - ok
04:10:15.0525 3832 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
04:10:15.0546 3832 amdxata - ok
04:10:15.0566 3832 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
04:10:15.0773 3832 AppID - ok
04:10:15.0796 3832 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
04:10:15.0843 3832 AppIDSvc - ok
04:10:15.0874 3832 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
04:10:15.0944 3832 Appinfo - ok
04:10:16.0039 3832 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
04:10:16.0111 3832 Apple Mobile Device - ok
04:10:16.0279 3832 [ 5234837DFEC4092E235594B25CF02865 ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
04:10:16.0318 3832 Application Updater - ok
04:10:16.0404 3832 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
04:10:16.0426 3832 arc - ok
04:10:16.0439 3832 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
04:10:16.0461 3832 arcsas - ok
04:10:16.0488 3832 [ 88FBC8BEBFD38566235EAA5E4DBC4E05 ] AsDsm C:\Windows\system32\drivers\AsDsm.sys
04:10:16.0506 3832 AsDsm - ok
04:10:16.0621 3832 ASInsHelp - ok
04:10:16.0673 3832 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
04:10:16.0712 3832 ASLDRService - ok
04:10:16.0818 3832 [ 2DB34EDD17D3A8DA7105A19C95A3DD68 ] ASMMAP64 C:\Program Files\ATKGFNEX\ASMMAP64.sys
04:10:16.0835 3832 ASMMAP64 - ok
04:10:16.0959 3832 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
04:10:16.0995 3832 aspnet_state - ok
04:10:17.0052 3832 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
04:10:17.0174 3832 AsyncMac - ok
04:10:17.0232 3832 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
04:10:17.0253 3832 atapi - ok
04:10:17.0293 3832 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
04:10:17.0412 3832 athr - ok
04:10:17.0419 3832 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
04:10:17.0470 3832 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
04:10:17.0470 3832 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
04:10:17.0516 3832 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
04:10:17.0627 3832 AudioEndpointBuilder - ok
04:10:17.0672 3832 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
04:10:17.0745 3832 AudioSrv - ok
04:10:17.0807 3832 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
04:10:17.0917 3832 AxInstSV - ok
04:10:17.0950 3832 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
04:10:18.0031 3832 b06bdrv - ok
04:10:18.0069 3832 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
04:10:18.0099 3832 b57nd60a - ok
04:10:18.0200 3832 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
04:10:18.0262 3832 BcmSqlStartupSvc - ok
04:10:18.0328 3832 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
04:10:18.0402 3832 BDESVC - ok
04:10:18.0425 3832 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
04:10:18.0538 3832 Beep - ok
04:10:18.0603 3832 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
04:10:18.0692 3832 BFE - ok
04:10:18.0790 3832 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
04:10:18.0901 3832 BITS - ok
04:10:18.0927 3832 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
04:10:18.0976 3832 blbdrive - ok
04:10:19.0084 3832 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
04:10:19.0110 3832 Bonjour Service - ok
04:10:19.0141 3832 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
04:10:19.0225 3832 bowser - ok
04:10:19.0243 3832 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
04:10:19.0344 3832 BrFiltLo - ok
04:10:19.0361 3832 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
04:10:19.0384 3832 BrFiltUp - ok
04:10:19.0472 3832 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
04:10:19.0542 3832 BridgeMP - ok
04:10:19.0641 3832 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
04:10:19.0718 3832 Browser - ok
04:10:19.0737 3832 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
04:10:19.0813 3832 Brserid - ok
04:10:19.0872 3832 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
04:10:19.0921 3832 BrSerWdm - ok
04:10:19.0956 3832 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
04:10:20.0007 3832 BrUsbMdm - ok
04:10:20.0037 3832 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
04:10:20.0060 3832 BrUsbSer - ok
04:10:20.0077 3832 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
04:10:20.0134 3832 BTHMODEM - ok
04:10:20.0186 3832 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
04:10:20.0256 3832 bthserv - ok
04:10:20.0287 3832 catchme - ok
04:10:20.0350 3832 [ 5E68928BA2412E60FF1C61441313CF8D ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
04:10:20.0375 3832 ccEvtMgr - ok
04:10:20.0389 3832 [ 5E68928BA2412E60FF1C61441313CF8D ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
04:10:20.0425 3832 ccSetMgr - ok
04:10:20.0482 3832 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
04:10:20.0558 3832 cdfs - ok
04:10:20.0594 3832 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
04:10:20.0646 3832 cdrom - ok
04:10:20.0695 3832 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
04:10:20.0799 3832 CertPropSvc - ok
04:10:20.0840 3832 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
04:10:20.0871 3832 circlass - ok
04:10:20.0930 3832 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
04:10:20.0967 3832 CLFS - ok
04:10:21.0160 3832 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:10:21.0210 3832 clr_optimization_v2.0.50727_32 - ok
04:10:21.0251 3832 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:10:21.0272 3832 clr_optimization_v2.0.50727_64 - ok
04:10:21.0403 3832 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:10:21.0429 3832 clr_optimization_v4.0.30319_32 - ok
04:10:21.0441 3832 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:10:21.0462 3832 clr_optimization_v4.0.30319_64 - ok
04:10:21.0476 3832 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
04:10:21.0521 3832 CmBatt - ok
04:10:21.0575 3832 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
04:10:21.0595 3832 cmdide - ok
04:10:21.0644 3832 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
04:10:21.0680 3832 CNG - ok
04:10:21.0686 3832 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
04:10:21.0707 3832 Compbatt - ok
04:10:21.0778 3832 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
04:10:21.0828 3832 CompositeBus - ok
04:10:21.0838 3832 COMSysApp - ok
04:10:21.0875 3832 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
04:10:21.0896 3832 crcdisk - ok
04:10:21.0927 3832 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
04:10:21.0973 3832 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
04:10:21.0973 3832 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
04:10:22.0047 3832 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
04:10:22.0092 3832 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
04:10:22.0092 3832 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
04:10:22.0172 3832 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
04:10:22.0261 3832 CryptSvc - ok
04:10:22.0288 3832 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
04:10:22.0374 3832 DcomLaunch - ok
04:10:22.0444 3832 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
04:10:22.0545 3832 defragsvc - ok
04:10:22.0593 3832 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
04:10:22.0666 3832 DfsC - ok
04:10:22.0711 3832 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
04:10:22.0792 3832 Dhcp - ok
04:10:22.0813 3832 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
04:10:22.0890 3832 discache - ok
04:10:22.0923 3832 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
04:10:22.0944 3832 Disk - ok
04:10:22.0993 3832 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
04:10:23.0028 3832 Dnscache - ok
04:10:23.0057 3832 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
04:10:23.0131 3832 dot3svc - ok
04:10:23.0225 3832 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
04:10:23.0272 3832 Dot4 - ok
04:10:23.0335 3832 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
04:10:23.0382 3832 Dot4Print - ok
04:10:23.0424 3832 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
04:10:23.0480 3832 dot4usb - ok
04:10:23.0514 3832 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
04:10:23.0590 3832 DPS - ok
04:10:23.0655 3832 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
04:10:23.0678 3832 drmkaud - ok
04:10:23.0767 3832 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
04:10:23.0810 3832 DXGKrnl - ok
04:10:23.0839 3832 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
04:10:23.0888 3832 EapHost - ok
04:10:24.0238 3832 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
04:10:24.0383 3832 ebdrv - ok
04:10:24.0549 3832 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
04:10:24.0581 3832 eeCtrl - ok
04:10:24.0603 3832 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
04:10:24.0703 3832 EFS - ok
04:10:24.0814 3832 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
04:10:24.0924 3832 ehRecvr - ok
04:10:24.0947 3832 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
04:10:25.0030 3832 ehSched - ok
04:10:25.0053 3832 [ 343ADA10D948DB29251F2D9C809AF204 ] EIO64 C:\Windows\system32\DRIVERS\EIO64.sys
04:10:25.0123 3832 EIO64 - ok
04:10:25.0186 3832 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
04:10:25.0221 3832 elxstor - ok
04:10:25.0276 3832 [ 5E68928BA2412E60FF1C61441313CF8D ] EraserSvc11220 C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
04:10:25.0300 3832 EraserSvc11220 - ok
04:10:25.0403 3832 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
04:10:25.0422 3832 EraserUtilRebootDrv - ok
04:10:25.0441 3832 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
04:10:25.0485 3832 ErrDev - ok
04:10:25.0518 3832 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
04:10:25.0597 3832 EventSystem - ok
04:10:25.0628 3832 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
04:10:25.0701 3832 exfat - ok
04:10:25.0751 3832 [ F7A7DA530618C3700A449FE7971DB924 ] ezplay C:\Windows\system32\Drivers\ezplay.sys
04:10:25.0782 3832 ezplay - ok
04:10:25.0811 3832 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
04:10:25.0888 3832 fastfat - ok
04:10:25.0983 3832 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
04:10:26.0096 3832 Fax - ok
04:10:26.0114 3832 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
04:10:26.0164 3832 fdc - ok
04:10:26.0204 3832 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
04:10:26.0252 3832 fdPHost - ok
04:10:26.0259 3832 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
04:10:26.0306 3832 FDResPub - ok
04:10:26.0327 3832 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
04:10:26.0348 3832 FileInfo - ok
04:10:26.0364 3832 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
04:10:26.0439 3832 Filetrace - ok
04:10:26.0595 3832 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
04:10:26.0665 3832 FLEXnet Licensing Service - ok
04:10:26.0833 3832 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
04:10:26.0884 3832 FLEXnet Licensing Service 64 - ok
04:10:26.0900 3832 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
04:10:26.0927 3832 flpydisk - ok
04:10:26.0980 3832 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
04:10:27.0012 3832 FltMgr - ok
04:10:27.0072 3832 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
04:10:27.0141 3832 FontCache - ok
04:10:27.0184 3832 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:10:27.0203 3832 FontCache3.0.0.0 - ok
04:10:27.0239 3832 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
04:10:27.0261 3832 FsDepends - ok
04:10:27.0344 3832 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
04:10:27.0366 3832 fssfltr - ok
04:10:27.0485 3832 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
04:10:27.0605 3832 fsssvc - ok
04:10:27.0631 3832 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
04:10:27.0651 3832 Fs_Rec - ok
04:10:27.0677 3832 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
04:10:27.0711 3832 fvevol - ok
04:10:27.0745 3832 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
04:10:27.0766 3832 gagp30kx - ok
04:10:27.0827 3832 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:10:27.0844 3832 GEARAspiWDM - ok
04:10:27.0892 3832 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
04:10:28.0006 3832 gpsvc - ok
04:10:28.0092 3832 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:10:28.0142 3832 gupdate - ok
04:10:28.0184 3832 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:10:28.0220 3832 gupdatem - ok
04:10:28.0288 3832 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
04:10:28.0307 3832 hamachi - ok
04:10:28.0318 3832 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
04:10:28.0399 3832 hcw85cir - ok
04:10:28.0435 3832 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
04:10:28.0495 3832 HdAudAddService - ok
04:10:28.0536 3832 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
04:10:28.0598 3832 HDAudBus - ok
04:10:28.0629 3832 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
04:10:28.0655 3832 HidBatt - ok
04:10:28.0683 3832 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
04:10:28.0750 3832 HidBth - ok
04:10:28.0779 3832 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
04:10:28.0836 3832 HidIr - ok
04:10:28.0872 3832 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
04:10:28.0958 3832 hidserv - ok
04:10:28.0992 3832 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
04:10:29.0020 3832 HidUsb - ok
04:10:29.0049 3832 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
04:10:29.0117 3832 hkmsvc - ok
04:10:29.0146 3832 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
04:10:29.0223 3832 HomeGroupListener - ok
04:10:29.0255 3832 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
04:10:29.0324 3832 HomeGroupProvider - ok
04:10:29.0494 3832 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
04:10:29.0521 3832 hpqcxs08 - ok
04:10:29.0582 3832 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
04:10:29.0607 3832 hpqddsvc - ok
04:10:29.0630 3832 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
04:10:29.0657 3832 HpSAMD - ok
04:10:29.0776 3832 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
04:10:29.0845 3832 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
04:10:29.0845 3832 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
04:10:29.0937 3832 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
04:10:30.0040 3832 HTTP - ok
04:10:30.0078 3832 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
04:10:30.0107 3832 hwpolicy - ok
04:10:30.0173 3832 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
04:10:30.0201 3832 i8042prt - ok
04:10:30.0257 3832 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
04:10:30.0293 3832 iaStor - ok
04:10:30.0319 3832 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
04:10:30.0361 3832 iaStorV - ok
04:10:30.0482 3832 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
04:10:30.0540 3832 IDriverT ( UnsignedFile.Multi.Generic ) - warning
04:10:30.0540 3832 IDriverT - detected UnsignedFile.Multi.Generic (1)
04:10:30.0591 3832 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:10:30.0647 3832 idsvc - ok
04:10:30.0670 3832 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
04:10:30.0701 3832 iirsp - ok
04:10:30.0818 3832 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
04:10:30.0900 3832 IKEEXT - ok
04:10:31.0039 3832 [ 397AF4C77E4AC1B262E4EBAC2958188C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
04:10:31.0099 3832 IntcAzAudAddService - ok
04:10:31.0132 3832 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
04:10:31.0160 3832 intelide - ok
04:10:31.0175 3832 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
04:10:31.0236 3832 intelppm - ok
04:10:31.0271 3832 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
04:10:31.0356 3832 IPBusEnum - ok
04:10:31.0427 3832 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:10:31.0502 3832 IpFilterDriver - ok
04:10:31.0578 3832 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
04:10:31.0647 3832 iphlpsvc - ok
04:10:31.0688 3832 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
04:10:31.0726 3832 IPMIDRV - ok
04:10:31.0746 3832 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
04:10:31.0824 3832 IPNAT - ok
04:10:31.0954 3832 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
04:10:32.0023 3832 iPod Service - ok
04:10:32.0048 3832 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
04:10:32.0111 3832 IRENUM - ok
04:10:32.0125 3832 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
04:10:32.0146 3832 isapnp - ok
04:10:32.0209 3832 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
04:10:32.0241 3832 iScsiPrt - ok
04:10:32.0310 3832 [ 917A1517AB4E8FB9554919FDEC96A8F5 ] JLTECH0227 C:\Windows\system32\Drivers\jl2005c.sys
04:10:32.0332 3832 JLTECH0227 - ok
04:10:32.0349 3832 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
04:10:32.0370 3832 kbdclass - ok
04:10:32.0425 3832 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
04:10:32.0482 3832 kbdhid - ok
04:10:32.0518 3832 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
04:10:32.0536 3832 kbfiltr - ok
04:10:32.0591 3832 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
04:10:32.0616 3832 KeyIso - ok
04:10:32.0680 3832 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
04:10:32.0702 3832 KSecDD - ok
04:10:32.0739 3832 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
04:10:32.0768 3832 KSecPkg - ok
04:10:32.0791 3832 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
04:10:32.0864 3832 ksthunk - ok
04:10:32.0897 3832 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
04:10:32.0980 3832 KtmRm - ok
04:10:33.0066 3832 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
04:10:33.0149 3832 LanmanServer - ok
04:10:33.0194 3832 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
04:10:33.0274 3832 LanmanWorkstation - ok
04:10:33.0418 3832 [ 6105B28F5D03C4AFFA7197B228768849 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
04:10:33.0494 3832 LiveUpdate - ok
04:10:33.0521 3832 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
04:10:33.0578 3832 lltdio - ok
04:10:33.0604 3832 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
04:10:33.0694 3832 lltdsvc - ok
04:10:33.0715 3832 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
04:10:33.0775 3832 lmhosts - ok
04:10:33.0834 3832 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
04:10:33.0867 3832 LSI_FC - ok
04:10:33.0880 3832 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
04:10:33.0913 3832 LSI_SAS - ok
04:10:33.0928 3832 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
04:10:33.0961 3832 LSI_SAS2 - ok
04:10:34.0015 3832 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
04:10:34.0052 3832 LSI_SCSI - ok
04:10:34.0070 3832 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
04:10:34.0151 3832 luafv - ok
04:10:34.0214 3832 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
04:10:34.0243 3832 MBAMProtector - ok
04:10:34.0334 3832 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
04:10:34.0399 3832 MBAMScheduler - ok
04:10:34.0467 3832 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
04:10:34.0532 3832 MBAMService - ok
04:10:34.0623 3832 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
04:10:34.0677 3832 McComponentHostService - ok
04:10:34.0698 3832 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
04:10:34.0734 3832 mcdbus - ok
04:10:34.0803 3832 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
04:10:34.0840 3832 Mcx2Svc - ok
04:10:34.0862 3832 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
04:10:34.0894 3832 megasas - ok
04:10:34.0913 3832 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
04:10:34.0948 3832 MegaSR - ok
04:10:34.0974 3832 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
04:10:35.0064 3832 MMCSS - ok
04:10:35.0083 3832 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
04:10:35.0172 3832 Modem - ok
04:10:35.0226 3832 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
04:10:35.0284 3832 monitor - ok
04:10:35.0326 3832 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
04:10:35.0359 3832 mouclass - ok
04:10:35.0364 3832 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
04:10:35.0423 3832 mouhid - ok
04:10:35.0464 3832 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
04:10:35.0496 3832 mountmgr - ok
04:10:35.0510 3832 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
04:10:35.0540 3832 mpio - ok
04:10:35.0563 3832 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
04:10:35.0620 3832 mpsdrv - ok
04:10:35.0662 3832 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
04:10:35.0797 3832 MpsSvc - ok
04:10:35.0840 3832 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
04:10:35.0915 3832 MRxDAV - ok
04:10:35.0934 3832 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
04:10:36.0019 3832 mrxsmb - ok
04:10:36.0070 3832 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:10:36.0122 3832 mrxsmb10 - ok
04:10:36.0154 3832 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:10:36.0182 3832 mrxsmb20 - ok
04:10:36.0210 3832 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
04:10:36.0242 3832 msahci - ok
04:10:36.0258 3832 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
04:10:36.0293 3832 msdsm - ok
04:10:36.0313 3832 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
04:10:36.0371 3832 MSDTC - ok
04:10:36.0419 3832 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
04:10:36.0477 3832 Msfs - ok
04:10:36.0492 3832 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
04:10:36.0575 3832 mshidkmdf - ok
04:10:36.0605 3832 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
04:10:36.0638 3832 msisadrv - ok
04:10:36.0660 3832 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
04:10:36.0723 3832 MSiSCSI - ok
04:10:36.0727 3832 msiserver - ok
04:10:36.0739 3832 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
04:10:36.0798 3832 MSKSSRV - ok
04:10:36.0823 3832 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
04:10:36.0885 3832 MSPCLOCK - ok
04:10:36.0890 3832 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
04:10:36.0940 3832 MSPQM - ok
04:10:36.0988 3832 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
04:10:37.0019 3832 MsRPC - ok
04:10:37.0037 3832 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
04:10:37.0059 3832 mssmbios - ok
04:10:37.0147 3832 MSSQL$MSSMLBIZ - ok
04:10:37.0170 3832 MSSQL$SQLEXPRESS - ok
04:10:37.0208 3832 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
04:10:37.0233 3832 MSSQLServerADHelper - ok
04:10:37.0285 3832 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
04:10:37.0306 3832 MSSQLServerADHelper100 - ok
04:10:37.0320 3832 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
04:10:37.0366 3832 MSTEE - ok
04:10:37.0382 3832 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
04:10:37.0403 3832 MTConfig - ok
04:10:37.0433 3832 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
04:10:37.0451 3832 MTsensor - ok
04:10:37.0503 3832 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
04:10:37.0530 3832 Mup - ok
04:10:37.0636 3832 [ AB452EB22B48D618AED418E330B5C2A9 ] NACAgent C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
04:10:37.0693 3832 NACAgent - ok
04:10:37.0723 3832 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
04:10:37.0806 3832 napagent - ok
04:10:37.0843 3832 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
04:10:37.0899 3832 NativeWifiP - ok
04:10:38.0051 3832 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130323.008\ENG64.SYS
04:10:38.0073 3832 NAVENG - ok
04:10:38.0188 3832 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130323.008\EX64.SYS
04:10:38.0248 3832 NAVEX15 - ok
04:10:38.0291 3832 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
04:10:38.0354 3832 NDIS - ok
04:10:38.0372 3832 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
04:10:38.0419 3832 NdisCap - ok
04:10:38.0431 3832 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
04:10:38.0511 3832 NdisTapi - ok
04:10:38.0578 3832 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
04:10:38.0656 3832 Ndisuio - ok
04:10:38.0695 3832 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
04:10:38.0776 3832 NdisWan - ok
04:10:38.0791 3832 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
04:10:38.0836 3832 NDProxy - ok
04:10:38.0899 3832 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
04:10:38.0939 3832 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
04:10:38.0939 3832 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
04:10:38.0981 3832 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
04:10:39.0065 3832 NetBIOS - ok
04:10:39.0117 3832 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
04:10:39.0198 3832 NetBT - ok
04:10:39.0208 3832 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
04:10:39.0232 3832 Netlogon - ok
04:10:39.0300 3832 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
04:10:39.0391 3832 Netman - ok
04:10:39.0428 3832 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:10:39.0449 3832 NetMsmqActivator - ok
04:10:39.0478 3832 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:10:39.0500 3832 NetPipeActivator - ok
04:10:39.0544 3832 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
04:10:39.0644 3832 netprofm - ok
04:10:39.0660 3832 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:10:39.0681 3832 NetTcpActivator - ok
04:10:39.0685 3832 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:10:39.0706 3832 NetTcpPortSharing - ok
04:10:39.0739 3832 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
04:10:39.0760 3832 nfrd960 - ok
04:10:39.0830 3832 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
04:10:39.0889 3832 NlaSvc - ok
04:10:39.0954 3832 Norton PC Checkup Application Launcher - ok
04:10:39.0962 3832 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
04:10:40.0009 3832 Npfs - ok
04:10:40.0020 3832 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
04:10:40.0096 3832 nsi - ok
04:10:40.0112 3832 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
04:10:40.0188 3832 nsiproxy - ok
04:10:40.0231 3832 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
04:10:40.0298 3832 Ntfs - ok
04:10:40.0316 3832 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
04:10:40.0390 3832 Null - ok
04:10:40.0665 3832 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
04:10:40.0948 3832 nvlddmkm - ok
04:10:40.0986 3832 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
04:10:41.0010 3832 nvraid - ok
04:10:41.0040 3832 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
04:10:41.0065 3832 nvstor - ok
04:10:41.0130 3832 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
04:10:41.0166 3832 nvsvc - ok
04:10:41.0229 3832 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
04:10:41.0317 3832 nvUpdatusService - ok
04:10:41.0337 3832 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
04:10:41.0361 3832 nv_agp - ok
04:10:41.0457 3832 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
04:10:41.0503 3832 odserv - ok
04:10:41.0517 3832 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
04:10:41.0539 3832 ohci1394 - ok
04:10:41.0563 3832 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:10:41.0629 3832 ose - ok
04:10:41.0722 3832 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
04:10:41.0804 3832 p2pimsvc - ok
04:10:41.0825 3832 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
04:10:41.0862 3832 p2psvc - ok
04:10:41.0891 3832 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
04:10:41.0913 3832 Parport - ok
04:10:41.0933 3832 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
04:10:41.0954 3832 partmgr - ok
04:10:41.0965 3832 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
04:10:42.0023 3832 PcaSvc - ok
04:10:42.0103 3832 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe
04:10:42.0175 3832 PCCUJobMgr - ok
04:10:42.0190 3832 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
04:10:42.0220 3832 pci - ok
04:10:42.0247 3832 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
04:10:42.0267 3832 pciide - ok
04:10:42.0287 3832 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
04:10:42.0312 3832 pcmcia - ok
04:10:42.0373 3832 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
04:10:42.0444 3832 pcouffin - ok
04:10:42.0456 3832 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
04:10:42.0477 3832 pcw - ok
04:10:42.0504 3832 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
04:10:42.0588 3832 PEAUTH - ok
04:10:42.0692 3832 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
04:10:42.0753 3832 PerfHost - ok
04:10:42.0824 3832 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
04:10:42.0912 3832 pla - ok
04:10:42.0993 3832 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
04:10:43.0076 3832 PlugPlay - ok
04:10:43.0143 3832 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
04:10:43.0158 3832 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
04:10:43.0158 3832 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
04:10:43.0182 3832 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
04:10:43.0231 3832 PNRPAutoReg - ok
04:10:43.0273 3832 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
04:10:43.0305 3832 PNRPsvc - ok
04:10:43.0332 3832 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
04:10:43.0415 3832 PolicyAgent - ok
04:10:43.0463 3832 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
04:10:43.0545 3832 Power - ok
04:10:43.0589 3832 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
04:10:43.0667 3832 PptpMiniport - ok
04:10:43.0695 3832 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
04:10:43.0747 3832 Processor - ok
04:10:43.0786 3832 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
04:10:43.0870 3832 ProfSvc - ok
04:10:43.0886 3832 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
04:10:43.0909 3832 ProtectedStorage - ok
04:10:43.0970 3832 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
04:10:44.0047 3832 Psched - ok
04:10:44.0142 3832 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
04:10:44.0161 3832 PxHlpa64 - ok
04:10:44.0207 3832 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
04:10:44.0276 3832 ql2300 - ok
04:10:44.0293 3832 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
04:10:44.0315 3832 ql40xx - ok
04:10:44.0348 3832 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
04:10:44.0405 3832 QWAVE - ok
04:10:44.0438 3832 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
04:10:44.0486 3832 QWAVEdrv - ok
04:10:44.0520 3832 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
04:10:44.0566 3832 RasAcd - ok
04:10:44.0595 3832 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
04:10:44.0642 3832 RasAgileVpn - ok
04:10:44.0658 3832 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
04:10:44.0731 3832 RasAuto - ok
04:10:44.0768 3832 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
04:10:44.0845 3832 Rasl2tp - ok
04:10:44.0876 3832 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
04:10:44.0932 3832 RasMan - ok
04:10:44.0950 3832 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
04:10:45.0024 3832 RasPppoe - ok
04:10:45.0073 3832 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
04:10:45.0167 3832 RasSstp - ok
04:10:45.0198 3832 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
04:10:45.0280 3832 rdbss - ok
04:10:45.0307 3832 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
04:10:45.0332 3832 rdpbus - ok
04:10:45.0348 3832 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
04:10:45.0396 3832 RDPCDD - ok
04:10:45.0408 3832 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
04:10:45.0485 3832 RDPENCDD - ok
04:10:45.0503 3832 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
04:10:45.0549 3832 RDPREFMP - ok
04:10:45.0572 3832 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
04:10:45.0609 3832 RDPWD - ok
04:10:45.0641 3832 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
04:10:45.0666 3832 rdyboost - ok
04:10:45.0693 3832 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
04:10:45.0768 3832 RemoteAccess - ok
04:10:45.0817 3832 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
04:10:45.0902 3832 RemoteRegistry - ok
04:10:45.0927 3832 [ 6FAF5B04BEDC66D300D9D233B2D222F0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
04:10:46.0008 3832 rimmptsk - ok
04:10:46.0020 3832 [ 67F50C31713106FD1B0F286F86AA2B2E ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
04:10:46.0091 3832 rimsptsk - ok
04:10:46.0098 3832 [ 4D7EF3D46346EC4C58784DB964B365DE ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
04:10:46.0121 3832 rismxdp - ok
04:10:46.0175 3832 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
04:10:46.0262 3832 RpcEptMapper - ok
04:10:46.0292 3832 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
04:10:46.0315 3832 RpcLocator - ok
04:10:46.0400 3832 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
04:10:46.0454 3832 RpcSs - ok
04:10:46.0503 3832 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
04:10:46.0532 3832 RsFx0103 - ok
04:10:46.0555 3832 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
04:10:46.0630 3832 rspndr - ok
04:10:46.0678 3832 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
04:10:46.0711 3832 RTL8167 - ok
04:10:46.0753 3832 [ 24510C4A77ABA3B07AEFA840DB888637 ] RzSynapse C:\Windows\system32\DRIVERS\RzSynapse.sys
04:10:46.0781 3832 RzSynapse - ok
04:10:46.0790 3832 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
04:10:46.0813 3832 SamSs - ok
04:10:46.0910 3832 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
04:10:46.0927 3832 SASDIFSV - ok
04:10:46.0947 3832 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
04:10:46.0963 3832 SASKUTIL - ok
04:10:46.0989 3832 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
04:10:47.0011 3832 sbp2port - ok
04:10:47.0037 3832 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
04:10:47.0120 3832 SCardSvr - ok
04:10:47.0158 3832 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
04:10:47.0234 3832 scfilter - ok
04:10:47.0289 3832 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
04:10:47.0417 3832 Schedule - ok
04:10:47.0462 3832 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
04:10:47.0506 3832 SCPolicySvc - ok
04:10:47.0563 3832 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
04:10:47.0613 3832 sdbus - ok
04:10:47.0658 3832 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
04:10:47.0748 3832 SDRSVC - ok
04:10:47.0945 3832 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
04:10:47.0998 3832 SDScannerService - ok
04:10:48.0068 3832 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
04:10:48.0129 3832 SDUpdateService - ok
04:10:48.0145 3832 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
04:10:48.0176 3832 SDWSCService - ok
04:10:48.0204 3832 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
04:10:48.0274 3832 secdrv - ok
04:10:48.0309 3832 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
04:10:48.0386 3832 seclogon - ok
04:10:48.0423 3832 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
04:10:48.0503 3832 SENS - ok
04:10:48.0542 3832 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
04:10:48.0620 3832 SensrSvc - ok
04:10:48.0635 3832 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
04:10:48.0685 3832 Serenum - ok
04:10:48.0717 3832 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
04:10:48.0739 3832 Serial - ok
04:10:48.0766 3832 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
04:10:48.0815 3832 sermouse - ok
04:10:48.0849 3832 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
04:10:48.0929 3832 SessionEnv - ok
04:10:49.0020 3832 [ 6E81D09BEBB45D072C077C05567097E8 ] SfCtlCom C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
04:10:49.0084 3832 SfCtlCom - ok
04:10:49.0115 3832 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
04:10:49.0188 3832 sffdisk - ok
04:10:49.0248 3832 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
04:10:49.0302 3832 sffp_mmc - ok
04:10:49.0334 3832 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
04:10:49.0388 3832 sffp_sd - ok
04:10:49.0442 3832 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
04:10:49.0463 3832 sfloppy - ok
04:10:49.0545 3832 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
04:10:49.0627 3832 SharedAccess - ok
04:10:49.0650 3832 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
04:10:49.0729 3832 ShellHWDetection - ok
04:10:49.0780 3832 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
04:10:49.0828 3832 SiSGbeLH - ok
04:10:49.0858 3832 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
04:10:49.0879 3832 SiSRaid2 - ok
04:10:49.0898 3832 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
04:10:49.0920 3832 SiSRaid4 - ok
04:10:49.0980 3832 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
04:10:50.0149 3832 SkypeUpdate - ok
04:10:50.0155 3832 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
04:10:50.0202 3832 Smb - ok
04:10:50.0294 3832 [ 48BFC901748A6CBDBCADD7991C867060 ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
04:10:50.0387 3832 SmcService - ok
04:10:50.0454 3832 [ 767DE5FFE38B673C03551F50D96EBA0B ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
04:10:50.0490 3832 SNAC - ok
04:10:50.0524 3832 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
04:10:50.0574 3832 SNMPTRAP - ok
04:10:50.0622 3832 [ 2D280B5799F9C143FA7D49E032FBCE46 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
04:10:50.0741 3832 SNP2UVC - ok
04:10:50.0814 3832 [ 5F9785E7535F8F602CB294A54962C9E7 ] speedfan C:\Windows\syswow64\speedfan.sys
04:10:50.0837 3832 speedfan - ok
04:10:50.0855 3832 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
04:10:50.0875 3832 spldr - ok
04:10:50.0903 3832 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
04:10:50.0949 3832 Spooler - ok
04:10:51.0028 3832 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
04:10:51.0189 3832 sppsvc - ok
04:10:51.0220 3832 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
04:10:51.0300 3832 sppuinotify - ok
04:10:51.0376 3832 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\System32\Drivers\sptd.sys
04:10:51.0422 3832 sptd - ok
04:10:51.0513 3832 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
04:10:51.0558 3832 SQLAgent$SQLEXPRESS - ok
04:10:51.0615 3832 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
04:10:51.0685 3832 SQLBrowser - ok
04:10:51.0732 3832 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
04:10:51.0769 3832 SQLWriter - ok
04:10:51.0803 3832 [ B531FC8918DCDAAE638511A123C3465E ] SRTSP C:\Windows\system32\Drivers\SRTSP64.SYS
04:10:51.0829 3832 SRTSP - ok
04:10:51.0847 3832 [ 2BD3A73D0601320B72486FC3EBC2544F ] SRTSPL C:\Windows\system32\Drivers\SRTSPL64.SYS
04:10:51.0878 3832 SRTSPL - ok
04:10:51.0893 3832 [ 529B337C1AEEB289F0B502EB0EE6A8F5 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX64.SYS
04:10:51.0911 3832 SRTSPX - ok
04:10:51.0957 3832 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
04:10:52.0028 3832 srv - ok
04:10:52.0076 3832 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
04:10:52.0134 3832 srv2 - ok
04:10:52.0175 3832 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
04:10:52.0226 3832 srvnet - ok
04:10:52.0263 3832 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
04:10:52.0343 3832 SSDPSRV - ok
04:10:52.0362 3832 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
04:10:52.0415 3832 SstpSvc - ok
04:10:52.0502 3832 Steam Client Service - ok
04:10:52.0604 3832 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
04:10:52.0642 3832 Stereo Service - ok
04:10:52.0663 3832 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
04:10:52.0684 3832 stexstor - ok
04:10:52.0774 3832 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
04:10:52.0839 3832 StillCam - ok
04:10:52.0891 3832 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
04:10:52.0958 3832 stisvc - ok
04:10:52.0996 3832 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
04:10:53.0021 3832 swenum - ok
04:10:53.0119 3832 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
04:10:53.0211 3832 swprv - ok
04:10:53.0262 3832 [ D880FBD65B6F4885AC89628225B91398 ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
04:10:53.0320 3832 Symantec AntiVirus - ok
04:10:53.0393 3832 [ D1F1A5E72E33D6BE449F5F1F4A513DD1 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
04:10:53.0414 3832 SymEvent - ok
04:10:53.0480 3832 [ BE7311DA9D6833FA69ED04B744A1C8F8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
04:10:53.0504 3832 SynTP - ok
04:10:53.0555 3832 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
04:10:53.0675 3832 SysMain - ok
04:10:53.0751 3832 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
04:10:53.0814 3832 TabletInputService - ok
04:10:53.0900 3832 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
04:10:53.0993 3832 TapiSrv - ok
04:10:54.0043 3832 [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas C:\Windows\system32\DRIVERS\tapoas.sys
04:10:54.0113 3832 tapoas - ok
04:10:54.0134 3832 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
04:10:54.0216 3832 TBS - ok
04:10:54.0313 3832 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
04:10:54.0422 3832 Tcpip - ok
04:10:54.0510 3832 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
04:10:54.0562 3832 TCPIP6 - ok
04:10:54.0592 3832 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
04:10:54.0645 3832 tcpipreg - ok
04:10:54.0701 3832 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
04:10:54.0767 3832 TDPIPE - ok
04:10:54.0789 3832 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
04:10:54.0835 3832 TDTCP - ok
04:10:54.0877 3832 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
04:10:54.0924 3832 tdx - ok
04:10:54.0989 3832 [ EF6CCF8B483201F7196D83FC136FA43A ] Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys
04:10:55.0008 3832 Teefer2 - ok
04:10:55.0023 3832 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
04:10:55.0044 3832 TermDD - ok
04:10:55.0073 3832 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
04:10:55.0169 3832 TermService - ok
04:10:55.0212 3832 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
04:10:55.0265 3832 Themes - ok
04:10:55.0304 3832 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
04:10:55.0360 3832 THREADORDER - ok
04:10:55.0393 3832 [ 963C903E5176C5CDCAE321D48635B21F ] TMBMServer C:\Program Files\Trend Micro\BM\TMBMSRV.exe
04:10:55.0421 3832 TMBMServer - ok
04:10:55.0492 3832 [ 1E051F36680AA502EADAE4F0F7069091 ] tmpreflt C:\Windows\system32\DRIVERS\tmpreflt.sys
04:10:55.0517 3832 tmpreflt - ok
04:10:55.0561 3832 [ 3AE913B4FBF06EE49831FF9DB2330830 ] TmProxy C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
04:10:55.0624 3832 TmProxy - ok
04:10:55.0703 3832 [ 21CC12B7F8B44E91D03EAD5B17AAF0B2 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
04:10:55.0723 3832 tmtdi - ok
04:10:55.0776 3832 [ BB2C72500AE87AA178CF97674F210F21 ] tmxpflt C:\Windows\system32\DRIVERS\tmxpflt.sys
04:10:55.0799 3832 tmxpflt - ok
04:10:55.0830 3832 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
04:10:55.0915 3832 TrkWks - ok
04:10:55.0967 3832 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
04:10:56.0042 3832 TrustedInstaller - ok
04:10:56.0072 3832 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
04:10:56.0143 3832 tssecsrv - ok
04:10:56.0189 3832 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
04:10:56.0260 3832 TsUsbFlt - ok
04:10:56.0330 3832 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
04:10:56.0400 3832 tunnel - ok
04:10:56.0452 3832 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
04:10:56.0474 3832 uagp35 - ok
04:10:56.0522 3832 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
04:10:56.0616 3832 udfs - ok
04:10:56.0693 3832 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
04:10:56.0719 3832 UI0Detect - ok
04:10:56.0733 3832 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
04:10:56.0757 3832 uliagpkx - ok
04:10:56.0822 3832 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
04:10:56.0871 3832 umbus - ok
04:10:56.0884 3832 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
04:10:56.0941 3832 UmPass - ok
04:10:56.0977 3832 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
04:10:57.0066 3832 upnphost - ok
04:10:57.0131 3832 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
04:10:57.0201 3832 USBAAPL64 - ok
04:10:57.0216 3832 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
04:10:57.0293 3832 usbccgp - ok
04:10:57.0307 3832 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
04:10:57.0331 3832 usbcir - ok
04:10:57.0345 3832 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32

 
1. Did you already try to boot the machine in Safe Mode? In this way you still have instability troubles?
The machine is relatively stable at the moment; I am logged in normally. Once it randomly gets out of the cycle of continous BSOD's at start-up and loading the desktop it is relatively reliable. When my first random BSOD occurred I was streaming videos online. The two other times it did BSOD on me when I wasn't booting up was after playing Counter Strike: Global Offensive for a while and listening to Spotify. Also my computer shut down through a Windows auto-update when I left it up. Should I produce new dds.txt and attach.txt?
2. Can you backup your critical data?
I currently don't have an external hard-drive of adequate size. I'll try to purchase one this weekend; any recommended brands or types?
3. Do you have the Windows DVD?
I don't have a Windows DVD.
 
Also here is a screen shot of Symantec Endpoint Protection quarantine. The three from TDSSKiller were from 3/24 while the two from Symantec were from 3/26. This may also be a reason why my system has been somewhat stable recently.
qp5edj.png

Edited by Elise, 31 March 2013 - 03:29 PM.
Removed codeboxes to prevent slow loading


#7 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:12:17 PM

Posted 31 March 2013 - 01:20 PM

Hello rebelnyell  :)

 

TDSS Killer and ComboFix did the job, but your machine is not clean yet and we have to do some other things to fix it.

Let's start with removing exceeding security programs that potentially make your computer unstable due to potential conflicts.

 

Please go to Start => Control Panel => Programs and Features and uninstall

  1. Trend Micro Internet Security
  2. Spybot - Search & Destroy

In case you encounter problems with the Trend Micro uninstallation, please refer to this page.

 

Then

  • Please download TDSS Qlook and save it to your desktop.
  • Double-click the program and run it.
  • Type the letter A and press ENTER.
  • A logfile will open (TDSSQ.txt), please copy and paste (do not CODE) the contents of that logfile into your next reply.

 

 

Regards



#8 rebelnyell

rebelnyell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 02 April 2013 - 04:44 PM

I uninstalled both Trend Micro Internet Security and Spybot - Search & Destroy. Here is the log file generated by TDSSQlook.

 

TDSSQ.txt

 

TDSSKiller Quarantine Information log
TDSS Qlook Version 1.0.0.5 - Matthew - Tue 04/02/2013 - 17:38:54.91.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1  
***** START SCAN Tue 04/02/2013 17:38:55.46 *****
 
---------- TDSSKiller logs ----------
 
TDSSKiller.2.8.16.0_24.03.2013_02.13.28_log.txt
TDSSKiller.2.8.16.0_24.03.2013_02.44.08_log.txt
TDSSKiller.2.8.16.0_24.03.2013_03.37.23_log.txt
TDSSKiller.2.8.16.0_24.03.2013_04.09.51_log.txt
 
---------- TDSSStarter logs ----------
 
 
---------- DIR LIST ----------
 
C:\TDSSKiller_Quarantine\24.03.2013_03.37.23
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\object.ini
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\mbr0000
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\mbr0000\object.ini
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\mbr0000\tsk0000.ini
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\mbr0000\tsk0000.dta
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\mbr0000\tsk0002.ini
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\mbr0000\tsk0002.dta
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\mbr0000\tsk0001.ini
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\mbr0000\tsk0001.dta
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\object.ini
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\tsk0007.ini
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\tsk0007.dta
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\tsk0006.ini
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\tsk0006.dta
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\tsk0005.ini
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\tsk0005.dta
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\tsk0004.ini
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\tsk0004.dta
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\tsk0003.ini
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\tsk0003.dta
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\tsk0002.ini
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\tsk0002.dta
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\tsk0001.ini
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\tsk0000.ini
C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\tsk0000.dta
C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000
C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\object.ini
C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\tsk0007.ini
C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\tsk0007.dta
C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\tsk0006.ini
C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\tsk0006.dta
C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\tsk0005.ini
C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\tsk0005.dta
C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\tsk0004.ini
C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\tsk0004.dta
C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\tsk0003.ini
C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\tsk0003.dta
C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\tsk0002.ini
C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\tsk0002.dta
C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\tsk0001.ini
C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\tsk0000.ini
C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\tsk0000.dta
 
---------- INI FILES ----------
 
=== C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\object.ini
 
[InfectedObject]
Verdict: Rootkit.Boot.Pihar.c
 
 
=== C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\mbr0000\object.ini
 
[InfectedObject]
Type: MBR
Name: \Device\Harddisk0\DR0
 
 
=== C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\mbr0000\tsk0000.ini
 
[InfectedFile]
Type: Raw image
 
 
=== C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\mbr0000\tsk0001.ini
 
[InfectedFile]
Type: Raw BB image
 
 
=== C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\mbr0000\tsk0002.ini
 
[InfectedFile]
Type: Api image
 
 
=== C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\object.ini
 
[InfectedObject]
Verdict: TDSS File System
Name: \Device\Harddisk0\DR0
 
 
=== C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\tsk0000.ini
 
[InfectedFile]
Name: cmd64.dll
Size: 3072
File time: 2013/03/10 23:30:33.0286
 
 
=== C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\tsk0001.ini
 
[InfectedFile]
Name: drv32
Size: 39424
File time: 2013/03/10 23:30:33.0286
 
 
=== C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\tsk0002.ini
 
[InfectedFile]
Name: servers.dat
Size: 266
File time: 2013/03/10 23:30:33.0286
 
 
=== C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\tsk0003.ini
 
[InfectedFile]
Name: config.ini
Size: 57
File time: 2013/03/10 23:30:33.0286
 
 
=== C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\tsk0004.ini
 
[InfectedFile]
Name: ldr16
Size: 1233
File time: 2013/03/10 23:30:33.0286
 
 
=== C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\tsk0005.ini
 
[InfectedFile]
Name: s
Size: 70
File time: 2013/03/10 23:30:33.0286
 
 
=== C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\tsk0006.ini
 
[InfectedFile]
Name: ldrm
Size: 512
File time: 2013/03/10 23:30:33.0286
 
 
=== C:\TDSSKiller_Quarantine\24.03.2013_02.13.30\mbr0000\tdlfs0000\tsk0007.ini
 
[InfectedFile]
Name: u
Size: 28
File time: 2013/03/10 23:34:48.0058
 
 
=== C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\object.ini
 
[InfectedObject]
Verdict: TDSS File System
Name: \Device\Harddisk0\DR0
 
 
=== C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\tsk0000.ini
 
[InfectedFile]
Name: cmd64.dll
Size: 3072
File time: 2013/03/10 23:30:33.0286
 
 
=== C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\tsk0001.ini
 
[InfectedFile]
Name: drv32
Size: 39424
File time: 2013/03/10 23:30:33.0286
 
 
=== C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\tsk0002.ini
 
[InfectedFile]
Name: servers.dat
Size: 266
File time: 2013/03/10 23:30:33.0286
 
 
=== C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\tsk0003.ini
 
[InfectedFile]
Name: config.ini
Size: 57
File time: 2013/03/10 23:30:33.0286
 
 
=== C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\tsk0004.ini
 
[InfectedFile]
Name: ldr16
Size: 1233
File time: 2013/03/10 23:30:33.0286
 
 
=== C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\tsk0005.ini
 
[InfectedFile]
Name: s
Size: 70
File time: 2013/03/10 23:30:33.0286
 
 
=== C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\tsk0006.ini
 
[InfectedFile]
Name: ldrm
Size: 512
File time: 2013/03/10 23:30:33.0286
 
 
=== C:\TDSSKiller_Quarantine\24.03.2013_03.37.23\tdlfs0000\tsk0007.ini
 
[InfectedFile]
Name: u
Size: 28
File time: 2013/03/10 23:34:48.0058
 
 
***** END SCAN Tue 04/02/2013 17:38:56.06 *****
 

 

Also Symantec Endpoint Protection detects this every so often.

ne6nfa.png



#9 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:12:17 PM

Posted 04 April 2013 - 03:31 PM

Hi rebelnyell   :),

 

now please download  AdwCleaner and ComboFix, then put them on your desktop.

Once done, disconnect your computer from the internet then:

 

1- Run AdwCleaner

  1. Close all open programs and internet browsers
  2. Double click on the AdwCleaner icon to run the tool
  3. Click on Delete
  4. Confirm each time with Ok
  5. You will be prompted to restart your computer; a text file will open after the restart
  6. Close it and quit AdwCleaner

2- Run ComboFix

  • Close/disable all anti-virus and anti-malware programs. Refer to this page if you are not sure how
  • Close any open windows
  • Double click on ComboFix.exe and follow the prompts
  • During the scan leave your sick computer alone and do not mouseclick Combofix's window, it may cause it to stall
  • If ComboFix asks to restart your computer, allow it to do so
  • When finished, it will produce and display a report; close it

When done, post the contents of the C:\AdwCleaner[S1].txt and C:\ComboFix.txt files in your next reply.

 

 

Regards



#10 rebelnyell

rebelnyell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 07 April 2013 - 07:39 PM

AdwCleaner[S1].txt

# AdwCleaner v2.200 - Logfile created 04/07/2013 at 19:56:09
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Matthew - MATTHEW-PC
# Boot Mode : Normal
# Running from : C:\Users\Matthew\Desktop\Virus\New folder\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg
File Deleted : C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\eo9rymt3.default\searchplugins\Askcom.xml
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Program Files (x86)\Vuze Remote toolbar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delta
Folder Deleted : C:\Users\Matthew\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Matthew\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Delta
Folder Deleted : C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\eo9rymt3.default\extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\eRightSoft\OpenCandy
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.20 (en-US)

File : C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\eo9rymt3.default\prefs.js

C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\eo9rymt3.default\user.js ... Deleted !

Deleted : user_pref("CT1060933.CTID", "CT1060933");
Deleted : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Sun Mar 06 2011 18:14:01 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT1060933.CommunityChanged", true);
Deleted : user_pref("CT1060933.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1060933.DownloadDomainsCheckInterval", "168");
Deleted : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Sun Mar 06 2011 18:14:01 GMT-0500 (Eastern [...]
Deleted : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201073583");
Deleted : user_pref("CT1060933.DownloadReferralCookieData", "");
Deleted : user_pref("CT1060933.FirstTime", true);
Deleted : user_pref("CT1060933.FirstTimeFF3", true);
Deleted : user_pref("CT1060933.FixPageNotFoundErrors", true);
Deleted : user_pref("CT1060933.HasUserGlobalKeys", true);
Deleted : user_pref("CT1060933.Initialize", true);
Deleted : user_pref("CT1060933.InitializeCommonPrefs", true);
Deleted : user_pref("CT1060933.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT1060933.InstalledDate", "Sun Mar 06 2011 18:14:17 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT1060933.InvalidateCache", false);
Deleted : user_pref("CT1060933.IsGrouping", false);
Deleted : user_pref("CT1060933.IsMulticommunity", true);
Deleted : user_pref("CT1060933.IsOpenThankYouPage", true);
Deleted : user_pref("CT1060933.IsOpenUninstallPage", true);
Deleted : user_pref("CT1060933.LanguagePackLastCheckTime", "Sun Mar 06 2011 18:14:25 GMT-0500 (Eastern Standar[...]
Deleted : user_pref("CT1060933.Locale", "en-us");
Deleted : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1060933.RadioIsPodcast", false);
Deleted : user_pref("CT1060933.RadioLastCheckTime", "Sun Mar 06 2011 18:14:04 GMT-0500 (Eastern Standard Time)[...]
Deleted : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Deleted : user_pref("CT1060933.RadioMediaID", "21504191");
Deleted : user_pref("CT1060933.RadioMediaType", "Media Player");
Deleted : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");
Deleted : user_pref("CT1060933.RadioStationName", "KFOG");
Deleted : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");
Deleted : user_pref("CT1060933.SavedHomepage", "resource:/browserconfig.properties");
Deleted : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
Deleted : user_pref("CT1060933.ServiceMapLastCheckTime", "Sun Mar 06 2011 18:13:58 GMT-0500 (Eastern Standard [...]
Deleted : user_pref("CT1060933.SettingsLastCheckTime", "Sun Mar 06 2011 18:13:58 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("CT1060933.SettingsLastUpdate", "1298225550");
Deleted : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Sun Mar 06 2011 18:13:58 GMT-0500 (Eastern Sta[...]
Deleted : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT1060933.UserID", "UN09295636874277680");
Deleted : user_pref("CT1060933.ValidationData_Toolbar", 0);
Deleted : user_pref("CT1060933.alertChannelId", "15651");
Deleted : user_pref("CT1060933.testingCtid", "");
Deleted : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Sun Mar 06 2011 18:14:01 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Sun Mar 06 2011 18:14:25 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT1060933.usagesFlag", 1);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/US", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Mar 06 2011 18:16:08 GMT-0500 (Easte[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Mar 06 2011 18:13:57 GMT-0500 (Eastern S[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "db75f857-80b6-4e9a-a71a-2e1f79de4e9b");
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1060933");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "Freecorder Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&Sea[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.crossriderapp498.498.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp498.498.InstallationTime", 1324787681);
Deleted : user_pref("extensions.crossriderapp498.498.InstallationUserSettings.searchUserConifrmation", false);
Deleted : user_pref("extensions.crossriderapp498.498.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp498.498.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp498.498.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp498.498.active", true);
Deleted : user_pref("extensions.crossriderapp498.498.addressbar", "");
Deleted : user_pref("extensions.crossriderapp498.498.affid", "0");
Deleted : user_pref("extensions.crossriderapp498.498.backgroundjs", "\n/**************************************[...]
Deleted : user_pref("extensions.crossriderapp498.498.backgroundver", 4);
Deleted : user_pref("extensions.crossriderapp498.498.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp498.498.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:[...]
Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.value", "1324787681");
Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:0[...]
Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallerParams.value", "%7B%22sub_id%22%3A%22defa[...]
Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_geo.expiration", "Sun Jan 01 2012 00:50:44 GM[...]
Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_geo.value", "%7B%22geoplugin_city%22%3A%22Voo[...]
Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_parent_zoneid.value", "%2212475%22");
Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00[...]
Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_zoneid.value", "%2214425%22");
Deleted : user_pref("extensions.crossriderapp498.498.description", "RewardsArcade is a platform that allows us[...]
Deleted : user_pref("extensions.crossriderapp498.498.domain", "www.rewardsarcade.com");
Deleted : user_pref("extensions.crossriderapp498.498.emailsig", "");
Deleted : user_pref("extensions.crossriderapp498.498.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp498.498.exposesites", "");
Deleted : user_pref("extensions.crossriderapp498.498.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp498.498.group", 0);
Deleted : user_pref("extensions.crossriderapp498.498.homepage", "");
Deleted : user_pref("extensions.crossriderapp498.498.iframe", false);
Deleted : user_pref("extensions.crossriderapp498.498.js", "\n\nvar _GPL_PID = 18;\n\n(function($) {   \n\n  $.[...]
Deleted : user_pref("extensions.crossriderapp498.498.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp498.498.name", "RewardsArcade");
Deleted : user_pref("extensions.crossriderapp498.498.newtab", "");
Deleted : user_pref("extensions.crossriderapp498.498.opensearch", "");
Deleted : user_pref("extensions.crossriderapp498.498.premium", true);
Deleted : user_pref("extensions.crossriderapp498.498.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp498.498.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp498.498.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp498.498.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp498.498.thankyou", "hxxp://www.rewardsarcade.com/r.php?app_id=498[...]
Deleted : user_pref("extensions.crossriderapp498.498.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp498.498.ver", 61);
Deleted : user_pref("extensions.crossriderapp498.apps", "498");
Deleted : user_pref("extensions.crossriderapp498.bic", "13473c4390937b1312a426719d857aa8");
Deleted : user_pref("extensions.crossriderapp498.cid", 498);
Deleted : user_pref("extensions.crossriderapp498.firstrun", false);
Deleted : user_pref("extensions.crossriderapp498.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp498.installationdate", 1324792167);
Deleted : user_pref("extensions.crossriderapp498.jsver", 3);
Deleted : user_pref("extensions.crossriderapp498.lastcheck", 22079869);
Deleted : user_pref("extensions.crossriderapp498.lastcheckitem", 22079871);

File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\t5n9dge7.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [17186 octets] - [07/04/2013 19:56:09]

########## EOF - C:\AdwCleaner[S1].txt - [17247 octets] ##########
 

ComboFix.txt

ComboFix 13-04-06.02 - Matthew 04/07/2013  20:11:30.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6143.4072 [GMT -4:00]
Running from: c:\users\Matthew\Desktop\Virus\New folder\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-08 to 2013-04-08  )))))))))))))))))))))))))))))))
.
.
2013-04-08 00:29 . 2013-04-08 00:29    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-04-08 00:29 . 2013-04-08 00:29    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-04-08 00:29 . 2013-04-08 00:29    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2013-03-26 01:14 . 2013-02-12 04:12    19968    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-03-24 07:19 . 2013-03-24 07:19    --------    d-----w-    c:\users\Matthew\AppData\Roaming\SUPERAntiSpyware.com
2013-03-24 07:18 . 2013-03-24 07:19    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-03-24 07:18 . 2013-03-24 07:18    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-03-24 07:16 . 2013-03-27 13:52    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-03-24 06:46 . 2013-03-24 06:46    --------    d-----w-    c:\users\Matthew\AppData\Local\Programs
2013-03-24 06:36 . 2013-03-24 07:39    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-03-24 03:14 . 2013-03-24 03:16    --------    d-----w-    c:\users\Matthew\AppData\Roaming\Auslogics
2013-03-24 03:11 . 2013-03-24 03:11    --------    d-----w-    c:\program files (x86)\Auslogics
2013-03-20 21:53 . 2013-03-20 21:53    --------    d-----w-    c:\program files\CPUID
2013-03-19 23:54 . 2013-03-19 23:54    --------    d-----w-    c:\windows\Sun
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-02 21:33 . 2012-03-30 05:33    693976    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-02 21:33 . 2011-05-18 02:54    73432    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-18 04:12 . 2009-11-29 18:37    72013344    ----a-w-    c:\windows\system32\MRT.exe
2013-03-18 03:56 . 2009-12-25 07:39    82816    ----a-w-    c:\users\Matthew\AppData\Roaming\pcouffin.sys
2013-03-02 05:42 . 2010-07-14 23:16    45056    ----a-w-    c:\windows\system32\acovcnt.exe
2013-02-14 22:30 . 2013-02-14 22:30    40960    ----a-r-    c:\users\Matthew\AppData\Roaming\Microsoft\Installer\{88AD76C5-D208-4A11-A1B3-ACCCA67A6F26}\Updater.exe_FEF40581F5694A49B7DA66738F7AC16B.exe
2013-02-14 22:30 . 2013-02-14 22:30    40960    ----a-r-    c:\users\Matthew\AppData\Roaming\Microsoft\Installer\{88AD76C5-D208-4A11-A1B3-ACCCA67A6F26}\NewShortcut1_D434C24F80B2461C8F554E74F9F19D87.exe
2013-02-12 05:45 . 2013-03-18 03:55    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-18 03:55    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-18 03:55    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-18 03:55    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-18 03:55    474112    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-18 03:55    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-01-13 21:17 . 2013-02-28 08:00    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-28 08:00    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-28 08:00    10752    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-28 08:00    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-28 08:00    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 08:00    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 08:00    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 08:00    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 08:00    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:35 . 2013-02-28 08:00    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 08:00    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 08:00    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-28 08:00    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 08:00    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 08:00    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 08:00    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 08:00    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 08:00    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 08:00    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-28 08:00    1988096    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-28 08:00    293376    ----a-w-    c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-28 08:00    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-28 08:00    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-28 08:00    1504768    ----a-w-    c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-28 08:00    1643520    ----a-w-    c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-28 08:00    1175552    ----a-w-    c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-28 08:00    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-28 08:00    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-28 08:01    187392    ----a-w-    c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-28 08:00    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-28 08:00    363008    ----a-w-    c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-28 08:00    161792    ----a-w-    c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-28 08:00    1080832    ----a-w-    c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-28 08:00    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-28 08:00    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-28 08:00    1887232    ----a-w-    c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-28 08:00    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-28 08:00    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-28 08:00    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-28 08:00    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-28 08:01    221184    ----a-w-    c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-28 08:00    194560    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-28 08:00    1238528    ----a-w-    c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-28 08:00    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-28 08:00    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-28 08:00    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-28 08:00    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-28 08:00    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-28 08:00    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-28 08:00    1158144    ----a-w-    c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-28 08:00    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
2011-01-10 05:16 . 2011-01-10 05:16    255497    ----a-w-    c:\program files (x86)\RMPly00.exe
2006-05-03 16:06    163328    --sh--r-    c:\windows\SysWOW64\flvDX.dll
2007-02-21 17:47    31232    --sh--r-    c:\windows\SysWOW64\msfDX.dll
2008-03-16 19:30    216064    --sh--r-    c:\windows\SysWOW64\nbDX.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08    143360    ----a-w-    c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    94208    ----a-w-    c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    94208    ----a-w-    c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    94208    ----a-w-    c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Matthew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-04-03 1104280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"VolPanel"="c:\program files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" [2008-12-30 237693]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Turbo Gear Help"="c:\program files\ASUS\Turbo Gear\GearHelp.exe" [2009-08-06 1026048]
"Turbo Gear"="c:\program files\ASUS\Turbo Gear\TurboGear.exe" [2009-08-06 2987520]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]
"VMonitorVMUVC"="c:\program files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-03-26 135168]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-09-07 115560]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2012-12-03 610776]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-06 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-06 79360]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-29 1038088]
R3 JLTECH0227;Dual Mode Camera;c:\windows\system32\Drivers\jl2005c.sys [2007-11-17 79920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2009-12-25 82816]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-03-23 30720]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2009-03-11 198400]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 303616]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-13 834544]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2009-07-22 16384]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-15 359552]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2012-12-03 1270744]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.57\SymcPCCULaunchSvc.exe [2011-06-06 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe [2011-06-06 126392]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-07 72248]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-03-14 138912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-03-31 126464]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 03:10]
.
2013-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 03:10]
.
2013-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-751580679-1929281232-248088088-1001Core.job
- c:\users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03 19:36]
.
2013-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-751580679-1929281232-248088088-1001UA.job
- c:\users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03 19:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52    159744    ----a-w-    c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    97792    ----a-w-    c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    97792    ----a-w-    c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    97792    ----a-w-    c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    97792    ----a-w-    c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2010-11-05 01:57    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2010-11-05 01:57    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 120328]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ie
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: cinemanow.com
TCP: DhcpNameServer = 132.238.2.17 132.238.130.12
FF - ProfilePath - c:\users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\eo9rymt3.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 1
FF - ExtSQL: !HIDDEN! 2011-11-29 23:55; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-ASUS_ScreenSaver_GSeries - c:\windows\system32\ASUS_ScreenSaver_GSeries.scr
AddRemove-dBpowerAMP Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.57\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
   43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
   55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
   eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
   06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
   03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
   34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
   36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
   5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
   9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
   aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}"=hex:51,66,7a,6c,4c,1d,38,12,72,c0,6c,
   d6,0f,20,6b,06,f2,45,ef,9a,ea,fb,bc,76
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}"=hex:51,66,7a,6c,4c,1d,38,12,2e,fd,ed,
   e4,cb,b5,c0,07,c5,4e,3a,0c,a2,bd,bf,47
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
   f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
   f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:2e,dd,3f,55,35,59,cc,01
.
[HKEY_USERS\S-1-5-21-751580679-1929281232-248088088-1001\ *¬ !*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-751580679-1929281232-248088088-1001\p*¬ .*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-751580679-1929281232-248088088-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F41D5081-1599-656A-A457-0D8784641B31}*]
@Allowed: (Read) (RestrictedCode)
"iaeghejhmhejgcajmh"=hex:69,61,67,62,6e,65,6c,67,67,6b,6d,64,6d,69,6e,6e,63,6b,
   00,00
"hakhncejdibjmjpb"=hex:69,61,67,62,6e,65,6c,67,67,6b,6d,64,6d,69,6e,6e,63,6b,
   00,00
.
[HKEY_USERS\S-1-5-21-751580679-1929281232-248088088-1001\À*9 !*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-751580679-1929281232-248088088-1001\¬ */*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\05\0c\15\1e\15d"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-07  20:32:55
ComboFix-quarantined-files.txt  2013-04-08 00:32
ComboFix2.txt  2013-03-24 07:12
.
Pre-Run: 84,892,049,408 bytes free
Post-Run: 84,479,168,512 bytes free
.
- - End Of File - - 1E2E40A4F29BA4B137C2D1EA0253E1E3
 

 

I also got this pop-up while running combofix

2hn6h53.jpg



#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:17 PM

Posted 11 April 2013 - 01:12 PM

Hello,
Because clairvoyant is having technical difficulties I will work with you on this topic until he is back.
The error should be gone after a reboot and is nothing to worry about.


We need to execute a CF-script.

Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

Firefox::
FF - ProfilePath - c:\users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\eo9rymt3.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 1

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]


 


  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

CFScriptB-4.gif

 

  • Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 rebelnyell

rebelnyell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 11 April 2013 - 03:38 PM

ComboFix.txt

ComboFix 13-04-11.01 - Matthew 04/11/2013  16:14:01.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6143.3869 [GMT -4:00]
Running from: c:\users\Matthew\Desktop\Virus\New folder\ComboFix.exe
Command switches used :: c:\users\Matthew\Desktop\Virus\New folder\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Matthew\AppData\Local\{1B55AF30-F8E3-42FE-B303-87927C295CD0}
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-11 to 2013-04-11  )))))))))))))))))))))))))))))))
.
.
2013-04-11 20:32 . 2013-04-11 20:32    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-04-11 20:32 . 2013-04-11 20:32    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-04-11 20:32 . 2013-04-11 20:32    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2013-04-10 02:46 . 2013-02-15 06:06    3717632    ----a-w-    c:\windows\system32\mstscax.dll
2013-04-10 02:46 . 2013-02-15 04:37    3217408    ----a-w-    c:\windows\SysWow64\mstscax.dll
2013-04-10 02:46 . 2013-02-15 06:02    158720    ----a-w-    c:\windows\system32\aaclient.dll
2013-04-10 02:46 . 2013-02-15 04:34    131584    ----a-w-    c:\windows\SysWow64\aaclient.dll
2013-04-10 02:46 . 2013-02-15 06:08    44032    ----a-w-    c:\windows\system32\tsgqec.dll
2013-04-10 02:46 . 2013-02-15 03:25    36864    ----a-w-    c:\windows\SysWow64\tsgqec.dll
2013-04-10 02:46 . 2013-03-01 03:36    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-04-10 02:46 . 2013-03-02 06:04    1655656    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-10 02:45 . 2013-01-24 06:01    223752    ----a-w-    c:\windows\system32\drivers\fvevol.sys
2013-04-10 02:45 . 2013-03-19 06:04    5550424    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-04-10 02:45 . 2013-03-19 05:04    3968856    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 02:45 . 2013-03-19 05:04    3913560    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 02:45 . 2013-03-19 03:06    112640    ----a-w-    c:\windows\system32\smss.exe
2013-04-10 02:45 . 2013-03-19 05:46    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-04-10 02:45 . 2013-03-19 04:47    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2013-03-26 01:14 . 2013-02-12 04:12    19968    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-03-24 07:19 . 2013-03-24 07:19    --------    d-----w-    c:\users\Matthew\AppData\Roaming\SUPERAntiSpyware.com
2013-03-24 07:18 . 2013-03-24 07:19    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-03-24 07:18 . 2013-03-24 07:18    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-03-24 07:16 . 2013-03-27 13:52    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-03-24 06:46 . 2013-03-24 06:46    --------    d-----w-    c:\users\Matthew\AppData\Local\Programs
2013-03-24 06:36 . 2013-03-24 07:39    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-03-24 03:14 . 2013-03-24 03:16    --------    d-----w-    c:\users\Matthew\AppData\Roaming\Auslogics
2013-03-24 03:11 . 2013-03-24 03:11    --------    d-----w-    c:\program files (x86)\Auslogics
2013-03-20 21:53 . 2013-03-20 21:53    --------    d-----w-    c:\program files\CPUID
2013-03-19 23:54 . 2013-03-19 23:54    --------    d-----w-    c:\windows\Sun
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 07:03 . 2009-11-29 18:37    72702784    ----a-w-    c:\windows\system32\MRT.exe
2013-04-04 18:50 . 2011-03-21 20:02    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-04-02 21:33 . 2012-03-30 05:33    693976    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-02 21:33 . 2011-05-18 02:54    73432    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-18 03:56 . 2009-12-25 07:39    82816    ----a-w-    c:\users\Matthew\AppData\Roaming\pcouffin.sys
2013-03-02 05:42 . 2010-07-14 23:16    45056    ----a-w-    c:\windows\system32\acovcnt.exe
2013-02-14 22:30 . 2013-02-14 22:30    40960    ----a-r-    c:\users\Matthew\AppData\Roaming\Microsoft\Installer\{88AD76C5-D208-4A11-A1B3-ACCCA67A6F26}\Updater.exe_FEF40581F5694A49B7DA66738F7AC16B.exe
2013-02-14 22:30 . 2013-02-14 22:30    40960    ----a-r-    c:\users\Matthew\AppData\Roaming\Microsoft\Installer\{88AD76C5-D208-4A11-A1B3-ACCCA67A6F26}\NewShortcut1_D434C24F80B2461C8F554E74F9F19D87.exe
2013-02-12 05:45 . 2013-03-18 03:55    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-18 03:55    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-18 03:55    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-18 03:55    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-18 03:55    474112    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-18 03:55    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-01-13 21:17 . 2013-02-28 08:00    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-28 08:00    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-28 08:00    10752    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-28 08:00    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-28 08:00    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 08:00    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 08:00    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 08:00    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 08:00    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:35 . 2013-02-28 08:00    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 08:00    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 08:00    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-28 08:00    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 08:00    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 08:00    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 08:00    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 08:00    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 08:00    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 08:00    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-28 08:00    1988096    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-28 08:00    293376    ----a-w-    c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-28 08:00    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-28 08:00    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-28 08:00    1504768    ----a-w-    c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-28 08:00    1643520    ----a-w-    c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-28 08:00    1175552    ----a-w-    c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-28 08:00    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-28 08:00    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-28 08:01    187392    ----a-w-    c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-28 08:00    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-28 08:00    363008    ----a-w-    c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-28 08:00    161792    ----a-w-    c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-28 08:00    1080832    ----a-w-    c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-28 08:00    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-28 08:00    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-28 08:00    1887232    ----a-w-    c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-28 08:00    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-28 08:00    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-28 08:00    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-28 08:00    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-28 08:01    221184    ----a-w-    c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-28 08:00    194560    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-28 08:00    1238528    ----a-w-    c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-28 08:00    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-28 08:00    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-28 08:00    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-28 08:00    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-28 08:00    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-28 08:00    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-28 08:00    1158144    ----a-w-    c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-28 08:00    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
2011-01-10 05:16 . 2011-01-10 05:16    255497    ----a-w-    c:\program files (x86)\RMPly00.exe
2006-05-03 16:06    163328    --sh--r-    c:\windows\SysWOW64\flvDX.dll
2007-02-21 17:47    31232    --sh--r-    c:\windows\SysWOW64\msfDX.dll
2008-03-16 19:30    216064    --sh--r-    c:\windows\SysWOW64\nbDX.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08    143360    ----a-w-    c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    94208    ----a-w-    c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    94208    ----a-w-    c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    94208    ----a-w-    c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Matthew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-04-09 1104280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"VolPanel"="c:\program files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" [2008-12-30 237693]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Turbo Gear Help"="c:\program files\ASUS\Turbo Gear\GearHelp.exe" [2009-08-06 1026048]
"Turbo Gear"="c:\program files\ASUS\Turbo Gear\TurboGear.exe" [2009-08-06 2987520]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]
"VMonitorVMUVC"="c:\program files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-03-26 135168]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-09-07 115560]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2012-12-03 610776]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-06 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-06 79360]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-29 1038088]
R3 JLTECH0227;Dual Mode Camera;c:\windows\system32\Drivers\jl2005c.sys [2007-11-17 79920]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2009-12-25 82816]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-03-23 30720]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2009-03-11 198400]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 303616]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-13 834544]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2009-07-22 16384]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-15 359552]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2012-12-03 1270744]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.57\SymcPCCULaunchSvc.exe [2011-06-06 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe [2011-06-06 126392]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-07 72248]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-03-14 138912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-03-31 126464]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 03:10]
.
2013-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 03:10]
.
2013-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-751580679-1929281232-248088088-1001Core.job
- c:\users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03 19:36]
.
2013-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-751580679-1929281232-248088088-1001UA.job
- c:\users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03 19:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52    159744    ----a-w-    c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    97792    ----a-w-    c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    97792    ----a-w-    c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    97792    ----a-w-    c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49    97792    ----a-w-    c:\users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2010-11-05 01:57    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2010-11-05 01:57    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 120328]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ie
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: cinemanow.com
TCP: DhcpNameServer = 132.238.2.17 132.238.130.12
FF - ProfilePath - c:\users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\eo9rymt3.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF - ExtSQL: !HIDDEN! 2011-11-29 23:55; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-ASUS_ScreenSaver_GSeries - c:\windows\system32\ASUS_ScreenSaver_GSeries.scr
AddRemove-dBpowerAMP Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.57\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:2e,dd,3f,55,35,59,cc,01
.
[HKEY_USERS\S-1-5-21-751580679-1929281232-248088088-1001\ *¬ !*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-751580679-1929281232-248088088-1001\p*¬ .*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-751580679-1929281232-248088088-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F41D5081-1599-656A-A457-0D8784641B31}*]
@Allowed: (Read) (RestrictedCode)
"iaeghejhmhejgcajmh"=hex:69,61,67,62,6e,65,6c,67,67,6b,6d,64,6d,69,6e,6e,63,6b,
   00,00
"hakhncejdibjmjpb"=hex:69,61,67,62,6e,65,6c,67,67,6b,6d,64,6d,69,6e,6e,63,6b,
   00,00
.
[HKEY_USERS\S-1-5-21-751580679-1929281232-248088088-1001\À*9 !*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-751580679-1929281232-248088088-1001\¬ */*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\05\0c\15\1e\15d"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-11  16:36:28
ComboFix-quarantined-files.txt  2013-04-11 20:36
ComboFix2.txt  2013-04-08 00:32
ComboFix3.txt  2013-03-24 07:12
.
Pre-Run: 79,348,281,344 bytes free
Post-Run: 79,032,254,464 bytes free
.
- - End Of File - - 6BDBA4B1A82FD12080F8F28627B9C1DE
 



#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:17 PM

Posted 11 April 2013 - 04:08 PM

That looks good, how is everything running at this point? Do you have any problem left?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 rebelnyell

rebelnyell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 11 April 2013 - 11:18 PM

Everything seems to be running well. My only concern is that I receive this from Symantec about once every night. So i suspect there is still something on my machine though it isn't noticeably hindering anything at the moment. Anyways thanks for you help guys.

2dqc6e.png



#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:17 PM

Posted 12 April 2013 - 02:00 AM

Could you tell me what you see under "action description"?

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!
 

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 7u13.
  • Look for "JDK 7u17 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.



I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users