Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans and some other stuff- Help Appreciated


  • Please log in to reply
4 replies to this topic

#1 erd48

erd48

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 01 April 2013 - 07:18 PM

Hi Guys,

 

My PC has shutdown a few times recently and boot up is a little slow. Malware-bytes id'd two trojans but is unsuccessful at cleaning them. SUPERAntiSpyware id'd some tracking cookies and cleaned them but they seem to be returning. Attached are the latest logs.

 

Your help as always is appreciated.

 

John

Attached Files



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:49 PM

Posted 01 April 2013 - 07:35 PM

Hello, I moved this to the Am I Infected forum as that section has log requirements.

 

Did you click Remove Selected after the MBAM scan?  As the log shows "No action taken.."

 

Please run these also..

 


MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

 

 

 

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)
 
Do not change the default options on scan results.

 

 

 

Please download AdwCleaner by Xplode onto your desktop.
•Close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with Ok.
•You will be prompted to restart your computer. A text file will open after the restart.
•Please post the contents of that logfile with your next reply.
•You can find the logfile at C:\AdwCleaner[S1].txt as well.


>>>>

Now I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.

 

 

 

How is it now?


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 LGhost

LGhost

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 01 April 2013 - 07:39 PM

Have you tried to clean the virus in Safe Mode ?



#4 erd48

erd48
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 02 April 2013 - 05:37 AM

Boopme,

Thanks so much for the quick response. With regard to the Malware-bytes log, I ran it twice. The first time I ran it to 'remove selected' but when I rebooted and ran it a second time the viruses were still there. I t was the second log I attached.

 

Here are the logs from the actions you requested me to perform. Looks like it found and fixed a few things. Let me know if you see anything else or need me to run anything else.

 

I ran another Malware-Byte scan after everything else. The log is at the bottom of the page.

 

So far so good!

 

John

 

MiniToolBox by Farbar  Version:05-03-2013
Ran by John (administrator) on 01-04-2013 at 18:58:54
Running from "C:\Users\John\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

802.11n Wireless LAN Card = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : John-HP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection* 17:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Check Point Virtual Network Adapter For Endpoint VPN Client
   Physical Address. . . . . . . . . : 54-0B-70-1A-43-0F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : AC-81-12-68-20-4B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : 802.11n Wireless LAN Card
   Physical Address. . . . . . . . . : AC-81-12-68-20-4A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::25bd:c3e1:91e9:254c%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, April 01, 2013 6:00:35 PM
   Lease Expires . . . . . . . . . . : Tuesday, April 02, 2013 6:00:37 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 246186258
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-5A-76-24-E0-69-95-82-D2-22
   DNS Servers . . . . . . . . . . . : 208.180.42.68
                                       208.180.42.100
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : E0-69-95-82-D2-22
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A414CE73-0AFA-4FA2-B3F5-77E6497A5767}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2c6d:3e51:3f57:fe98(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2c6d:3e51:3f57:fe98%10(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  rdns01.suddenlink.net
Address:  208.180.42.68

Name:    google.com
Addresses:  2607:f8b0:4000:802::1000
      74.125.227.101
      74.125.227.102
      74.125.227.103
      74.125.227.104
      74.125.227.105
      74.125.227.110
      74.125.227.96
      74.125.227.97
      74.125.227.98
      74.125.227.99
      74.125.227.100


Pinging google.com [74.125.227.64] with 32 bytes of data:
Reply from 74.125.227.64: bytes=32 time=32ms TTL=54
Reply from 74.125.227.64: bytes=32 time=31ms TTL=54

Ping statistics for 74.125.227.64:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 31ms, Maximum = 32ms, Average = 31ms
Server:  rdns01.suddenlink.net
Address:  208.180.42.68

Name:    yahoo.com
Addresses:  98.139.183.24
      206.190.36.45
      98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=543ms TTL=44
Reply from 206.190.36.45: bytes=32 time=566ms TTL=44

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 543ms, Maximum = 566ms, Average = 554ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 21...54 0b 70 1a 43 0f ......Check Point Virtual Network Adapter For Endpoint VPN Client
 13...ac 81 12 68 20 4b ......Microsoft Virtual WiFi Miniport Adapter
 12...ac 81 12 68 20 4a ......802.11n Wireless LAN Card
 11...e0 69 95 82 d2 22 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 10...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.103     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.103    281
    192.168.1.103  255.255.255.255         On-link     192.168.1.103    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.103    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.103    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.103    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 10     58 2001::/32                On-link
 10    306 2001:0:4137:9e76:2c6d:3e51:3f57:fe98/128
                                    On-link
 12    281 fe80::/64                On-link
 10    306 fe80::/64                On-link
 12    281 fe80::25bd:c3e1:91e9:254c/128
                                    On-link
 10    306 fe80::2c6d:3e51:3f57:fe98/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/01/2013 06:05:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000420
Fault offset: 0x00013ce2
Faulting process id: 0x13a4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (04/01/2013 05:12:13 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000420
Fault offset: 0x00013ce2
Faulting process id: 0x107c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (04/01/2013 05:10:53 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000420
Fault offset: 0x00013ce2
Faulting process id: 0x13b8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (04/01/2013 05:04:45 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000420
Fault offset: 0x00013ce2
Faulting process id: 0xfac
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (04/01/2013 04:59:15 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x00032949
Faulting process id: 0x11f4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (04/01/2013 04:55:23 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/01/2013 04:55:23 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/01/2013 04:55:23 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/01/2013 04:55:23 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (04/01/2013 04:55:21 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (04/01/2013 06:33:05 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{A414CE73-0AFA-4FA2-B3F5-77E6497A5767}.
The backup browser is stopping.

Error: (04/01/2013 06:00:24 PM) (Source: Service Control Manager) (User: )
Description: The VPN-1 Module service failed to start due to the following error:
%%1275

Error: (04/01/2013 06:00:24 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\vpn.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/01/2013 06:00:24 PM) (Source: Service Control Manager) (User: )
Description: The Check Point VPN-1 Securemote watchdog service depends the following service: FW1. This service might not be installed.

Error: (04/01/2013 06:00:24 PM) (Source: Service Control Manager) (User: )
Description: The Check Point VPN-1 Securemote service service depends the following service: FW1. This service might not be installed.

Error: (04/01/2013 05:58:46 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (04/01/2013 05:16:22 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/01/2013 04:55:53 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (04/01/2013 04:55:23 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/01/2013 04:55:23 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.


Microsoft Office Sessions:
=========================
Error: (04/01/2013 06:05:51 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5unknown0.0.0.000000000c000042000013ce213a401ce2f353666111f\\.\globalroot\systemroot\svchost.exeunknown142b4aa2-9b29-11e2-ad9c-540b701a430f

Error: (04/01/2013 05:12:13 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5unknown0.0.0.000000000c000042000013ce2107c01ce2ec9b05b71e8\\.\globalroot\systemroot\svchost.exeunknown00f2a5ae-9abd-11e2-b5b2-540b701a430f

Error: (04/01/2013 05:10:53 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5unknown0.0.0.000000000c000042000013ce213b801ce2ec8d1022aa1\\.\globalroot\systemroot\svchost.exeunknownd0c5cd8f-9abc-11e2-b5b2-540b701a430f

Error: (04/01/2013 05:04:45 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5unknown0.0.0.000000000c000042000013ce2fac01ce2ec824fabefb\\.\globalroot\systemroot\svchost.exeunknownf5c4e2cf-9abb-11e2-b5b2-540b701a430f

Error: (04/01/2013 04:59:15 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5ntdll.dll6.1.7601.177254ec49b8fc00000050003294911f401ce2ec777f38aa2\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\ntdll.dll30d8d7bb-9abb-11e2-b5b2-540b701a430f

Error: (04/01/2013 04:55:23 AM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/01/2013 04:55:23 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/01/2013 04:55:23 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/01/2013 04:55:23 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (04/01/2013 04:55:21 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore


CodeIntegrity Errors:
===================================
  Date: 2013-03-19 06:34:05.371
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-19 06:34:05.293
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-19 06:34:05.215
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-19 06:34:05.137
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-11 17:45:57.132
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-11 17:45:57.101
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Agatha Christie - Peril at End House (Version: 2.2.0.95)
Amazon MP3 Downloader 1.0.12 (Version: 1.0.12)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Blackhawk Striker 2 (Version: 2.2.0.95)
Blasterball 3 (Version: 2.2.0.95)
Blio (Version: 2.0.5350)
Bonjour (Version: 3.0.0.10)
Boris Graffiti for Corel (Version: 5.40.0700)
Bounce Symphony (Version: 2.2.0.95)
Build-a-lot 2 (Version: 2.2.0.95)
Cake Mania (Version: 2.2.0.95)
CCleaner (Version: 3.26)
Check Point VPN (Version: 75.20.0000)
Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA3 (Version: 1.00.0000)
Chuzzle Deluxe (Version: 2.2.0.95)
Common (Version: 14.0.0.342)
Contents (Version: 14.0.0.342)
Contents (Version: 15.1.0.34)
Contents (Version: 16.0.0.106)
Corel VideoStudio Pro Title Pack (Version: 1.00.0000)
Corel VideoStudio Pro X4 (Version: 14.2.0.23)
Corel VideoStudio Pro X6 (Version: 16.0.0.106)
Corel VideoStudio Ultimate X5 (Version: 15.2.0.10)
CyberLink DVD Suite Deluxe (Version: 7.0.3210)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler (Version: 2.13)
DeviceIO (Version: 14.0.0.342)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
DivX Setup (Version: 2.5.0.8)
Dora's World Adventure (Version: 2.2.0.95)
DVD Menu Pack for HP MediaSmart Video (Version: 4.2.4412)
Escape Rosecliff Island (Version: 2.2.0.95)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Farm Frenzy (Version: 2.2.0.95)
FATE (Version: 2.2.0.95)
Final Drive Nitro (Version: 2.2.0.95)
Google Chrome (Version: 26.0.1410.43)
Heroes of Hellas 2 - Olympia (Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Game Console
HP Games (Version: 1.0.1.5)
HP MediaSmart DVD (Version: 4.2.4725)
HP MediaSmart Music (Version: 4.2.4517)
HP MediaSmart Photo (Version: 4.2.4513)
HP MediaSmart SmartMenu (Version: 3.1.2.4)
HP MediaSmart Video (Version: 4.2.4522)
HP MediaSmart/TouchSmart Netflix (Version: 1.0.4.0)
HP MovieStore (Version: 1.0.027)
HP MovieStore (Version: 2.0.2)
HP Odometer (Version: 2.10.0000)
HP Setup (Version: 8.4.4400.3525)
HP Setup Manager (Version: 1.0.12844.3519)
HP Support Assistant (Version: 7.0.39.15)
HP Support Information (Version: 10.1.1000)
HP Update (Version: 5.002.003.003)
HP Vision Hardware Diagnostics (Version: 2.1.6.0)
Hulu Desktop (Version: 0.9.13)
ICA (Version: 14.0.0.342)
ICA (Version: 15.1.0.34)
ICA (Version: 16.0.0.106)
IDT Audio (Version: 1.0.6302.0)
ImgBurn (Version: 2.5.7.0)
Intel® Management Engine Components (Version: 7.0.0.1118)
IPM_VS_Pro (Version: 13.0)
IPM_VS_Pro (Version: 15.0)
IPM_VS_Pro (Version: 16.0)
ISCOM (Version: 14.0.0.342)
ISCOM (Version: 15.1.0.34)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 25 (64-bit) (Version: 6.0.250)
Java™ 6 Update 31 (Version: 6.0.310)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
Kobo (Version: 1.6)
LabelPrint (Version: 2.5.3130)
LightScribe System Software (Version: 1.18.20.1)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Movie Maker 6.0 for Windows 7 (64-bit) (Version: 6.0.0)
Movie Theme Pack for HP MediaSmart Video (Version: 4.2.4412)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery P.I. - The London Caper (Version: 2.2.0.95)
Norton Internet Security (Version: 19.9.1.14)
Norton Online Backup (Version: 2.1.17869)
NVIDIA Display Control Panel (Version: 6.14.12.5936)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA PhysX (Version: 9.10.0224)
PDF Complete Special Edition (Version: 4.0.14)
Penguins! (Version: 2.2.0.95)
PhotoNow! (Version: 1.1.7717)
PictureMover (Version: 3.5.0.33)
Plants vs. Zombies (Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Power2Go (Version: 6.1.4329)
PowerDirector (Version: 8.0.3129)
PressReader (Version: 5.10.1102.0)
proDAD Mercalli 2.0 (Version: 2.0.96)
proDAD Route 4.0 (Version: 4.0.192.1)
proDAD Vitascene 2.0 (Version: 2.0.179)
PureHD (Version: 14.0.0.342)
QuickTime (Version: 7.55.90.70)
Ralink RT2860 Wireless LAN Card
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealPlayer (Version: 15.0.6)
RealUpgrade 1.1 (Version: 1.1.0)
Recovery Manager (Version: 5.5.3219)
Replay Media Catcher 4 (Version: 4.2.1)
RoxioNow Player (Version: 1.9.5.101)
Setup (Version: 14.0.0.342)
Setup (Version: 15.1.0.34)
Setup (Version: 16.0.0.106)
Share (Version: 14.0.0.342)
Share (Version: 15.1.0.34)
Share (Version: 16.0.0.106)
Share64 (Version: 14.0.0.342)
Share64 (Version: 15.1.0.34)
Share64 (Version: 16.0.0.106)
Skype™ 5.10 (Version: 5.10.116)
SmartSound Common Data (Version: 1.1.0)
SmartSound Quicktracks 5 (Version: 5.1.6)
SpiceFX for Movie Maker DEMO (Version: 6.0.1)
SUPERAntiSpyware (Version: 5.0.1146)
swMSM (Version: 12.0.0.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VIO (Version: 14.0.0.342)
Virtual Families (Version: 2.2.0.95)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
VSClassic (Version: 14.0.0.342)
VSClassic (Version: 15.1.0.34)
VSClassic (Version: 16.0.0.106)
VSHelp (Version: 15.1.0.34)
VSHelp (Version: 16.0.0.106)
VSPro (Version: 14.0.0.342)
VSPro (Version: 16.0.0.106)
VSUltimate (Version: 15.1.0.34)
Wheel of Fortune 2 (Version: 2.2.0.95)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
WinRAR 4.00 (32-bit) (Version: 4.00.0)
WinX DVD Ripper 5.5.7
Zinio Reader 4 (Version: 4.0.3184)
Zuma Deluxe (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 52%
Total physical RAM: 6126.54 MB
Available physical RAM: 2901.24 MB
Total Pagefile: 12251.27 MB
Available Pagefile: 9022.53 MB
Total Virtual: 4095.88 MB
Available Virtual: 3953.04 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:918.43 GB) (Free:656.4 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:12.98 GB) (Free:1.59 GB) NTFS
4 Drive f: (FreeAgent Drive) (Fixed) (Total:931.51 GB) (Free:15.42 GB) NTFS
8 Drive j: (My Book) (Fixed) (Total:465.65 GB) (Free:262.6 GB) FAT32

========================= Users: ========================================

User accounts for \\JOHN-HP

Administrator            Guest                    John                     


**** End of log ****
 

 

 

 

19:02:04.0445 1628  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:02:05.0051 1628  ============================================================
19:02:05.0051 1628  Current date / time: 2013/04/01 19:02:05.0051
19:02:05.0051 1628  SystemInfo:
19:02:05.0051 1628  
19:02:05.0051 1628  OS Version: 6.1.7601 ServicePack: 1.0
19:02:05.0051 1628  Product type: Workstation
19:02:05.0051 1628  ComputerName: JOHN-HP
19:02:05.0051 1628  UserName: John
19:02:05.0051 1628  Windows directory: C:\Windows
19:02:05.0051 1628  System windows directory: C:\Windows
19:02:05.0051 1628  Running under WOW64
19:02:05.0051 1628  Processor architecture: Intel x64
19:02:05.0051 1628  Number of processors: 4
19:02:05.0051 1628  Page size: 0x1000
19:02:05.0051 1628  Boot type: Normal boot
19:02:05.0051 1628  ============================================================
19:02:05.0737 1628  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:02:05.0742 1628  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:02:11.0689 1628  Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:02:16.0955 1628  ============================================================
19:02:16.0955 1628  \Device\Harddisk0\DR0:
19:02:16.0955 1628  MBR partitions:
19:02:16.0955 1628  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:02:16.0955 1628  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72CDD000
19:02:16.0955 1628  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72D0F800, BlocksNum 0x19F6800
19:02:16.0955 1628  \Device\Harddisk1\DR1:
19:02:16.0955 1628  MBR partitions:
19:02:16.0955 1628  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
19:02:16.0956 1628  \Device\Harddisk2\DR2:
19:02:16.0962 1628  MBR partitions:
19:02:16.0962 1628  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
19:02:16.0962 1628  ============================================================
19:02:16.0987 1628  C: <-> \Device\Harddisk0\DR0\Partition2
19:02:17.0028 1628  D: <-> \Device\Harddisk0\DR0\Partition3
19:02:17.0028 1628  J: <-> \Device\Harddisk2\DR2\Partition1
19:02:17.0043 1628  F: <-> \Device\Harddisk1\DR1\Partition1
19:02:17.0043 1628  ============================================================
19:02:17.0043 1628  Initialize success
19:02:17.0043 1628  ============================================================
19:02:47.0247 4368  ============================================================
19:02:47.0247 4368  Scan started
19:02:47.0247 4368  Mode: Manual; TDLFS;
19:02:47.0247 4368  ============================================================
19:02:47.0884 4368  ================ Scan system memory ========================
19:02:47.0884 4368  System memory - ok
19:02:47.0884 4368  ================ Scan services =============================
19:02:47.0984 4368  [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
19:02:47.0985 4368  !SASCORE - ok
19:02:48.0156 4368  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:02:48.0179 4368  1394ohci - ok
19:02:48.0211 4368  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:02:48.0216 4368  ACPI - ok
19:02:48.0230 4368  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:02:48.0231 4368  AcpiPmi - ok
19:02:48.0297 4368  [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:02:48.0298 4368  AdobeARMservice - ok
19:02:48.0333 4368  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:02:48.0359 4368  adp94xx - ok
19:02:48.0389 4368  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:02:48.0395 4368  adpahci - ok
19:02:48.0408 4368  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:02:48.0412 4368  adpu320 - ok
19:02:48.0435 4368  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:02:48.0437 4368  AeLookupSvc - ok
19:02:48.0492 4368  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
19:02:48.0494 4368  AESTFilters - ok
19:02:48.0532 4368  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:02:48.0540 4368  AFD - ok
19:02:48.0596 4368  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:02:48.0599 4368  agp440 - ok
19:02:48.0621 4368  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:02:48.0623 4368  ALG - ok
19:02:48.0642 4368  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:02:48.0664 4368  aliide - ok
19:02:48.0683 4368  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:02:48.0685 4368  amdide - ok
19:02:48.0707 4368  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:02:48.0709 4368  AmdK8 - ok
19:02:48.0721 4368  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:02:48.0724 4368  AmdPPM - ok
19:02:48.0751 4368  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:02:48.0753 4368  amdsata - ok
19:02:48.0781 4368  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:02:48.0785 4368  amdsbs - ok
19:02:48.0799 4368  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:02:48.0800 4368  amdxata - ok
19:02:48.0837 4368  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:02:48.0839 4368  AppID - ok
19:02:48.0867 4368  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:02:48.0869 4368  AppIDSvc - ok
19:02:48.0893 4368  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:02:48.0895 4368  Appinfo - ok
19:02:48.0933 4368  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:02:48.0934 4368  Apple Mobile Device - ok
19:02:48.0954 4368  [ 1B1A533F3BE2A540C8F58F14B2886A97 ] appliand        C:\Windows\system32\DRIVERS\appliand.sys
19:02:48.0956 4368  appliand - ok
19:02:48.0959 4368  [ 1B1A533F3BE2A540C8F58F14B2886A97 ] appliandMP      C:\Windows\system32\DRIVERS\appliand.sys
19:02:48.0960 4368  appliandMP - ok
19:02:48.0985 4368  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:02:48.0987 4368  arc - ok
19:02:49.0001 4368  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:02:49.0004 4368  arcsas - ok
19:02:49.0028 4368  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:02:49.0029 4368  AsyncMac - ok
19:02:49.0071 4368  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:02:49.0073 4368  atapi - ok
19:02:49.0101 4368  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:02:49.0110 4368  AudioEndpointBuilder - ok
19:02:49.0122 4368  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:02:49.0127 4368  AudioSrv - ok
19:02:49.0153 4368  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:02:49.0156 4368  AxInstSV - ok
19:02:49.0183 4368  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:02:49.0209 4368  b06bdrv - ok
19:02:49.0231 4368  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:02:49.0235 4368  b57nd60a - ok
19:02:49.0263 4368  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:02:49.0266 4368  BDESVC - ok
19:02:49.0276 4368  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:02:49.0277 4368  Beep - ok
19:02:49.0304 4368  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:02:49.0314 4368  BFE - ok
19:02:49.0479 4368  [ E92A3DA47BED7CC65D264235617ED46E ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20130322.001\BHDrvx64.sys
19:02:49.0490 4368  BHDrvx64 - ok
19:02:49.0535 4368  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:02:49.0548 4368  BITS - ok
19:02:49.0592 4368  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:02:49.0609 4368  blbdrive - ok
19:02:49.0651 4368  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:02:49.0655 4368  Bonjour Service - ok
19:02:49.0679 4368  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:02:49.0681 4368  bowser - ok
19:02:49.0702 4368  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:02:49.0704 4368  BrFiltLo - ok
19:02:49.0714 4368  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:02:49.0715 4368  BrFiltUp - ok
19:02:49.0735 4368  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
19:02:49.0737 4368  BridgeMP - ok
19:02:49.0758 4368  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:02:49.0760 4368  Browser - ok
19:02:49.0776 4368  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:02:49.0780 4368  Brserid - ok
19:02:49.0796 4368  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:02:49.0798 4368  BrSerWdm - ok
19:02:49.0812 4368  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:02:49.0813 4368  BrUsbMdm - ok
19:02:49.0824 4368  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:02:49.0825 4368  BrUsbSer - ok
19:02:49.0836 4368  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:02:49.0838 4368  BTHMODEM - ok
19:02:49.0865 4368  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:02:49.0887 4368  bthserv - ok
19:02:50.0082 4368  catchme - ok
19:02:50.0207 4368  [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS       C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys
19:02:50.0229 4368  ccSet_NIS - ok
19:02:50.0267 4368  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:02:50.0270 4368  cdfs - ok
19:02:50.0318 4368  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
19:02:50.0325 4368  cdrom - ok
19:02:50.0369 4368  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:02:50.0397 4368  CertPropSvc - ok
19:02:50.0435 4368  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:02:50.0437 4368  circlass - ok
19:02:50.0468 4368  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:02:50.0472 4368  CLFS - ok
19:02:50.0538 4368  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:02:50.0539 4368  clr_optimization_v2.0.50727_32 - ok
19:02:50.0571 4368  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:02:50.0572 4368  clr_optimization_v2.0.50727_64 - ok
19:02:50.0669 4368  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:02:50.0674 4368  clr_optimization_v4.0.30319_32 - ok
19:02:50.0711 4368  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:02:50.0713 4368  clr_optimization_v4.0.30319_64 - ok
19:02:50.0758 4368  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:02:50.0764 4368  CmBatt - ok
19:02:50.0806 4368  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:02:50.0810 4368  cmdide - ok
19:02:50.0920 4368  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
19:02:50.0927 4368  CNG - ok
19:02:50.0953 4368  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:02:50.0955 4368  Compbatt - ok
19:02:51.0042 4368  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:02:51.0044 4368  CompositeBus - ok
19:02:51.0047 4368  COMSysApp - ok
19:02:51.0070 4368  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:02:51.0072 4368  crcdisk - ok
19:02:51.0099 4368  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:02:51.0102 4368  CryptSvc - ok
19:02:51.0130 4368  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:02:51.0138 4368  DcomLaunch - ok
19:02:51.0168 4368  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:02:51.0190 4368  defragsvc - ok
19:02:51.0219 4368  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:02:51.0221 4368  DfsC - ok
19:02:51.0246 4368  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:02:51.0251 4368  Dhcp - ok
19:02:51.0275 4368  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:02:51.0276 4368  discache - ok
19:02:51.0295 4368  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:02:51.0297 4368  Disk - ok
19:02:51.0323 4368  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:02:51.0326 4368  Dnscache - ok
19:02:51.0349 4368  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:02:51.0353 4368  dot3svc - ok
19:02:51.0376 4368  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:02:51.0379 4368  DPS - ok
19:02:51.0412 4368  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:02:51.0413 4368  drmkaud - ok
19:02:51.0458 4368  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:02:51.0470 4368  DXGKrnl - ok
19:02:51.0492 4368  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:02:51.0494 4368  EapHost - ok
19:02:51.0567 4368  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:02:51.0597 4368  ebdrv - ok
19:02:51.0663 4368  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:02:51.0667 4368  eeCtrl - ok
19:02:51.0687 4368  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:02:51.0688 4368  EFS - ok
19:02:51.0736 4368  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:02:51.0743 4368  ehRecvr - ok
19:02:51.0766 4368  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:02:51.0768 4368  ehSched - ok
19:02:51.0804 4368  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:02:51.0811 4368  elxstor - ok
19:02:51.0835 4368  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:02:51.0836 4368  EraserUtilRebootDrv - ok
19:02:51.0860 4368  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:02:51.0861 4368  ErrDev - ok
19:02:51.0892 4368  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:02:51.0898 4368  EventSystem - ok
19:02:51.0922 4368  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:02:51.0925 4368  exfat - ok
19:02:51.0944 4368  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:02:51.0947 4368  fastfat - ok
19:02:51.0974 4368  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:02:51.0984 4368  Fax - ok
19:02:51.0997 4368  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:02:51.0999 4368  fdc - ok
19:02:52.0015 4368  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:02:52.0017 4368  fdPHost - ok
19:02:52.0030 4368  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:02:52.0032 4368  FDResPub - ok
19:02:52.0047 4368  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:02:52.0049 4368  FileInfo - ok
19:02:52.0070 4368  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:02:52.0071 4368  Filetrace - ok
19:02:52.0108 4368  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:02:52.0110 4368  flpydisk - ok
19:02:52.0122 4368  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:02:52.0126 4368  FltMgr - ok
19:02:52.0169 4368  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
19:02:52.0184 4368  FontCache - ok
19:02:52.0213 4368  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:02:52.0214 4368  FontCache3.0.0.0 - ok
19:02:52.0231 4368  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:02:52.0233 4368  FsDepends - ok
19:02:52.0252 4368  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:02:52.0253 4368  Fs_Rec - ok
19:02:52.0271 4368  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:02:52.0275 4368  fvevol - ok
19:02:52.0306 4368  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:02:52.0308 4368  gagp30kx - ok
19:02:52.0349 4368  [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
19:02:52.0352 4368  GameConsoleService - ok
19:02:52.0378 4368  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:02:52.0379 4368  GEARAspiWDM - ok
19:02:52.0413 4368  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:02:52.0424 4368  gpsvc - ok
19:02:52.0436 4368  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:02:52.0437 4368  hcw85cir - ok
19:02:52.0479 4368  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:02:52.0484 4368  HdAudAddService - ok
19:02:52.0538 4368  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:02:52.0539 4368  HDAudBus - ok
19:02:52.0573 4368  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:02:52.0592 4368  HidBatt - ok
19:02:52.0611 4368  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:02:52.0613 4368  HidBth - ok
19:02:52.0626 4368  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:02:52.0628 4368  HidIr - ok
19:02:52.0642 4368  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
19:02:52.0644 4368  hidserv - ok
19:02:52.0655 4368  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:02:52.0657 4368  HidUsb - ok
19:02:52.0682 4368  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:02:52.0684 4368  hkmsvc - ok
19:02:52.0708 4368  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:02:52.0711 4368  HomeGroupListener - ok
19:02:52.0728 4368  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:02:52.0731 4368  HomeGroupProvider - ok
19:02:52.0818 4368  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
19:02:52.0819 4368  HP Support Assistant Service - ok
19:02:52.0862 4368  [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
19:02:52.0865 4368  HPClientSvc - ok
19:02:52.0942 4368  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
19:02:52.0952 4368  hpqwmiex - ok
19:02:52.0993 4368  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:02:52.0997 4368  HpSAMD - ok
19:02:53.0031 4368  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:02:53.0041 4368  HTTP - ok
19:02:53.0061 4368  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:02:53.0062 4368  hwpolicy - ok
19:02:53.0092 4368  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:02:53.0094 4368  i8042prt - ok
19:02:53.0129 4368  [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
19:02:53.0133 4368  iaStor - ok
19:02:53.0165 4368  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:02:53.0171 4368  iaStorV - ok
19:02:53.0213 4368  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:02:53.0222 4368  idsvc - ok
19:02:53.0303 4368  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20130329.001\IDSvia64.sys
19:02:53.0307 4368  IDSVia64 - ok
19:02:53.0337 4368  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:02:53.0338 4368  iirsp - ok
19:02:53.0381 4368  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:02:53.0393 4368  IKEEXT - ok
19:02:53.0410 4368  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:02:53.0411 4368  intelide - ok
19:02:53.0430 4368  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:02:53.0431 4368  intelppm - ok
19:02:53.0457 4368  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:02:53.0460 4368  IPBusEnum - ok
19:02:53.0477 4368  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:02:53.0479 4368  IpFilterDriver - ok
19:02:53.0535 4368  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:02:53.0543 4368  iphlpsvc - ok
19:02:53.0560 4368  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:02:53.0562 4368  IPMIDRV - ok
19:02:53.0589 4368  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:02:53.0591 4368  IPNAT - ok
19:02:53.0631 4368  [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:02:53.0639 4368  iPod Service - ok
19:02:53.0661 4368  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:02:53.0662 4368  IRENUM - ok
19:02:53.0686 4368  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:02:53.0708 4368  isapnp - ok
19:02:53.0744 4368  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:02:53.0749 4368  iScsiPrt - ok
19:02:53.0768 4368  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:02:53.0770 4368  kbdclass - ok
19:02:53.0789 4368  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:02:53.0790 4368  kbdhid - ok
19:02:53.0803 4368  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:02:53.0805 4368  KeyIso - ok
19:02:53.0821 4368  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:02:53.0823 4368  KSecDD - ok
19:02:53.0839 4368  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:02:53.0842 4368  KSecPkg - ok
19:02:53.0863 4368  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:02:53.0884 4368  ksthunk - ok
19:02:53.0920 4368  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:02:53.0947 4368  KtmRm - ok
19:02:53.0991 4368  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
19:02:53.0996 4368  LanmanServer - ok
19:02:54.0029 4368  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:02:54.0032 4368  LanmanWorkstation - ok
19:02:54.0070 4368  [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:02:54.0071 4368  LightScribeService - ok
19:02:54.0092 4368  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:02:54.0094 4368  lltdio - ok
19:02:54.0108 4368  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:02:54.0113 4368  lltdsvc - ok
19:02:54.0131 4368  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:02:54.0133 4368  lmhosts - ok
19:02:54.0157 4368  [ 926EBA26A8B49D1597751CED06B50862 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:02:54.0160 4368  LMS - ok
19:02:54.0184 4368  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:02:54.0186 4368  LSI_FC - ok
19:02:54.0203 4368  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:02:54.0205 4368  LSI_SAS - ok
19:02:54.0216 4368  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:02:54.0218 4368  LSI_SAS2 - ok
19:02:54.0231 4368  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:02:54.0233 4368  LSI_SCSI - ok
19:02:54.0244 4368  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:02:54.0247 4368  luafv - ok
19:02:54.0289 4368  [ B2085E335F2B57077B0CBADB6F1245CD ] lvpopf64        C:\Windows\system32\DRIVERS\lvpopf64.sys
19:02:54.0312 4368  lvpopf64 - ok
19:02:54.0360 4368  [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
19:02:54.0365 4368  LVRS64 - ok
19:02:54.0488 4368  [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
19:02:54.0574 4368  LVUVC64 - ok
19:02:54.0609 4368  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:02:54.0611 4368  Mcx2Svc - ok
19:02:54.0642 4368  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:02:54.0655 4368  megasas - ok
19:02:54.0681 4368  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:02:54.0685 4368  MegaSR - ok
19:02:54.0718 4368  [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
19:02:54.0719 4368  MEIx64 - ok
19:02:54.0775 4368  Microsoft SharePoint Workspace Audit Service - ok
19:02:54.0793 4368  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:02:54.0795 4368  MMCSS - ok
19:02:54.0809 4368  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:02:54.0811 4368  Modem - ok
19:02:54.0830 4368  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:02:54.0831 4368  monitor - ok
19:02:54.0869 4368  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:02:54.0870 4368  mouclass - ok
19:02:54.0882 4368  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:02:54.0883 4368  mouhid - ok
19:02:54.0914 4368  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:02:54.0917 4368  mountmgr - ok
19:02:54.0929 4368  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:02:54.0932 4368  mpio - ok
19:02:54.0961 4368  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:02:54.0963 4368  mpsdrv - ok
19:02:55.0002 4368  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:02:55.0014 4368  MpsSvc - ok
19:02:55.0040 4368  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:02:55.0042 4368  MRxDAV - ok
19:02:55.0068 4368  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:02:55.0071 4368  mrxsmb - ok
19:02:55.0095 4368  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:02:55.0099 4368  mrxsmb10 - ok
19:02:55.0112 4368  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:02:55.0114 4368  mrxsmb20 - ok
19:02:55.0130 4368  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:02:55.0140 4368  msahci - ok
19:02:55.0152 4368  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:02:55.0155 4368  msdsm - ok
19:02:55.0166 4368  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:02:55.0170 4368  MSDTC - ok
19:02:55.0188 4368  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:02:55.0209 4368  Msfs - ok
19:02:55.0249 4368  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:02:55.0250 4368  mshidkmdf - ok
19:02:55.0274 4368  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:02:55.0275 4368  msisadrv - ok
19:02:55.0299 4368  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:02:55.0322 4368  MSiSCSI - ok
19:02:55.0325 4368  msiserver - ok
19:02:55.0349 4368  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:02:55.0350 4368  MSKSSRV - ok
19:02:55.0359 4368  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:02:55.0360 4368  MSPCLOCK - ok
19:02:55.0371 4368  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:02:55.0372 4368  MSPQM - ok
19:02:55.0396 4368  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:02:55.0401 4368  MsRPC - ok
19:02:55.0422 4368  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:02:55.0423 4368  mssmbios - ok
19:02:55.0436 4368  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:02:55.0437 4368  MSTEE - ok
19:02:55.0447 4368  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:02:55.0449 4368  MTConfig - ok
19:02:55.0463 4368  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:02:55.0465 4368  Mup - ok
19:02:55.0484 4368  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:02:55.0491 4368  napagent - ok
19:02:55.0528 4368  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:02:55.0533 4368  NativeWifiP - ok
19:02:55.0610 4368  [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20130401.004\ENG64.SYS
19:02:55.0611 4368  NAVENG - ok
19:02:55.0660 4368  [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20130401.004\EX64.SYS
19:02:55.0676 4368  NAVEX15 - ok
19:02:55.0711 4368  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:02:55.0724 4368  NDIS - ok
19:02:55.0751 4368  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:02:55.0752 4368  NdisCap - ok
19:02:55.0767 4368  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:02:55.0768 4368  NdisTapi - ok
19:02:55.0789 4368  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:02:55.0791 4368  Ndisuio - ok
19:02:55.0810 4368  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:02:55.0813 4368  NdisWan - ok
19:02:55.0838 4368  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:02:55.0840 4368  NDProxy - ok
19:02:55.0849 4368  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:02:55.0851 4368  NetBIOS - ok
19:02:55.0872 4368  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:02:55.0876 4368  NetBT - ok
19:02:55.0887 4368  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:02:55.0889 4368  Netlogon - ok
19:02:55.0918 4368  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:02:55.0924 4368  Netman - ok
19:02:55.0945 4368  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:02:55.0951 4368  netprofm - ok
19:02:55.0986 4368  [ 1982B291DF9833FB3ADC397EBD310A18 ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
19:02:55.0999 4368  netr28x - ok
19:02:56.0026 4368  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:02:56.0027 4368  NetTcpPortSharing - ok
19:02:56.0061 4368  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:02:56.0063 4368  nfrd960 - ok
19:02:56.0131 4368  [ F2840DBFE9322F35557219AE82CC4597 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
19:02:56.0133 4368  NIS - ok
19:02:56.0181 4368  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:02:56.0186 4368  NlaSvc - ok
19:02:56.0254 4368  [ 5839A8027D6D324A7CD494051A96628C ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
19:02:56.0283 4368  NOBU - ok
19:02:56.0289 4368  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:02:56.0290 4368  Npfs - ok
19:02:56.0312 4368  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:02:56.0313 4368  nsi - ok
19:02:56.0332 4368  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:02:56.0333 4368  nsiproxy - ok
19:02:56.0368 4368  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:02:56.0384 4368  Ntfs - ok
19:02:56.0391 4368  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:02:56.0392 4368  Null - ok
19:02:56.0419 4368  [ E20ABD5B229760158F753CA90B97E090 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
19:02:56.0421 4368  NVHDA - ok
19:02:56.0599 4368  [ F0FBFE1E29FF233B0E000054C1FB968A ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:02:56.0727 4368  nvlddmkm - ok
19:02:56.0766 4368  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:02:56.0770 4368  nvraid - ok
19:02:56.0785 4368  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:02:56.0806 4368  nvstor - ok
19:02:56.0853 4368  [ 4E70B5247914426722621180B8764514 ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:02:56.0856 4368  nvsvc - ok
19:02:56.0884 4368  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:02:56.0887 4368  nv_agp - ok
19:02:56.0903 4368  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:02:56.0906 4368  ohci1394 - ok
19:02:56.0943 4368  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:02:56.0945 4368  ose - ok
19:02:57.0062 4368  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:02:57.0082 4368  osppsvc - ok
19:02:57.0105 4368  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:02:57.0109 4368  p2pimsvc - ok
19:02:57.0118 4368  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:02:57.0123 4368  p2psvc - ok
19:02:57.0146 4368  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:02:57.0148 4368  Parport - ok
19:02:57.0179 4368  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:02:57.0181 4368  partmgr - ok
19:02:57.0189 4368  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:02:57.0198 4368  PcaSvc - ok
19:02:57.0218 4368  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:02:57.0226 4368  pci - ok
19:02:57.0273 4368  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:02:57.0280 4368  pciide - ok
19:02:57.0295 4368  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:02:57.0303 4368  pcmcia - ok
19:02:57.0318 4368  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:02:57.0320 4368  pcw - ok
19:02:57.0345 4368  pdfcDispatcher - ok
19:02:57.0367 4368  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:02:57.0378 4368  PEAUTH - ok
19:02:57.0468 4368  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:02:57.0470 4368  PerfHost - ok
19:02:57.0517 4368  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:02:57.0536 4368  pla - ok
19:02:57.0560 4368  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:02:57.0565 4368  PlugPlay - ok
19:02:57.0585 4368  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:02:57.0587 4368  PNRPAutoReg - ok
19:02:57.0607 4368  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:02:57.0610 4368  PNRPsvc - ok
19:02:57.0629 4368  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:02:57.0636 4368  PolicyAgent - ok
19:02:57.0671 4368  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:02:57.0674 4368  Power - ok
19:02:57.0690 4368  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:02:57.0692 4368  PptpMiniport - ok
19:02:57.0708 4368  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:02:57.0710 4368  Processor - ok
19:02:57.0734 4368  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:02:57.0738 4368  ProfSvc - ok
19:02:57.0746 4368  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:02:57.0747 4368  ProtectedStorage - ok
19:02:57.0779 4368  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:02:57.0781 4368  Psched - ok
19:02:57.0816 4368  [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2       C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
19:02:57.0818 4368  PSI_SVC_2 - ok
19:02:57.0863 4368  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:02:57.0882 4368  ql2300 - ok
19:02:57.0898 4368  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:02:57.0900 4368  ql40xx - ok
19:02:57.0919 4368  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:02:57.0924 4368  QWAVE - ok
19:02:57.0936 4368  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:02:57.0938 4368  QWAVEdrv - ok
19:02:57.0960 4368  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:02:57.0962 4368  RasAcd - ok
19:02:57.0981 4368  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:02:57.0983 4368  RasAgileVpn - ok
19:02:58.0005 4368  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:02:58.0008 4368  RasAuto - ok
19:02:58.0043 4368  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:02:58.0046 4368  Rasl2tp - ok
19:02:58.0075 4368  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:02:58.0081 4368  RasMan - ok
19:02:58.0093 4368  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:02:58.0095 4368  RasPppoe - ok
19:02:58.0109 4368  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:02:58.0111 4368  RasSstp - ok
19:02:58.0124 4368  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:02:58.0129 4368  rdbss - ok
19:02:58.0159 4368  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:02:58.0182 4368  rdpbus - ok
19:02:58.0222 4368  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:02:58.0223 4368  RDPCDD - ok
19:02:58.0238 4368  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:02:58.0240 4368  RDPENCDD - ok
19:02:58.0252 4368  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:02:58.0254 4368  RDPREFMP - ok
19:02:58.0277 4368  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:02:58.0280 4368  RDPWD - ok
19:02:58.0318 4368  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:02:58.0322 4368  rdyboost - ok
19:02:58.0347 4368  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:02:58.0350 4368  RemoteAccess - ok
19:02:58.0369 4368  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:02:58.0389 4368  RemoteRegistry - ok
19:02:58.0436 4368  [ C1568E17039B2EC2B73A4F880DDD51E5 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
19:02:58.0439 4368  RoxioNow Service - ok
19:02:58.0450 4368  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:02:58.0452 4368  RpcEptMapper - ok
19:02:58.0473 4368  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:02:58.0475 4368  RpcLocator - ok
19:02:58.0513 4368  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:02:58.0519 4368  RpcSs - ok
19:02:58.0540 4368  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:02:58.0542 4368  rspndr - ok
19:02:58.0570 4368  [ 16D4E350420BAA7E63E16E3FC033E1F5 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:02:58.0576 4368  RTL8167 - ok
19:02:58.0580 4368  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:02:58.0582 4368  SamSs - ok
19:02:58.0607 4368  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:02:58.0607 4368  SASDIFSV - ok
19:02:58.0612 4368  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:02:58.0613 4368  SASKUTIL - ok
19:02:58.0635 4368  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:02:58.0637 4368  sbp2port - ok
19:02:58.0668 4368  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:02:58.0691 4368  SCardSvr - ok
19:02:58.0718 4368  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:02:58.0720 4368  scfilter - ok
19:02:58.0761 4368  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:02:58.0776 4368  Schedule - ok
19:02:58.0795 4368  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:02:58.0796 4368  SCPolicySvc - ok
19:02:58.0808 4368  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:02:58.0812 4368  SDRSVC - ok
19:02:58.0843 4368  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:02:58.0845 4368  secdrv - ok
19:02:58.0861 4368  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:02:58.0864 4368  seclogon - ok
19:02:58.0884 4368  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
19:02:58.0887 4368  SENS - ok
19:02:58.0900 4368  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:02:58.0902 4368  SensrSvc - ok
19:02:58.0927 4368  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:02:58.0928 4368  Serenum - ok
19:02:58.0944 4368  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:02:58.0946 4368  Serial - ok
19:02:58.0965 4368  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:02:58.0967 4368  sermouse - ok
19:02:58.0991 4368  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:02:58.0994 4368  SessionEnv - ok
19:02:59.0005 4368  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:02:59.0006 4368  sffdisk - ok
19:02:59.0016 4368  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:02:59.0033 4368  sffp_mmc - ok
19:02:59.0057 4368  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:02:59.0058 4368  sffp_sd - ok
19:02:59.0068 4368  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:02:59.0069 4368  sfloppy - ok
19:02:59.0126 4368  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:02:59.0132 4368  SharedAccess - ok
19:02:59.0144 4368  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:02:59.0150 4368  ShellHWDetection - ok
19:02:59.0165 4368  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:02:59.0167 4368  SiSRaid2 - ok
19:02:59.0181 4368  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:02:59.0191 4368  SiSRaid4 - ok
19:02:59.0260 4368  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:02:59.0262 4368  SkypeUpdate - ok
19:02:59.0276 4368  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:02:59.0279 4368  Smb - ok
19:02:59.0303 4368  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:02:59.0306 4368  SNMPTRAP - ok
19:02:59.0312 4368  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:02:59.0313 4368  spldr - ok
19:02:59.0340 4368  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:02:59.0349 4368  Spooler - ok
19:02:59.0430 4368  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:02:59.0460 4368  sppsvc - ok
19:02:59.0480 4368  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:02:59.0482 4368  sppuinotify - ok
19:02:59.0541 4368  [ 891793E00432FA055CF040605C260E49 ] SRTSP           C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS
19:02:59.0551 4368  SRTSP - ok
19:02:59.0561 4368  [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX          C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS
19:02:59.0563 4368  SRTSPX - ok
19:02:59.0586 4368  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:02:59.0593 4368  srv - ok
19:02:59.0618 4368  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:02:59.0624 4368  srv2 - ok
19:02:59.0639 4368  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:02:59.0642 4368  srvnet - ok
19:02:59.0691 4368  [ 5E8FB8C98D47979F2C87BF424B1A9664 ] SR_Service      C:\Program Files (x86)\CheckPoint\SecuRemote\bin\SR_Service.exe
19:02:59.0693 4368  SR_Service - ok
19:02:59.0720 4368  [ 45093A44CA49DC73C414AEFFE42FB8A1 ] SR_Watchdog     C:\Program Files (x86)\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
19:02:59.0722 4368  SR_Watchdog - ok
19:02:59.0750 4368  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:02:59.0754 4368  SSDPSRV - ok
19:02:59.0766 4368  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:02:59.0769 4368  SstpSvc - ok
19:02:59.0824 4368  [ 0CDEA5ACBB69C45F642E96D81E906CCD ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
19:02:59.0827 4368  STacSV - ok
19:02:59.0861 4368  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:02:59.0862 4368  stexstor - ok
19:02:59.0887 4368  [ 5C8D6072D1D09F11789C6A014688048A ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
19:02:59.0895 4368  STHDA - ok
19:02:59.0927 4368  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:02:59.0936 4368  stisvc - ok
19:02:59.0953 4368  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:02:59.0955 4368  swenum - ok
19:02:59.0975 4368  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:02:59.0983 4368  swprv - ok
19:03:00.0007 4368  [ 8B2430762099598DA40686F754632EFD ] SymDS           C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS
19:03:00.0013 4368  SymDS - ok
19:03:00.0040 4368  [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA          C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS
19:03:00.0055 4368  SymEFA - ok
19:03:00.0076 4368  [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:03:00.0079 4368  SymEvent - ok
19:03:00.0093 4368  [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON         C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS
19:03:00.0097 4368  SymIRON - ok
19:03:00.0114 4368  [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS         C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS
19:03:00.0122 4368  SymNetS - ok
19:03:00.0171 4368  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:03:00.0194 4368  SysMain - ok
19:03:00.0234 4368  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:03:00.0237 4368  TabletInputService - ok
19:03:00.0267 4368  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:03:00.0273 4368  TapiSrv - ok
19:03:00.0285 4368  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:03:00.0288 4368  TBS - ok
19:03:00.0338 4368  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:03:00.0361 4368  Tcpip - ok
19:03:00.0384 4368  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:03:00.0392 4368  TCPIP6 - ok
19:03:00.0412 4368  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:03:00.0428 4368  tcpipreg - ok
19:03:00.0453 4368  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:03:00.0455 4368  TDPIPE - ok
19:03:00.0475 4368  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:03:00.0489 4368  TDTCP - ok
19:03:00.0517 4368  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:03:00.0519 4368  tdx - ok
19:03:00.0549 4368  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:03:00.0551 4368  TermDD - ok
19:03:00.0577 4368  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:03:00.0587 4368  TermService - ok
19:03:00.0602 4368  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:03:00.0605 4368  Themes - ok
19:03:00.0627 4368  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:03:00.0628 4368  THREADORDER - ok
19:03:00.0735 4368  [ 3144B3FAF519AF2914629FE11A53CDE5 ] TracSrvWrapper  C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
19:03:00.0787 4368  TracSrvWrapper - ok
19:03:00.0815 4368  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:03:00.0818 4368  TrkWks - ok
19:03:00.0861 4368  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:03:00.0863 4368  TrustedInstaller - ok
19:03:00.0886 4368  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:03:00.0888 4368  tssecsrv - ok
19:03:00.0912 4368  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:03:00.0913 4368  TsUsbFlt - ok
19:03:00.0952 4368  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:03:00.0954 4368  tunnel - ok
19:03:00.0975 4368  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:03:00.0992 4368  uagp35 - ok
19:03:01.0026 4368  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:03:01.0039 4368  udfs - ok
19:03:01.0077 4368  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:03:01.0085 4368  UI0Detect - ok
19:03:01.0134 4368  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:03:01.0145 4368  uliagpkx - ok
19:03:01.0161 4368  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
19:03:01.0163 4368  umbus - ok
19:03:01.0185 4368  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:03:01.0186 4368  UmPass - ok
19:03:01.0289 4368  [ FDF92EC84FECEE834FB10A2A0A19BCDA ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:03:01.0301 4368  UNS - ok
19:03:01.0316 4368  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:03:01.0321 4368  upnphost - ok
19:03:01.0349 4368  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
19:03:01.0350 4368  USBAAPL64 - ok
19:03:01.0382 4368  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:03:01.0385 4368  usbaudio - ok
19:03:01.0418 4368  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:03:01.0421 4368  usbccgp - ok
19:03:01.0443 4368  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:03:01.0445 4368  usbcir - ok
19:03:01.0457 4368  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
19:03:01.0459 4368  usbehci - ok
19:03:01.0485 4368  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:03:01.0490 4368  usbhub - ok
19:03:01.0511 4368  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:03:01.0512 4368  usbohci - ok
19:03:01.0545 4368  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:03:01.0563 4368  usbprint - ok
19:03:01.0586 4368  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:03:01.0589 4368  USBSTOR - ok
19:03:01.0598 4368  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:03:01.0600 4368  usbuhci - ok
19:03:01.0617 4368  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:03:01.0620 4368  UxSms - ok
19:03:01.0629 4368  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:03:01.0630 4368  VaultSvc - ok
19:03:01.0647 4368  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:03:01.0649 4368  vdrvroot - ok
19:03:01.0677 4368  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:03:01.0702 4368  vds - ok
19:03:01.0729 4368  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:03:01.0745 4368  vga - ok
19:03:01.0763 4368  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:03:01.0764 4368  VgaSave - ok
19:03:01.0778 4368  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:03:01.0782 4368  vhdmp - ok
19:03:01.0798 4368  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:03:01.0799 4368  viaide - ok
19:03:01.0847 4368  [ A96AFA32F73C065B9AE9D1554CDD00FC ] vna_ap          C:\Windows\system32\DRIVERS\vnaap.sys
19:03:01.0849 4368  vna_ap - ok
19:03:01.0865 4368  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:03:01.0867 4368  volmgr - ok
19:03:01.0908 4368  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:03:01.0914 4368  volmgrx - ok
19:03:01.0939 4368  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:03:01.0944 4368  volsnap - ok
19:03:01.0947 4368  VPN-1 - ok
19:03:01.0975 4368  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:03:01.0978 4368  vsmraid - ok
19:03:02.0024 4368  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:03:02.0046 4368  VSS - ok
19:03:02.0061 4368  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:03:02.0062 4368  vwifibus - ok
19:03:02.0078 4368  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:03:02.0079 4368  vwififlt - ok
19:03:02.0089 4368  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:03:02.0091 4368  vwifimp - ok
19:03:02.0124 4368  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:03:02.0131 4368  W32Time - ok
19:03:02.0148 4368  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:03:02.0149 4368  WacomPen - ok
19:03:02.0186 4368  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:03:02.0188 4368  WANARP - ok
19:03:02.0192 4368  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:03:02.0193 4368  Wanarpv6 - ok
19:03:02.0289 4368  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:03:02.0306 4368  WatAdminSvc - ok
19:03:02.0340 4368  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:03:02.0355 4368  wbengine - ok
19:03:02.0381 4368  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:03:02.0385 4368  WbioSrvc - ok
19:03:02.0429 4368  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:03:02.0436 4368  wcncsvc - ok
19:03:02.0457 4368  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:03:02.0461 4368  WcsPlugInService - ok
19:03:02.0484 4368  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:03:02.0485 4368  Wd - ok
19:03:02.0511 4368  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:03:02.0520 4368  Wdf01000 - ok
19:03:02.0529 4368  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:03:02.0532 4368  WdiServiceHost - ok
19:03:02.0535 4368  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:03:02.0537 4368  WdiSystemHost - ok
19:03:02.0560 4368  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:03:02.0565 4368  WebClient - ok
19:03:02.0583 4368  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:03:02.0587 4368  Wecsvc - ok
19:03:02.0595 4368  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:03:02.0597 4368  wercplsupport - ok
19:03:02.0616 4368  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:03:02.0619 4368  WerSvc - ok
19:03:02.0637 4368  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:03:02.0651 4368  WfpLwf - ok
19:03:02.0668 4368  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:03:02.0670 4368  WIMMount - ok
19:03:02.0700 4368  WinDefend - ok
19:03:02.0704 4368  WinHttpAutoProxySvc - ok
19:03:02.0746 4368  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:03:02.0750 4368  Winmgmt - ok
19:03:02.0800 4368  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:03:02.0824 4368  WinRM - ok
19:03:02.0880 4368  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:03:02.0882 4368  WinUsb - ok
19:03:02.0910 4368  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:03:02.0923 4368  Wlansvc - ok
19:03:03.0006 4368  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:03:03.0031 4368  wlidsvc - ok
19:03:03.0051 4368  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:03:03.0052 4368  WmiAcpi - ok
19:03:03.0070 4368  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:03:03.0073 4368  wmiApSrv - ok
19:03:03.0088 4368  WMPNetworkSvc - ok
19:03:03.0107 4368  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:03:03.0127 4368  WPCSvc - ok
19:03:03.0151 4368  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:03:03.0155 4368  WPDBusEnum - ok
19:03:03.0173 4368  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:03:03.0174 4368  ws2ifsl - ok
19:03:03.0189 4368  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
19:03:03.0193 4368  wscsvc - ok
19:03:03.0196 4368  WSearch - ok
19:03:03.0254 4368  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:03:03.0293 4368  wuauserv - ok
19:03:03.0305 4368  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:03:03.0307 4368  WudfPf - ok
19:03:03.0327 4368  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:03:03.0329 4368  WUDFRd - ok
19:03:03.0338 4368  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:03:03.0340 4368  wudfsvc - ok
19:03:03.0358 4368  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:03:03.0362 4368  WwanSvc - ok
19:03:03.0372 4368  ================ Scan global ===============================
19:03:03.0387 4368  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:03:03.0409 4368  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:03:03.0415 4368  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:03:03.0431 4368  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:03:03.0441 4368  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:03:03.0445 4368  [Global] - ok
19:03:03.0445 4368  ================ Scan MBR ==================================
19:03:03.0447 4368  [ 1C4C532B11D0762E8E956327B3B25BAA ] \Device\Harddisk0\DR0
19:03:03.0447 4368  Suspicious mbr (Forged): \Device\Harddisk0\DR0
19:03:03.0480 4368  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
19:03:03.0480 4368  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
19:03:03.0535 4368  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:03:03.0535 4368  \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:03:03.0539 4368  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
19:03:03.0639 4368  \Device\Harddisk1\DR1 - ok
19:03:03.0647 4368  [ 8FF255184F078C9C04E6A2CE66117C5C ] \Device\Harddisk2\DR2
19:03:04.0123 4368  \Device\Harddisk2\DR2 - ok
19:03:04.0123 4368  ================ Scan VBR ==================================
19:03:04.0163 4368  [ 5A80CF0C9DF273E6DD0CF83BA1A300C3 ] \Device\Harddisk0\DR0\Partition1
19:03:04.0169 4368  \Device\Harddisk0\DR0\Partition1 - ok
19:03:04.0177 4368  [ 375E13346959F38AE8BA9D2F68346E41 ] \Device\Harddisk0\DR0\Partition2
19:03:04.0183 4368  \Device\Harddisk0\DR0\Partition2 - ok
19:03:04.0223 4368  [ 3BD5FD5019CFDCE9D0FE896BC1666BFC ] \Device\Harddisk0\DR0\Partition3
19:03:04.0255 4368  \Device\Harddisk0\DR0\Partition3 - ok
19:03:04.0258 4368  [ BC9898E5254AC7A02F4551E344C63B73 ] \Device\Harddisk1\DR1\Partition1
19:03:04.0261 4368  \Device\Harddisk1\DR1\Partition1 - ok
19:03:04.0264 4368  [ B65B750096BFC7C889B23E2D4E8B8E8F ] \Device\Harddisk2\DR2\Partition1
19:03:04.0265 4368  \Device\Harddisk2\DR2\Partition1 - ok
19:03:04.0266 4368  ============================================================
19:03:04.0266 4368  Scan finished
19:03:04.0266 4368  ============================================================
19:03:04.0274 1700  Detected object count: 2
19:03:04.0274 1700  Actual detected object count: 2
19:15:46.0425 1700  \Device\Harddisk0\DR0\# - copied to quarantine
19:15:46.0427 1700  \Device\Harddisk0\DR0 - copied to quarantine
19:15:46.0478 1700  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
19:15:46.0481 1700  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
19:15:46.0499 1700  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:15:46.0510 1700  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:15:46.0511 1700  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
19:15:46.0513 1700  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:15:46.0515 1700  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
19:15:46.0518 1700  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:15:46.0521 1700  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:15:46.0523 1700  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
19:15:46.0525 1700  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
19:15:46.0527 1700  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
19:15:46.0581 1700  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
19:15:46.0618 1700  \Device\Harddisk0\DR0 - ok
19:15:46.0880 1700  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
19:15:46.0880 1700  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:15:46.0880 1700  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
19:18:28.0930 5400  Deinitialize success
 

 

# AdwCleaner v2.115 - Logfile created 04/01/2013 at 19:21:44
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : John - JOHN-HP
# Boot Mode : Normal
# Running from : C:\Users\John\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Users\John\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\muot6x6y.default\ConduitCommon

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (en-US)

File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\muot6x6y.default\prefs.js

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\muot6x6y.default\user.js ... Deleted !

Deleted : user_pref("CT2411669..clientLogIsEnabled", false);
Deleted : user_pref("CT2411669..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2411669..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2411669.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2411669.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2411669.AppTrackingLastCheckTime", "Wed Apr 04 2012 04:27:47 GMT-0600 (Mountain Dayligh[...]
Deleted : user_pref("CT2411669.BrowserCompStateIsOpen_1000515", true);
Deleted : user_pref("CT2411669.BrowserCompStateIsOpen_129453250797319618", true);
Deleted : user_pref("CT2411669.BrowserCompStateIsOpen_129499116002275082", true);
Deleted : user_pref("CT2411669.CT2411669", "CT2411669");
Deleted : user_pref("CT2411669.CurrentServerDate", "4-4-2012");
Deleted : user_pref("CT2411669.DSInstall", true);
Deleted : user_pref("CT2411669.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2411669.DialogsGetterLastCheckTime", "Wed Apr 04 2012 04:27:41 GMT-0600 (Mountain Dayli[...]
Deleted : user_pref("CT2411669.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Deleted : user_pref("CT2411669.EMailNotifierPollDate", "Wed Apr 04 2012 04:47:36 GMT-0600 (Mountain Daylight T[...]
Deleted : user_pref("CT2411669.FirstServerDate", "16-10-2011");
Deleted : user_pref("CT2411669.FirstTime", true);
Deleted : user_pref("CT2411669.FirstTimeFF3", true);
Deleted : user_pref("CT2411669.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2411669.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2411669.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2411669.HPChangedManually", true);
Deleted : user_pref("CT2411669.HPInstall", true);
Deleted : user_pref("CT2411669.HPProtectChoice", true);
Deleted : user_pref("CT2411669.HPProtectCount", 1);
Deleted : user_pref("CT2411669.HasUserGlobalKeys", true);
Deleted : user_pref("CT2411669.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2411669.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2411669&SearchSource=[...]
Deleted : user_pref("CT2411669.Initialize", true);
Deleted : user_pref("CT2411669.InitializeCommonPrefs", true);
Deleted : user_pref("CT2411669.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2411669.InstallationType", "DirectDownload");
Deleted : user_pref("CT2411669.InstalledDate", "Sun Oct 16 2011 09:04:46 GMT-0600 (Mountain Daylight Time)");
Deleted : user_pref("CT2411669.InvalidateCache", false);
Deleted : user_pref("CT2411669.IsAlertDBUpdated", true);
Deleted : user_pref("CT2411669.IsGrouping", false);
Deleted : user_pref("CT2411669.IsInitSetupIni", true);
Deleted : user_pref("CT2411669.IsMulticommunity", false);
Deleted : user_pref("CT2411669.IsOpenThankYouPage", true);
Deleted : user_pref("CT2411669.IsOpenUninstallPage", true);
Deleted : user_pref("CT2411669.IsProtectorsInit", true);
Deleted : user_pref("CT2411669.LanguagePackLastCheckTime", "Wed Apr 04 2012 04:27:40 GMT-0600 (Mountain Daylig[...]
Deleted : user_pref("CT2411669.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2411669.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2411669.LastLogin_3.8.0.8", "Wed Apr 04 2012 04:27:40 GMT-0600 (Mountain Daylight Time)[...]
Deleted : user_pref("CT2411669.LatestVersion", "3.10.0.1");
Deleted : user_pref("CT2411669.Locale", "en");
Deleted : user_pref("CT2411669.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2411669.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2411669.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2411669.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2411669.OriginalFirstVersion", "3.8.0.8");
Deleted : user_pref("CT2411669.RadioIsPodcast", false);
Deleted : user_pref("CT2411669.RadioLastCheckTime", "Wed Apr 04 2012 04:27:39 GMT-0600 (Mountain Daylight Time[...]
Deleted : user_pref("CT2411669.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2411669.RadioLastUpdateServer", "129705317685900000");
Deleted : user_pref("CT2411669.RadioMediaID", "12737427");
Deleted : user_pref("CT2411669.RadioMediaType", "Media Player");
Deleted : user_pref("CT2411669.RadioMenuSelectedID", "EBRadioMenu_CT241166912737427");
Deleted : user_pref("CT2411669.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2411669.RadioStationName", "YXY%20(El%20Salvador)%20");
Deleted : user_pref("CT2411669.RadioStationURL", "hxxp://mms.miradio.com.sv/yxy");
Deleted : user_pref("CT2411669.SavedHomepage", "hxxp://www.yahoo.com/");
Deleted : user_pref("CT2411669.SearchCaption", "TenchisTV Customized Web Search");
Deleted : user_pref("CT2411669.SearchEngineBeforeUnload", "TenchisTV Customized Web Search");
Deleted : user_pref("CT2411669.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2411669.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT241[...]
Deleted : user_pref("CT2411669.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2411669.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2411669.SearchInNewTabLastCheckTime", "Wed Apr 04 2012 04:27:38 GMT-0600 (Mountain Dayl[...]
Deleted : user_pref("CT2411669.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2411669.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2411669.SearchProtectorEnabled", true);
Deleted : user_pref("CT2411669.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2411669.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2411669.ServiceMapLastCheckTime", "Wed Apr 04 2012 04:27:36 GMT-0600 (Mountain Daylight[...]
Deleted : user_pref("CT2411669.SettingsLastCheckTime", "Wed Apr 04 2012 04:27:35 GMT-0600 (Mountain Daylight T[...]
Deleted : user_pref("CT2411669.SettingsLastUpdate", "1333518379");
Deleted : user_pref("CT2411669.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2411669&SearchSource=13");
Deleted : user_pref("CT2411669.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2411669.ThirdPartyComponentsLastCheck", "Wed Apr 04 2012 04:27:34 GMT-0600 (Mountain Da[...]
Deleted : user_pref("CT2411669.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2411669.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2411669.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2411669");
Deleted : user_pref("CT2411669.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2411669.Uninstall", true);
Deleted : user_pref("CT2411669.UserID", "UN18751746498486133");
Deleted : user_pref("CT2411669.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2411669.WeatherNetwork", "");
Deleted : user_pref("CT2411669.WeatherPollDate", "Wed Apr 04 2012 04:27:39 GMT-0600 (Mountain Daylight Time)")[...]
Deleted : user_pref("CT2411669.WeatherUnit", "F");
Deleted : user_pref("CT2411669.alertChannelId", "806097");
Deleted : user_pref("CT2411669.backendstorage.2411669a129513304051181044000000paramsgk0", "7B22757064617465526[...]
Deleted : user_pref("CT2411669.backendstorage.appbuttondisablenull", "30");
Deleted : user_pref("CT2411669.components.1000234", true);
Deleted : user_pref("CT2411669.components.1000515", true);
Deleted : user_pref("CT2411669.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2411669.globalFirstTimeInfoLastCheckTime", "Wed Apr 04 2012 04:27:42 GMT-0600 (Mountain[...]
Deleted : user_pref("CT2411669.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2411669.initDone", true);
Deleted : user_pref("CT2411669.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2411669.isFirstRadioInstallation", false);
Deleted : user_pref("CT2411669.myStuffEnabled", true);
Deleted : user_pref("CT2411669.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2411669.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2411669.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2411669.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2411669.oldAppsList", "128987293554406639,128987293554719140,111,129401080795963310,129[...]
Deleted : user_pref("CT2411669.revertSettingsEnabled", false);
Deleted : user_pref("CT2411669.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2411669.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2411669.testingCtid", "");
Deleted : user_pref("CT2411669.toolbarAppMetaDataLastCheckTime", "Wed Apr 04 2012 04:27:40 GMT-0600 (Mountain [...]
Deleted : user_pref("CT2411669.toolbarContextMenuLastCheckTime", "Wed Apr 04 2012 04:27:40 GMT-0600 (Mountain [...]
Deleted : user_pref("CT2411669.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2411669&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "TenchisTV Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/806097/801909/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2411669", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2411669",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2411669&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Crystal/minimize.g[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Crystal/play.gif",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Crystal/stop.gif",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Crystal/stopped.GI[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Crystal/vol.gif", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"ced[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\John\\AppData\\Roaming\\Mozilla\\Fi[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.0.8");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://www.aircontrolx.com/Free-Channels/ttvsports91[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2411669");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2411669");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2411669");
Deleted : user_pref("CommunityToolbar.globalUserId", "ba58e289-a342-41b1-87a5-67a14e53cff3");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2411669");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Oct 16 2011 09:04:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Oct 16 2011 09:04:52 GMT-060[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Oct 16 2011 09:04:46 GMT-0600 (M[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "539ab222-f593-4fbb-bae6-83aa575dd501");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.yahoo.com/");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("browser.search.defaultthis.engineName", "TenchisTV Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2411669&Sea[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2411669&SearchSource=2&q=[...]

-\\ Google Chrome v26.0.1410.43

File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [16530 octets] - [01/04/2013 19:21:44]

########## EOF - C:\AdwCleaner[S1].txt - [16591 octets] ##########

 

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\5cd41a3-217b08a2    Java/Exploit.Agent.NPT trojan    
C:\TDSSKiller_Quarantine\01.04.2013_19.02.05\mbr0000\tdlfs0000\tsk0001.dta    Win64/Olmarik.AM trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.04.2013_19.02.05\mbr0000\tdlfs0000\tsk0002.dta    a variant of Win32/Rootkit.Kryptik.TJ trojan    cleaned by deleting - quarantined
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Default\aadedggggegedigdgbdgdadbdeddddda\background.html    Win32/BHO.OEI trojan    cleaned by deleting - quarantined
C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\7aac5307-3baf21bb    a variant of Java/Exploit.Agent.NEO trojan    cleaned by deleting - quarantined
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\muot6x6y.default\extensions\ikrhcdeaev@ikrhcdeaev.org.xpi    JS/Redirector.NCA trojan    deleted (after the next restart) - quarantined
C:\Users\John\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-us.cab    Win32/OpenCandy application    deleted - quarantined
C:\Users\John\Desktop\Documents\cbsidlm-cbsi3_2_5_41-RealPlayer-10073040.exe    a variant of Win32/CNETInstaller.A application    cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\5cd41a3-217b08a2    Java/Exploit.Agent.NPT trojan    cleaned by deleting - quarantined
F:\My Docs\computer programs\AliveMP3Converter.exe    probably a variant of Win32/Spy.KeyLogger.HOIXCVB trojan    cleaned by deleting - quarantined
F:\My Docs\Site info\Smit\smitRem\Process.exe    Win32/PrcView application    cleaned by deleting - quarantined
F:\Swimming\2010-2011 Swim Season\Stuff\aTube_Catcher.exe    multiple threats    cleaned by deleting - quarantined
J:\funny\youtube\programs\MorpheusPhotoAnimationSuite-300.exe    Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
 

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.04.01.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
John :: JOHN-HP [administrator]

4/2/2013 4:27:16 AM
mbam-log-2013-04-02 (04-27-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220176
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
 

 

 


 



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:49 PM

Posted 02 April 2013 - 01:54 PM

Ok, it appears then that you have a protected malware and we'll need stronger tools.

 

Please follow this Preparation Guide . Do steps 6,7,8 and post in a new topic.

Let me know if all went well.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users