Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox won't let me into Gmail - considered untrusted!


  • This topic is locked This topic is locked
26 replies to this topic

#1 RDN1

RDN1

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 21 September 2014 - 02:35 AM

Hi:

 

I must be infected with something strong. I get an error when I try to get into Gmail, and Malwarebytes won't even run.

 

DDS.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 10.67.2
Run by Family at 0:27:37 on 2014-09-21
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.12279.8981 [GMT -7:00]
.
AV: Norton AntiVirus Online *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Norton AntiVirus Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\SysWOW64\afasrv64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\CardIcon\iconcs50611310.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Family\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Search Extensions\Client.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyServer = hxxp=127.0.0.1:51253;https=127.0.0.1:51253
uProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Google+ Auto Backup] "C:\Users\Family\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
uRun: [AC96096499AAD424A6FF707AC333F10C57B3F0E7._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
uRun: [Amazon Music] "C:\Users\Family\AppData\Local\Amazon Music\Amazon Music Helper.exe"
uRun: [Google Update] "C:\Users\Family\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [QwestTouchPointAgent] "C:\Program Files (x86)\Qwest\Desktop\QwestTouchPointAgent.exe" /autostart
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [USBestCR] C:\Program Files (x86)\cardicon\iconcs50611310.exe RunFromReg
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [CenturyLinkTouchPointAgent] "C:\Program Files (x86)\Qwest\Desktop\CenturyLinkTouchPointAgent.exe" /autostart
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: Interfaces\{AFDCD982-CED8-44BE-800E-95521054CCE8} : DHCPNameServer = 192.168.0.1 205.171.3.25
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Notify: SDWinLogon - SDWinLogon.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [USBestCR] C:\Program Files (x86)\cardicon\iconcs50611310.exe RunFromReg
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\
FF - prefs.js: browser.search.selectedEngine - WSE Rocket
FF - prefs.js: browser.startup.homepage - hxxp://www.wsdot.com/traffic/seattle/default.aspx
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Family\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\Family\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll
FF - plugin: C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Users\Family\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Family\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
FF - plugin: L:\Family\Jenna's stuff\Fun Stuff\Picasa3\npPicasa3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.nspdlrckt.aflt - rckt_md_14_30_ff
FF - user.js: extensions.nspdlrckt.instlRef - 142905_b
FF - user.js: extensions.nspdlrckt.cr - 466389620
FF - user.js: extensions.nspdlrckt.cd - 2XzuyEtN2Y1L1QzuyB0AyBzytCzy0D0D0EyByCtC0F0EtBtBtN0D0Tzu0SzytAyCtN1L2XzutAtFtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzzyCtCtAtAtB0AtG0DtAtA0FtGzztB0E0FtGtA0BtD0FtGtAtC0F0AtDzzyEzz0EtD0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtAtAtD0B0E0DyBtG0D0B0C0BtGyE0AzztBtG0ByB0CyCtGyByEtByC0CtDyEyBtByCtA0E2Q
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1404000.028\symds64.sys [2013-7-8 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1404000.028\symefa64.sys [2013-7-8 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [2014-9-12 1586904]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1404000.028\ccsetx64.sys [2013-7-8 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20140919.001\IDSviA64.sys [2014-9-19 633560]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1404000.028\ironx64.sys [2013-7-8 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1404000.028\symnets.sys [2013-7-8 433752]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2013-5-23 172344]
R2 AfaService;Afa Card Reader Service;C:\Windows\System32\afasrv64.exe --> C:\Windows\System32\afasrv64.exe [?]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-11-20 21992]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-9-25 189736]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-9-4 2525008]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2012-12-20 14952]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-8-8 377616]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe [2013-7-8 144368]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-6-10 1033688]
R2 sprtlisten;SupportSoft Listener Service;C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-9-12 383264]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-9 142640]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-12 1809720]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-6-10 1817560]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-6-10 171928]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-10 111616]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-12 122584]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-15 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-10 1255736]
.
=============== Created Last 30 ================
.
2014-09-19 00:23:33    93808    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-09-11 04:56:00    2777088    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2014-09-11 04:56:00    2285056    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-10 14:15:34    793600    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2014-09-10 14:15:34    1031168    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2014-09-10 14:15:12    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2014-09-10 14:15:12    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2014-09-10 14:14:51    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-09-10 14:14:51    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-09-10 14:14:51    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-09-10 14:14:51    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-09-10 14:14:51    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-09-10 14:14:47    578048    ----a-w-    C:\Windows\System32\aepdu.dll
2014-09-10 14:14:47    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-09-07 21:20:51    --------    d-----w-    C:\Users\Family\AppData\Local\Amazon Music
2014-09-05 02:14:27    --------    d-----w-    C:\Program Files (x86)\LogMeIn Hamachi
2014-09-04 12:50:16    188304    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-08-28 15:51:05    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-28 15:51:05    3163648    ----a-w-    C:\Windows\System32\win32k.sys
2014-08-28 15:51:05    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-23 21:17:52    --------    d-----w-    C:\SUPERDelete
.
==================== Find3M  ====================
.
2014-09-18 21:24:45    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-09 22:30:19    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-09 22:30:19    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-09 22:30:11    10036224    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-08-18 22:29:49    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53    5833728    ----a-w-    C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34    547328    ----a-w-    C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55    4232704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01    758272    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12    72704    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24    597504    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17    2104832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13    2310656    ----a-w-    C:\Windows\System32\wininet.dll
2014-08-18 21:08:54    2014208    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48    1812992    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-08-06 21:10:22    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-25 09:35:46    875688    ----a-w-    C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 06:47:06    869544    ----a-w-    C:\Windows\System32\msvcr120_clr0400.dll
2014-07-16 03:23:41    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-07-16 02:46:02    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45    1216000    ----a-w-    C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58    664064    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23    7168    ----a-w-    C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22    7168    ----a-w-    C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42    7168    ----a-w-    C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41    6656    ----a-w-    C:\Windows\SysWow64\KBDBASH.DLL
2014-06-30 22:24:50    8856    ----a-w-    C:\Windows\System32\icardres.dll
2014-06-30 22:14:53    8856    ----a-w-    C:\Windows\SysWow64\icardres.dll
.
============= FINISH:  0:27:52.95 ===============
 

 


 

 

Thanks in advance!

 

Regards,

 

Ron Nelson

Attached Files



BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:53 AM

Posted 22 September 2014 - 06:42 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 RDN1

RDN1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 22 September 2014 - 10:25 AM

Marius:

 

Thank you for your reply.

 

I ran FRST with these results:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by Family (administrator) on FAMILY-PC on 22-09-2014 07:48:09
Running from C:\Users\Family\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\SysWOW64\afasrv64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\Search Extensions\Client.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
() C:\Program Files (x86)\CardIcon\iconcs50611310.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Family\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Seagate LLC) C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Search Extensions\uninstall.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [USBestCR] => C:\Program Files (x86)\cardicon\iconcs50611310.exe [7373824 2011-04-21] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [QwestTouchPointAgent] => "C:\Program Files (x86)\Qwest\Desktop\QwestTouchPointAgent.exe" /autostart
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [CarboniteSetupLite] => C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe [318096 2009-08-04] (Carbonite, Inc.)
HKLM-x32\...\Run: [MaxMenuMgr] => C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-25] (Seagate LLC)
HKLM-x32\...\Run: [USBestCR] => C:\Program Files (x86)\cardicon\iconcs50611310.exe [7373824 2011-04-21] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [CenturyLinkTouchPointAgent] => "C:\Program Files (x86)\Qwest\Desktop\CenturyLinkTouchPointAgent.exe" /autostart
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2240978667-2139091308-1655266104-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\S-1-5-21-2240978667-2139091308-1655266104-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1813928 2013-10-08] (Valve Corporation)
HKU\S-1-5-21-2240978667-2139091308-1655266104-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7763736 2014-09-17] (SUPERAntiSpyware)
HKU\S-1-5-21-2240978667-2139091308-1655266104-1000\...\Run: [Google+ Auto Backup] => C:\Users\Family\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3746120 2014-08-12] (Google Inc.)
HKU\S-1-5-21-2240978667-2139091308-1655266104-1000\...\Run: [AC96096499AAD424A6FF707AC333F10C57B3F0E7._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-03] (Google Inc.)
HKU\S-1-5-21-2240978667-2139091308-1655266104-1000\...\Run: [Amazon Music] => C:\Users\Family\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
HKU\S-1-5-21-2240978667-2139091308-1655266104-1000\...\Run: [Google Update] => C:\Users\Family\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-09-17] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49170;https=127.0.0.1:49170
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x957F2C8BBA5ACD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_md_14_30_ff&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy0D0D0EyByCtC0F0EtBtBtN0D0Tzu0SzytAyCtN1L2XzutAtFtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzzyCtCtAtAtB0AtG0DtAtA0FtGzztB0E0FtGtA0BtD0FtGtAtC0F0AtDzzyEzz0EtD0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtAtAtD0B0E0DyBtG0D0B0C0BtGyE0AzztBtG0ByB0CyCtGyByEtByC0CtDyEyBtByCtA0E2Q&cr=466389620&ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_md_14_30_ff&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy0D0D0EyByCtC0F0EtBtBtN0D0Tzu0SzytAyCtN1L2XzutAtFtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzzyCtCtAtAtB0AtG0DtAtA0FtGzztB0E0FtGtA0BtD0FtGtAtC0F0AtDzzyEzz0EtD0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtAtAtD0B0E0DyBtG0D0B0C0BtGyE0AzztBtG0ByB0CyCtGyByEtByC0CtDyEyBtByCtA0E2Q&cr=466389620&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_md_14_30_ff&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy0D0D0EyByCtC0F0EtBtBtN0D0Tzu0SzytAyCtN1L2XzutAtFtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzzyCtCtAtAtB0AtG0DtAtA0FtGzztB0E0FtGtA0BtD0FtGtAtC0F0AtDzzyEzz0EtD0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtAtAtD0B0E0DyBtG0D0B0C0BtGyE0AzztBtG0ByB0CyCtGyByEtByC0CtDyEyBtByCtA0E2Q&cr=466389620&ir=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: PodcastBHO Class -> {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} -> C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25

FireFox:
========
FF ProfilePath: C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default
FF DefaultSearchEngine: WSE Rocket
FF SelectedSearchEngine: WSE Rocket
FF Homepage: hxxp://www.wsdot.com/traffic/seattle/default.aspx
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> L:\Family\Jenna's stuff\Fun Stuff\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Family\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Family\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Family\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Family\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Family\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\lqntaf26.Darlene\user.js
FF user.js: detected! => C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\klypnjdj.Jenna\user.js
FF user.js: detected! => C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\user.js
FF user.js: detected! => C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\tvn6xr5d.Mark\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Family\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Family\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\searchplugins\searchplugins-backup
FF Extension: Forecastfox - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\lqntaf26.Darlene\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-10-08]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\lqntaf26.Darlene\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-04-09]
FF Extension: AnyColor - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\klypnjdj.Jenna\Extensions\anycolor.pavlos256@gmail.com [2011-04-09]
FF Extension: ColorfulTabs - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\klypnjdj.Jenna\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-08-28]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\klypnjdj.Jenna\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-04-09]
FF Extension: ColorZilla - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\klypnjdj.Jenna\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012-07-31]
FF Extension: <![CDATA[1-ClickWeather]]> - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\klypnjdj.Jenna\Extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03} [2011-04-09]
FF Extension: Personas Plus - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\klypnjdj.Jenna\Extensions\personas@christopher.beard.xpi [2011-04-09]
FF Extension: Rainbow - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\klypnjdj.Jenna\Extensions\rainbow@colors.org.xpi [2011-04-09]
FF Extension: Integrated Inbox for Gmail &amp; Google Apps - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\klypnjdj.Jenna\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi [2011-04-09]
FF Extension: Theme Font &amp; Size Changer - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\klypnjdj.Jenna\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2014-07-23]
FF Extension: Разпознаване на устройство Logitech - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\Extensions\DeviceDetection@logitech.com [2012-02-14]
FF Extension: Forecastfox - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013-06-12]
FF Extension: Personas Plus - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\Extensions\personas@christopher.beard.xpi [2013-02-28]
FF Extension: ArcadeYum - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\tvn6xr5d.Mark\Extensions\{C7928956-827D-4649-A234-BB758377C005}.xpi [2014-07-25]
FF Extension: No Name - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\tvn6xr5d.Mark\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-09-18]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-18]

Chrome: 
=======
CHR HomePage: Profile 1 -> F2500A9B3DC8B08C1080DEA1874365AB78E45412ED2E92BAA2663E713A5C7255
CHR DefaultSearchKeyword: Profile 1 -> B2F95D1D564B7677904ECEDD562DAE0FE85145F74964BA364D2E8DCDA3D041A8
CHR DefaultSearchProvider: Profile 1 -> 463B0744B594E3D369A07D3A25B2FE94F32314D7CA6EAB5005ECDC1A675EBB2F
CHR DefaultSearchURL: Profile 1 -> 046CA02947E478EB223362FE34F45B4FB2C2991D2D52356EB1E138A5BA47605A
CHR Profile: C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-03]
CHR Extension: (Google Drive) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-03]
CHR Extension: (YouTube) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-03]
CHR Extension: (Google Search) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-03]
CHR Extension: (Skype Click to Call) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-03]
CHR Extension: (Google Wallet) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-03]
CHR Extension: (Gmail) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-14] (SUPERAntiSpyware.com)
R2 AfaService; C:\Windows\SysWOW64\afasrv64.exe [73728 2011-04-21] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 sprtlisten; C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe [1213728 2008-01-08] (SupportSoft, Inc.)
S3 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [394608 2008-01-08] (SupportSoft, Inc.)
R3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20140919.001\IDSvia64.sys [633560 2014-08-27] (Symantec Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-18] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20140920.001\ENG64.SYS [129752 2014-09-19] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20140920.001\EX64.SYS [2137304 2014-09-19] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TFSysMon; system32\drivers\TfSysMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 07:48 - 2014-09-22 07:48 - 00027672 _____ () C:\Users\Family\Downloads\FRST.txt
2014-09-22 07:46 - 2014-09-22 07:47 - 02105856 _____ (Farbar) C:\Users\Family\Downloads\FRST64.exe
2014-09-21 00:27 - 2014-09-21 00:27 - 00001163 _____ () C:\Users\Family\Desktop\attach.txt
2014-09-21 00:26 - 2014-09-21 00:26 - 00688992 ____R (Swearware) C:\Users\Family\Downloads\dds.com
2014-09-20 23:47 - 2014-09-21 00:15 - 05578824 _____ (Swearware) C:\Users\Family\Downloads\ComboFix.exe
2014-09-20 21:19 - 2014-09-20 21:19 - 00000000 ____D () C:\Users\Family\AppData\Roaming\WinRAR
2014-09-20 21:18 - 2014-09-20 21:18 - 01745176 _____ () C:\Users\Family\AppData\Local\WinRarSetup.exe
2014-09-20 21:18 - 2014-09-20 21:18 - 01224123 _____ () C:\Users\Family\AppData\Local\Malware360Installer.exe
2014-09-20 21:18 - 2014-09-20 21:18 - 00004160 _____ () C:\Windows\System32\Tasks\RocketTab Update Task
2014-09-20 21:18 - 2014-09-20 21:18 - 00003374 _____ () C:\Windows\System32\Tasks\RocketTab
2014-09-20 21:18 - 2014-09-20 21:18 - 00003280 _____ () C:\Windows\System32\Tasks\Malware Protection 360
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Users\Family\AppData\Roaming\Linkey
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files\ShopperPro
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files\Settings Manager
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files\SearchProtect
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files\Linkey
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files\Common Files\Goobzo
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files (x86)\ShopperPro
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files (x86)\Settings Manager
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files (x86)\SearchProtect
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files (x86)\Linkey
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2014-09-20 21:17 - 2014-09-20 21:17 - 00114528 _____ () C:\Users\Family\Downloads\WinRarSetup.exe
2014-09-19 15:01 - 2014-09-19 15:01 - 00818111 _____ () C:\Users\Family\Downloads\OptiFine_1.7.10_HD_U_A4.jar
2014-09-19 14:53 - 2014-09-19 14:54 - 31716069 _____ () C:\Users\Family\Downloads\Invictus-2.0.zip
2014-09-19 14:41 - 2014-09-19 14:42 - 41790300 _____ () C:\Users\Family\Downloads\Invictus-1.0-Shader.zip
2014-09-18 17:23 - 2014-09-18 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-18 17:04 - 2014-09-18 17:04 - 00282856 _____ () C:\Windows\Minidump\091814-35131-01.dmp
2014-09-18 14:36 - 2014-09-18 17:04 - 495311463 _____ () C:\Windows\MEMORY.DMP
2014-09-18 14:36 - 2014-09-18 14:36 - 00283336 _____ () C:\Windows\Minidump\091814-45536-01.dmp
2014-09-17 16:53 - 2014-09-20 23:58 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2240978667-2139091308-1655266104-1000UA.job
2014-09-17 16:53 - 2014-09-20 16:58 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2240978667-2139091308-1655266104-1000Core.job
2014-09-17 16:53 - 2014-09-17 16:53 - 00895120 _____ (Google Inc.) C:\Users\Family\Downloads\GoogleVoiceAndVideoSetup.exe
2014-09-17 16:53 - 2014-09-17 16:53 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2240978667-2139091308-1655266104-1000UA
2014-09-17 16:53 - 2014-09-17 16:53 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2240978667-2139091308-1655266104-1000Core
2014-09-16 14:07 - 2014-09-16 14:07 - 02350021 _____ () C:\Users\Family\Downloads\mcpatcher-4.3.2_03.exe
2014-09-13 14:43 - 2014-09-13 14:43 - 00791895 _____ () C:\Users\Family\Downloads\OptiFine_1.7.10_HD_A4(1).jar
2014-09-13 14:42 - 2014-09-13 14:43 - 02995669 _____ () C:\Users\Family\Downloads\forge-1.7.10-10.13.0.1180-installer.jar
2014-09-13 14:38 - 2014-09-13 14:38 - 28271084 _____ () C:\Users\Family\Downloads\Soartex_Fanver.zip
2014-09-13 14:37 - 2014-09-13 14:37 - 02881197 _____ () C:\Users\Family\Downloads\Soartex-Patcher-2.4.jar
2014-09-10 22:06 - 2014-08-19 11:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 22:06 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 22:06 - 2014-08-18 16:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 22:06 - 2014-08-18 15:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 22:06 - 2014-08-18 15:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 22:06 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 22:06 - 2014-08-18 15:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 22:06 - 2014-08-18 15:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 22:06 - 2014-08-18 15:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 22:06 - 2014-08-18 15:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 22:06 - 2014-08-18 15:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 22:06 - 2014-08-18 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 22:06 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 22:06 - 2014-08-18 15:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 22:06 - 2014-08-18 15:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 22:06 - 2014-08-18 15:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 22:06 - 2014-08-18 15:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 22:06 - 2014-08-18 15:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 22:06 - 2014-08-18 15:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 22:06 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 22:06 - 2014-08-18 14:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 22:06 - 2014-08-18 14:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 22:06 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 22:06 - 2014-08-18 14:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 22:06 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 22:06 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 22:06 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 22:06 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 22:06 - 2014-08-18 14:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 22:06 - 2014-08-18 14:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 22:06 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 22:06 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 22:06 - 2014-08-18 14:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 22:06 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 22:06 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 22:06 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 22:06 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 22:06 - 2014-08-18 14:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 22:06 - 2014-08-18 14:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 22:06 - 2014-08-18 14:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 22:06 - 2014-08-18 14:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 22:06 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 22:06 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 22:06 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 22:06 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 22:06 - 2014-08-18 14:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 22:06 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 22:06 - 2014-08-18 14:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 22:06 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 22:06 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 22:06 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 22:06 - 2014-08-18 13:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 22:06 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 22:06 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 22:06 - 2014-08-18 13:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 22:06 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 21:56 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 21:56 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 07:15 - 2014-08-01 04:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 07:15 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 07:15 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 07:15 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 07:14 - 2014-09-04 19:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 07:14 - 2014-09-04 19:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 07:14 - 2014-07-06 19:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 07:14 - 2014-07-06 19:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 07:14 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 07:14 - 2014-07-06 18:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 07:14 - 2014-07-06 18:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-07 14:21 - 2014-09-07 14:21 - 00001095 _____ () C:\Users\Family\Desktop\Amazon Music.lnk
2014-09-07 14:19 - 2014-09-07 14:20 - 38603216 _____ (Amazon) C:\Users\Family\Downloads\AmazonMusicInstaller.exe
2014-09-04 19:14 - 2014-09-04 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-04 19:14 - 2014-09-04 19:14 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-08-28 08:51 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 08:51 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 08:51 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 12:07 - 2014-08-27 12:13 - 00065536 _____ () C:\Users\Family\Downloads\Aquamarine.sav
2014-08-27 12:05 - 2014-08-27 12:05 - 16777216 _____ () C:\Users\Family\Downloads\Aquamarine.gba
2014-08-27 12:04 - 2014-08-27 12:13 - 00002058 _____ () C:\Users\Family\Downloads\vba.ini
2014-08-27 12:04 - 2014-08-27 12:04 - 01974352 _____ (None) C:\Users\Family\Downloads\VisualBoyAdvance.exe
2014-08-23 14:17 - 2014-08-23 14:17 - 00000000 ____D () C:\SUPERDelete

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 07:49 - 2014-09-22 07:48 - 00027672 _____ () C:\Users\Family\Downloads\FRST.txt
2014-09-22 07:49 - 2013-12-16 13:13 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-22 07:48 - 2013-06-12 20:33 - 00000000 ____D () C:\FRST
2014-09-22 07:47 - 2014-09-22 07:46 - 02105856 _____ (Farbar) C:\Users\Family\Downloads\FRST64.exe
2014-09-22 07:45 - 2009-07-13 21:45 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-22 07:45 - 2009-07-13 21:45 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-22 07:44 - 2013-06-07 13:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-22 07:41 - 2012-01-03 15:16 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1C547016-EB69-4F9A-9EA2-E7315464B516}
2014-09-22 07:39 - 2013-06-10 22:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-22 07:38 - 2013-12-16 13:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-22 07:38 - 2013-11-30 13:46 - 00000000 ____D () C:\Users\Family\AppData\Local\LogMeIn Hamachi
2014-09-22 07:38 - 2013-11-29 23:22 - 00025668 _____ () C:\Windows\setupact.log
2014-09-22 07:38 - 2011-04-10 00:07 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-22 07:38 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-22 07:37 - 2013-11-29 23:22 - 00133872 _____ () C:\Windows\PFRO.log
2014-09-21 00:37 - 2011-04-09 15:28 - 01124657 _____ () C:\Windows\WindowsUpdate.log
2014-09-21 00:30 - 2012-04-03 16:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-21 00:27 - 2014-09-21 00:27 - 00001163 _____ () C:\Users\Family\Desktop\attach.txt
2014-09-21 00:27 - 2013-06-11 10:32 - 00021992 _____ () C:\Users\Family\Desktop\dds.txt
2014-09-21 00:26 - 2014-09-21 00:26 - 00688992 ____R (Swearware) C:\Users\Family\Downloads\dds.com
2014-09-21 00:15 - 2014-09-20 23:47 - 05578824 _____ (Swearware) C:\Users\Family\Downloads\ComboFix.exe
2014-09-21 00:14 - 2013-11-15 15:48 - 00000000 ____D () C:\Users\Family\AppData\Local\CrashDumps
2014-09-20 23:58 - 2014-09-17 16:53 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2240978667-2139091308-1655266104-1000UA.job
2014-09-20 23:53 - 2013-06-10 23:00 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-20 21:27 - 2012-07-30 08:29 - 00000000 ____D () C:\Users\Family\AppData\Roaming\.minecraft
2014-09-20 21:19 - 2014-09-20 21:19 - 00000000 ____D () C:\Users\Family\AppData\Roaming\WinRAR
2014-09-20 21:18 - 2014-09-20 21:18 - 01745176 _____ () C:\Users\Family\AppData\Local\WinRarSetup.exe
2014-09-20 21:18 - 2014-09-20 21:18 - 01224123 _____ () C:\Users\Family\AppData\Local\Malware360Installer.exe
2014-09-20 21:18 - 2014-09-20 21:18 - 00004160 _____ () C:\Windows\System32\Tasks\RocketTab Update Task
2014-09-20 21:18 - 2014-09-20 21:18 - 00003374 _____ () C:\Windows\System32\Tasks\RocketTab
2014-09-20 21:18 - 2014-09-20 21:18 - 00003280 _____ () C:\Windows\System32\Tasks\Malware Protection 360
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Users\Family\AppData\Roaming\Linkey
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files\ShopperPro
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files\Settings Manager
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files\SearchProtect
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files\Linkey
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files\Common Files\Goobzo
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files (x86)\ShopperPro
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files (x86)\Settings Manager
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files (x86)\SearchProtect
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files (x86)\Linkey
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2014-09-20 21:17 - 2014-09-20 21:17 - 00114528 _____ () C:\Users\Family\Downloads\WinRarSetup.exe
2014-09-20 16:58 - 2014-09-17 16:53 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2240978667-2139091308-1655266104-1000Core.job
2014-09-19 15:01 - 2014-09-19 15:01 - 00818111 _____ () C:\Users\Family\Downloads\OptiFine_1.7.10_HD_U_A4.jar
2014-09-19 14:54 - 2014-09-19 14:53 - 31716069 _____ () C:\Users\Family\Downloads\Invictus-2.0.zip
2014-09-19 14:42 - 2014-09-19 14:41 - 41790300 _____ () C:\Users\Family\Downloads\Invictus-1.0-Shader.zip
2014-09-19 11:10 - 2012-04-25 20:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-18 17:23 - 2014-09-18 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-18 17:04 - 2014-09-18 17:04 - 00282856 _____ () C:\Windows\Minidump\091814-35131-01.dmp
2014-09-18 17:04 - 2014-09-18 14:36 - 495311463 _____ () C:\Windows\MEMORY.DMP
2014-09-18 17:04 - 2011-06-27 10:42 - 00000000 ____D () C:\Windows\Minidump
2014-09-18 14:36 - 2014-09-18 14:36 - 00283336 _____ () C:\Windows\Minidump\091814-45536-01.dmp
2014-09-18 14:24 - 2014-04-12 23:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-17 22:40 - 2011-06-18 09:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-17 17:43 - 2014-03-08 20:07 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Skype
2014-09-17 16:58 - 2014-01-07 19:50 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-09-17 16:54 - 2012-07-30 13:38 - 00000000 ____D () C:\Users\Family\AppData\Local\Google
2014-09-17 16:54 - 2011-04-09 16:38 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Mozilla
2014-09-17 16:53 - 2014-09-17 16:53 - 00895120 _____ (Google Inc.) C:\Users\Family\Downloads\GoogleVoiceAndVideoSetup.exe
2014-09-17 16:53 - 2014-09-17 16:53 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2240978667-2139091308-1655266104-1000UA
2014-09-17 16:53 - 2014-09-17 16:53 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2240978667-2139091308-1655266104-1000Core
2014-09-16 14:07 - 2014-09-16 14:07 - 02350021 _____ () C:\Users\Family\Downloads\mcpatcher-4.3.2_03.exe
2014-09-13 14:43 - 2014-09-13 14:43 - 00791895 _____ () C:\Users\Family\Downloads\OptiFine_1.7.10_HD_A4(1).jar
2014-09-13 14:43 - 2014-09-13 14:42 - 02995669 _____ () C:\Users\Family\Downloads\forge-1.7.10-10.13.0.1180-installer.jar
2014-09-13 14:38 - 2014-09-13 14:38 - 28271084 _____ () C:\Users\Family\Downloads\Soartex_Fanver.zip
2014-09-13 14:37 - 2014-09-13 14:37 - 02881197 _____ () C:\Users\Family\Downloads\Soartex-Patcher-2.4.jar
2014-09-11 08:45 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-09-10 22:12 - 2011-04-10 12:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 22:04 - 2013-12-10 22:18 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 22:04 - 2009-07-13 22:13 - 00774632 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 22:03 - 2013-07-10 23:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 21:56 - 2011-04-10 09:38 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 21:55 - 2014-04-29 22:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 15:30 - 2014-07-08 21:30 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-09 15:30 - 2012-04-03 16:59 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-09 15:30 - 2012-04-03 16:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 15:30 - 2011-05-16 15:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-07 14:21 - 2014-09-07 14:21 - 00001095 _____ () C:\Users\Family\Desktop\Amazon Music.lnk
2014-09-07 14:20 - 2014-09-07 14:19 - 38603216 _____ (Amazon) C:\Users\Family\Downloads\AmazonMusicInstaller.exe
2014-09-06 18:47 - 2014-03-08 20:07 - 00000000 ____D () C:\ProgramData\Skype
2014-09-04 19:37 - 2014-06-19 13:37 - 00000000 ____D () C:\Users\Family\AppData\Local\Adobe
2014-09-04 19:14 - 2014-09-04 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-04 19:14 - 2014-09-04 19:14 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-09-04 19:10 - 2014-09-10 07:14 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 19:05 - 2014-09-10 07:14 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-29 06:54 - 2009-07-13 21:45 - 00478528 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 12:13 - 2014-08-27 12:07 - 00065536 _____ () C:\Users\Family\Downloads\Aquamarine.sav
2014-08-27 12:13 - 2014-08-27 12:04 - 00002058 _____ () C:\Users\Family\Downloads\vba.ini
2014-08-27 12:05 - 2014-08-27 12:05 - 16777216 _____ () C:\Users\Family\Downloads\Aquamarine.gba
2014-08-27 12:04 - 2014-08-27 12:04 - 01974352 _____ (None) C:\Users\Family\Downloads\VisualBoyAdvance.exe
2014-08-23 14:17 - 2014-08-23 14:17 - 00000000 ____D () C:\SUPERDelete
2014-08-23 14:17 - 2012-08-11 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

Some content of TEMP:
====================
C:\Users\Family\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Family\AppData\Local\Temp\System.Data.SQLite67392.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 09:59

==================== End Of Log ============================

When I tried to run GMER.exe, it started okay, but part way through the computer crashed and gave me a blue screen with a bunch of errors. I restarted the computer, but it seems to start slower now. I did not try to run GMER.exe a second time, and I did not then try to run TDSS.

 

Please let me know what you want me to do next.

 

Regards,

 

Ron Nelson



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:53 AM

Posted 23 September 2014 - 07:32 AM

Please post up the addition.txt by FRST as well.

Try to run Gmer again. If it fails, skip it and proceed with TDSS-Killer.

 

If it works, post both logs.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 RDN1

RDN1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 23 September 2014 - 09:42 AM

Thanks, here is the Addition.txt file:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
Ran by Family at 2014-09-23 06:51:35
Running from C:\Users\Family\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton AntiVirus Online (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton AntiVirus Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
Amazon MP3 Downloader 1.0.18 (HKCU\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Carbonite Online Backup Setup (HKLM-x32\...\Carbonite Setup Lite) (Version: 3.8.0 - Carbonite Inc.)
Card Icon Program 1.7.0.0 (HKLM-x32\...\Card Icon Program_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
CenturyLink Installer (HKLM-x32\...\{C96FF998-45BD-411E-9253-B7F2660FE280}) (Version: 1.0 - CenturyLink, Inc.)
CPUID HWMonitor 1.18 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DolbyFiles (x32 Version: 0.1 - Nero AG) Hidden
doubleTwist (HKLM-x32\...\doubleTwist) (Version: 3.2.2.17028 - doubleTwist Corporation)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
File Extractor (HKLM-x32\...\Tweaks File Extractor) (Version: 1.1.1 - Tweaks) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java(TM) 6 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416031FF}) (Version: 6.0.310 - Oracle)
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Menu Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Movie Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) Hidden
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 11.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 11.0.1 (x86 en-US)) (Version: 11.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{48e30cd9-86be-4b02-b100-0b903ad38981}) (Version:  - Nero AG)
Nero BurnRights (x32 Version: 3.4.11.100 - Nero AG) Hidden
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 4.4.9.100 - Nero AG) Hidden
Nero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.11.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.11.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.6.2.101 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.11.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.0.100 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.12.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.12.100 - Nero AG) Hidden
Nero Vision (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero Vision Help (x32 Version: 6.4.8.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.17.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 20.4.0.40 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Control Panel 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5856 - NVIDIA Corporation)
NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
PFPortChecker 1.0.39 (HKLM-x32\...\PFPortChecker) (Version: 1.0.39 - Portforward.com)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Qwest QuickAssist Desktop Tools (HKLM-x32\...\{A63E18AC-B504-4045-AFE6-A279BBABB988}) (Version: 23 - SupportSoft)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
RocketTab (HKLM-x32\...\RocketTab) (Version:  - RocketTab) <==== ATTENTION
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Seagate Manager Installer (HKLM-x32\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
Seagate Manager Installer (x32 Version: 2.01.0600 - Seagate) Hidden
SereneScreen Marine Aquarium 2.6 (HKLM-x32\...\SereneScreen Marine Aquarium 2.6 & LifeGlobe Gol~BB92B863_is1) (Version: 2 - Prolific Publishing, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.19 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1020 - SUPERAntiSpyware.com)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2010 WinPerFedFormset (x32 Version: 010.000.4227 - Intuit Inc.) Hidden
TurboTax 2010 WinPerReleaseEngine (x32 Version: 010.000.0483 - Intuit Inc.) Hidden
TurboTax 2010 WinPerTaxSupport (x32 Version: 010.000.0214 - Intuit Inc.) Hidden
TurboTax 2010 wrapper (x32 Version: 010.000.0157 - Intuit Inc.) Hidden
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.2999 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0474 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0214 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (x32 Version: 011.000.0121 - Intuit Inc.) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2083 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1986 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0168 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WSE Rocket (HKLM-x32\...\WSE Rocket) (Version:  - WSE Rocket) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2240978667-2139091308-1655266104-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Family\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2240978667-2139091308-1655266104-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Family\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

11-09-2014 04:55:04 Windows Update
20-09-2014 16:36:32 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2013-06-17 21:40 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05BAD1B6-56E1-4C84-9188-0B81324BB101} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-09-20] () <==== ATTENTION
Task: {069F2481-26FE-41D0-AF5E-A25BA958BD73} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-16] (Google Inc.)
Task: {08945961-3741-4DA2-9F46-0F73B05EA007} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-16] (Google Inc.)
Task: {0C34F026-27F2-4976-A661-E534BB60945E} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {0DA871F4-EDAA-4847-A9E4-E726A3E25C32} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {1D98B6C0-21CA-4DE2-8A68-2770F2DF5C61} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {47331E35-C828-4418-959C-715CD2D08D21} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2240978667-2139091308-1655266104-1000Core => C:\Users\Family\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-17] (Google Inc.)
Task: {4E81943F-213B-4C95-884F-0FC0FFE64374} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {56EA9A92-56E0-40C8-B59C-D00FF39FB538} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5F6BA59F-7AB5-4B66-9739-75A5F29C61B7} - System32\Tasks\Malware Protection 360 => C:\Program Files (x86)\MalwareProtection360\MalwareProtection360\malwareprotection360.exe
Task: {5F94E677-AE57-4C17-AA63-A2BD14313AED} - \RegClean Pro No Task File <==== ATTENTION
Task: {6FBFEEB2-5F26-4874-8DE9-095887DCA1A2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2240978667-2139091308-1655266104-1000UA => C:\Users\Family\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-17] (Google Inc.)
Task: {72EAC4B9-27E4-42A4-BB51-483E87801DF5} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {9CDC665E-A39A-484D-BE65-D6D964DAB9FB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {A1AC4514-4A38-450E-ACA8-4729D28027E6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {A1DBC3EE-AA1D-4567-8A85-6F0EDBED4A33} - System32\Tasks\RocketTab => cmd.exe  <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {B0EA1B2E-4BDA-44DF-922A-FFCA87F44237} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {D37B45B0-31EF-4DB8-824B-1F2CDEDE3AF0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {DD0E645A-8D17-47DE-B1E9-E2D038A95A22} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {E894776C-2313-4ED5-A6ED-2BFB63623429} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {EA846741-FE6D-4153-B7F8-336F4161DBCD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)
Task: {F2156DA7-5885-492C-A95B-35D5D5D94D5B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {FA58D929-2597-452F-9204-B3721D6F6489} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2240978667-2139091308-1655266104-1000Core.job => C:\Users\Family\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2240978667-2139091308-1655266104-1000UA.job => C:\Users\Family\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-10-27 06:25 - 2013-03-14 21:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-04-21 20:50 - 2011-04-21 20:50 - 00073728 _____ () C:\Windows\SysWOW64\afasrv64.exe
2014-09-20 21:18 - 2014-09-20 21:18 - 01423080 _____ () C:\Program Files (x86)\Search Extensions\Client.exe
2011-04-21 20:50 - 2011-04-21 20:50 - 07373824 _____ () C:\Program Files (x86)\CardIcon\iconcs50611310.exe
2011-10-07 02:39 - 2011-10-07 02:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2014-09-07 14:20 - 2014-07-22 13:46 - 03356480 _____ () C:\Users\Family\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-10 23:00 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-06-10 23:00 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-06-10 23:00 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-06-10 23:00 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-06-10 23:00 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2009-08-20 12:35 - 2009-08-20 12:35 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-08-20 12:35 - 2009-08-20 12:35 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-08-20 12:35 - 2009-08-20 12:35 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-09-18 17:23 - 2014-09-18 17:23 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-04-10 19:38 - 2011-04-10 19:38 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2011-04-10 19:38 - 2011-04-10 19:38 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: ATA Channel 0
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: ATA Channel 1
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/23/2014 06:44:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x880
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3

Error: (09/22/2014 08:19:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x9cc
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3

Error: (09/22/2014 08:09:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x9d4
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3

Error: (09/22/2014 07:38:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x9c8
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3

Error: (09/21/2014 00:14:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xa0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (09/21/2014 00:06:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x16bc
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (09/21/2014 00:06:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xe8c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (09/21/2014 00:06:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x618
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (09/20/2014 11:46:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x10f0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (09/20/2014 11:46:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x166c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3


System errors:
=============
Error: (09/23/2014 06:46:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069

Error: (09/23/2014 06:46:30 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (09/23/2014 06:44:15 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
TfFsMon
TFSysMon

Error: (09/23/2014 06:44:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%1053

Error: (09/23/2014 06:44:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (09/23/2014 06:43:33 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (09/23/2014 06:43:33 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on processor 5 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (09/23/2014 06:43:33 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on processor 7 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (09/23/2014 06:43:33 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on processor 3 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (09/23/2014 06:43:33 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on processor 4 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.


Microsoft Office Sessions:
=========================
Error: (01/10/2012 03:31:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 63 seconds with 60 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz
Percentage of memory in use: 23%
Total physical RAM: 12279.18 MB
Available physical RAM: 9336.23 MB
Total Pagefile: 24556.54 MB
Available Pagefile: 21570.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:292.97 GB) (Free:182.79 GB) NTFS
Drive k: (New Volume) (Fixed) (Total:19.53 GB) (Free:19.41 GB) NTFS
Drive l: (Documents) (Fixed) (Total:292.97 GB) (Free:225.58 GB) NTFS
Drive m: (New Volume) (Fixed) (Total:386.13 GB) (Free:386 GB) NTFS
Drive n: (FreeAgent Drive) (Fixed) (Total:931.51 GB) (Free:820.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: EBE2A502)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=293 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: F59AEC42)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=386.1 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 6AA01702)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Gmer ran this time, here is the ark.txt file:

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-23 07:02:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 ST3750528AS rev.CC44 698.64GB
Running: 6vmyedy3.exe; Driver: C:\Users\Family\AppData\Local\Temp\pxdiipod.sys


---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2404:2532]  000007fef7f63e0c
Thread  C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2404:2544]  000007fef7f63e0c
Thread  C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2404:2552]  000007fef68cbc60
Thread  C:\Program Files (x86)\Search Extensions\Client.exe [2564:2692]             000000006ee232fb
Thread  C:\Program Files (x86)\Search Extensions\Client.exe [2564:2860]             000000006cd7784b

---- EOF - GMER 2.1 ----

TDSS-killer also forced a shutdown, but here is the log for it:

07:04:26.0726 0x0f70  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
07:04:38.0570 0x0f70  ============================================================
07:04:38.0570 0x0f70  Current date / time: 2014/09/23 07:04:38.0570
07:04:38.0570 0x0f70  SystemInfo:
07:04:38.0570 0x0f70  
07:04:38.0570 0x0f70  OS Version: 6.1.7601 ServicePack: 1.0
07:04:38.0570 0x0f70  Product type: Workstation
07:04:38.0570 0x0f70  ComputerName: FAMILY-PC
07:04:38.0570 0x0f70  UserName: Family
07:04:38.0570 0x0f70  Windows directory: C:\Windows
07:04:38.0570 0x0f70  System windows directory: C:\Windows
07:04:38.0570 0x0f70  Running under WOW64
07:04:38.0570 0x0f70  Processor architecture: Intel x64
07:04:38.0570 0x0f70  Number of processors: 8
07:04:38.0570 0x0f70  Page size: 0x1000
07:04:38.0570 0x0f70  Boot type: Normal boot
07:04:38.0570 0x0f70  ============================================================
07:04:40.0527 0x0f70  KLMD registered as C:\Windows\system32\drivers\77952284.sys
07:04:40.0808 0x0f70  System UUID: {23D160AB-3C17-6ADB-A581-A3B860711D46}
07:04:41.0235 0x0f70  Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:04:41.0242 0x0f70  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x17A85, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
07:04:41.0246 0x0f70  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB5C00 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:04:41.0258 0x0f70  ============================================================
07:04:41.0258 0x0f70  \Device\Harddisk1\DR1:
07:04:41.0259 0x0f70  MBR partitions:
07:04:41.0259 0x0f70  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2710000
07:04:41.0259 0x0f70  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x2710800, BlocksNum 0x249F0000
07:04:41.0259 0x0f70  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x27100800, BlocksNum 0x30444800
07:04:41.0259 0x0f70  \Device\Harddisk0\DR0:
07:04:41.0259 0x0f70  MBR partitions:
07:04:41.0259 0x0f70  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
07:04:41.0259 0x0f70  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x249F0000
07:04:41.0259 0x0f70  \Device\Harddisk2\DR2:
07:04:41.0259 0x0f70  MBR partitions:
07:04:41.0259 0x0f70  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
07:04:41.0259 0x0f70  ============================================================
07:04:41.0274 0x0f70  C: <-> \Device\Harddisk0\DR0\Partition2
07:04:41.0286 0x0f70  K: <-> \Device\Harddisk1\DR1\Partition1
07:04:41.0295 0x0f70  L: <-> \Device\Harddisk1\DR1\Partition2
07:04:41.0324 0x0f70  M: <-> \Device\Harddisk1\DR1\Partition3
07:04:41.0327 0x0f70  N: <-> \Device\Harddisk2\DR2\Partition1
07:04:41.0327 0x0f70  ============================================================
07:04:41.0327 0x0f70  Initialize success
07:04:41.0327 0x0f70  ============================================================
07:04:52.0261 0x0b3c  ============================================================
07:04:52.0261 0x0b3c  Scan started
07:04:52.0261 0x0b3c  Mode: Manual; 
07:04:52.0261 0x0b3c  ============================================================
07:04:52.0261 0x0b3c  KSN ping started
07:05:06.0138 0x0b3c  KSN ping finished: true
07:05:07.0136 0x0b3c  ================ Scan system memory ========================
07:05:07.0136 0x0b3c  System memory - ok
07:05:07.0136 0x0b3c  ================ Scan services =============================
07:05:07.0261 0x0b3c  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
07:05:07.0261 0x0b3c  !SASCORE - ok
07:05:07.0386 0x0b3c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
07:05:07.0386 0x0b3c  1394ohci - ok
07:05:07.0432 0x0b3c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
07:05:07.0448 0x0b3c  ACPI - ok
07:05:07.0464 0x0b3c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
07:05:07.0464 0x0b3c  AcpiPmi - ok
07:05:07.0557 0x0b3c  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:05:07.0557 0x0b3c  AdobeARMservice - ok
07:05:07.0682 0x0b3c  [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:05:07.0682 0x0b3c  AdobeFlashPlayerUpdateSvc - ok
07:05:07.0729 0x0b3c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
07:05:07.0729 0x0b3c  adp94xx - ok
07:05:07.0760 0x0b3c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
07:05:07.0776 0x0b3c  adpahci - ok
07:05:07.0791 0x0b3c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
07:05:07.0791 0x0b3c  adpu320 - ok
07:05:07.0822 0x0b3c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
07:05:07.0822 0x0b3c  AeLookupSvc - ok
07:05:07.0838 0x0b3c  AfaService - ok
07:05:07.0885 0x0b3c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
07:05:07.0900 0x0b3c  AFD - ok
07:05:07.0947 0x0b3c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
07:05:07.0947 0x0b3c  agp440 - ok
07:05:07.0947 0x0b3c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
07:05:07.0963 0x0b3c  ALG - ok
07:05:07.0994 0x0b3c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
07:05:07.0994 0x0b3c  aliide - ok
07:05:08.0025 0x0b3c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
07:05:08.0025 0x0b3c  amdide - ok
07:05:08.0041 0x0b3c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
07:05:08.0041 0x0b3c  AmdK8 - ok
07:05:08.0041 0x0b3c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
07:05:08.0041 0x0b3c  AmdPPM - ok
07:05:08.0072 0x0b3c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
07:05:08.0072 0x0b3c  amdsata - ok
07:05:08.0088 0x0b3c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
07:05:08.0088 0x0b3c  amdsbs - ok
07:05:08.0119 0x0b3c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
07:05:08.0119 0x0b3c  amdxata - ok
07:05:08.0166 0x0b3c  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
07:05:08.0166 0x0b3c  AppID - ok
07:05:08.0181 0x0b3c  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
07:05:08.0181 0x0b3c  AppIDSvc - ok
07:05:08.0212 0x0b3c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
07:05:08.0212 0x0b3c  Appinfo - ok
07:05:08.0290 0x0b3c  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:05:08.0290 0x0b3c  Apple Mobile Device - ok
07:05:08.0322 0x0b3c  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
07:05:08.0337 0x0b3c  AppMgmt - ok
07:05:08.0353 0x0b3c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
07:05:08.0353 0x0b3c  arc - ok
07:05:08.0384 0x0b3c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
07:05:08.0384 0x0b3c  arcsas - ok
07:05:08.0478 0x0b3c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:05:08.0493 0x0b3c  aspnet_state - ok
07:05:08.0524 0x0b3c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
07:05:08.0524 0x0b3c  AsyncMac - ok
07:05:08.0524 0x0b3c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
07:05:08.0524 0x0b3c  atapi - ok
07:05:08.0587 0x0b3c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:05:08.0587 0x0b3c  AudioEndpointBuilder - ok
07:05:08.0618 0x0b3c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
07:05:08.0618 0x0b3c  AudioSrv - ok
07:05:08.0665 0x0b3c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
07:05:08.0665 0x0b3c  AxInstSV - ok
07:05:08.0696 0x0b3c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
07:05:08.0696 0x0b3c  b06bdrv - ok
07:05:08.0727 0x0b3c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
07:05:08.0727 0x0b3c  b57nd60a - ok
07:05:08.0758 0x0b3c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
07:05:08.0758 0x0b3c  BDESVC - ok
07:05:08.0774 0x0b3c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
07:05:08.0774 0x0b3c  Beep - ok
07:05:08.0821 0x0b3c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
07:05:08.0836 0x0b3c  BFE - ok
07:05:09.0024 0x0b3c  [ B20C7345F7EAD6C5E3EFA52E044411B6, 63DC57908D77B77907A278AD219240AEDD502272D5D3D35D5339172CDE36DA86 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20140912.003\BHDrvx64.sys
07:05:09.0039 0x0b3c  BHDrvx64 - ok
07:05:09.0086 0x0b3c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
07:05:09.0102 0x0b3c  BITS - ok
07:05:09.0133 0x0b3c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
07:05:09.0133 0x0b3c  blbdrive - ok
07:05:09.0180 0x0b3c  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:05:09.0195 0x0b3c  Bonjour Service - ok
07:05:09.0242 0x0b3c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
07:05:09.0242 0x0b3c  bowser - ok
07:05:09.0258 0x0b3c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:05:09.0258 0x0b3c  BrFiltLo - ok
07:05:09.0273 0x0b3c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:05:09.0273 0x0b3c  BrFiltUp - ok
07:05:09.0304 0x0b3c  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
07:05:09.0320 0x0b3c  BridgeMP - ok
07:05:09.0351 0x0b3c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
07:05:09.0351 0x0b3c  Browser - ok
07:05:09.0367 0x0b3c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
07:05:09.0382 0x0b3c  Brserid - ok
07:05:09.0382 0x0b3c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
07:05:09.0382 0x0b3c  BrSerWdm - ok
07:05:09.0398 0x0b3c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
07:05:09.0398 0x0b3c  BrUsbMdm - ok
07:05:09.0414 0x0b3c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
07:05:09.0414 0x0b3c  BrUsbSer - ok
07:05:09.0429 0x0b3c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
07:05:09.0429 0x0b3c  BTHMODEM - ok
07:05:09.0460 0x0b3c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
07:05:09.0460 0x0b3c  bthserv - ok
07:05:09.0585 0x0b3c  [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
07:05:09.0601 0x0b3c  c2cautoupdatesvc - ok
07:05:09.0694 0x0b3c  [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
07:05:09.0726 0x0b3c  c2cpnrsvc - ok
07:05:09.0804 0x0b3c  [ 56685951208AC81CF923B9B08BEDF3B7, F5FF438B9A54AD8D54E82DE60E1771C9685A95D5E590D69EB1E4E78D3B9B7769 ] ccSet_NAV       C:\Windows\system32\drivers\NAVx64\1404000.028\ccSetx64.sys
07:05:09.0804 0x0b3c  ccSet_NAV - ok
07:05:09.0835 0x0b3c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
07:05:09.0835 0x0b3c  cdfs - ok
07:05:09.0882 0x0b3c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
07:05:09.0897 0x0b3c  cdrom - ok
07:05:09.0928 0x0b3c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
07:05:09.0944 0x0b3c  CertPropSvc - ok
07:05:09.0944 0x0b3c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
07:05:09.0960 0x0b3c  circlass - ok
07:05:09.0975 0x0b3c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
07:05:09.0975 0x0b3c  CLFS - ok
07:05:10.0038 0x0b3c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:05:10.0038 0x0b3c  clr_optimization_v2.0.50727_32 - ok
07:05:10.0084 0x0b3c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:05:10.0084 0x0b3c  clr_optimization_v2.0.50727_64 - ok
07:05:10.0147 0x0b3c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:05:10.0162 0x0b3c  clr_optimization_v4.0.30319_32 - ok
07:05:10.0178 0x0b3c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:05:10.0178 0x0b3c  clr_optimization_v4.0.30319_64 - ok
07:05:10.0225 0x0b3c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
07:05:10.0225 0x0b3c  CmBatt - ok
07:05:10.0256 0x0b3c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
07:05:10.0256 0x0b3c  cmdide - ok
07:05:10.0303 0x0b3c  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
07:05:10.0318 0x0b3c  CNG - ok
07:05:10.0334 0x0b3c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
07:05:10.0334 0x0b3c  Compbatt - ok
07:05:10.0365 0x0b3c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
07:05:10.0365 0x0b3c  CompositeBus - ok
07:05:10.0365 0x0b3c  COMSysApp - ok
07:05:10.0428 0x0b3c  [ 262969A3FAB32B9E17E63E2D17A57744, 1EE59EB28688E73D10838C66E0D8E011C8DF45B6B43A4AC5D0B75795CA3EB512 ] cpuz135         C:\Windows\system32\drivers\cpuz135_x64.sys
07:05:10.0428 0x0b3c  cpuz135 - ok
07:05:10.0443 0x0b3c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
07:05:10.0443 0x0b3c  crcdisk - ok
07:05:10.0474 0x0b3c  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
07:05:10.0474 0x0b3c  CryptSvc - ok
07:05:10.0521 0x0b3c  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
07:05:10.0537 0x0b3c  CSC - ok
07:05:10.0584 0x0b3c  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
07:05:10.0599 0x0b3c  CscService - ok
07:05:10.0662 0x0b3c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
07:05:10.0662 0x0b3c  DcomLaunch - ok
07:05:10.0693 0x0b3c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
07:05:10.0693 0x0b3c  defragsvc - ok
07:05:10.0740 0x0b3c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
07:05:10.0740 0x0b3c  DfsC - ok
07:05:10.0771 0x0b3c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
07:05:10.0771 0x0b3c  Dhcp - ok
07:05:10.0786 0x0b3c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
07:05:10.0786 0x0b3c  discache - ok
07:05:10.0802 0x0b3c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
07:05:10.0802 0x0b3c  Disk - ok
07:05:10.0849 0x0b3c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
07:05:10.0849 0x0b3c  Dnscache - ok
07:05:10.0896 0x0b3c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
07:05:10.0896 0x0b3c  dot3svc - ok
07:05:10.0927 0x0b3c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
07:05:10.0927 0x0b3c  DPS - ok
07:05:10.0974 0x0b3c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
07:05:10.0974 0x0b3c  drmkaud - ok
07:05:11.0036 0x0b3c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
07:05:11.0052 0x0b3c  DXGKrnl - ok
07:05:11.0083 0x0b3c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
07:05:11.0083 0x0b3c  EapHost - ok
07:05:11.0192 0x0b3c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
07:05:11.0239 0x0b3c  ebdrv - ok
07:05:11.0301 0x0b3c  [ 03E1B8BA59327D186C7C533A6998FEF9, 224937A697B55BD9CCD790771DBE9D135021AD1DC3E6D6AC7C431C56F0FFBBB5 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
07:05:11.0301 0x0b3c  eeCtrl - ok
07:05:11.0348 0x0b3c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
07:05:11.0348 0x0b3c  EFS - ok
07:05:11.0379 0x0b3c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
07:05:11.0395 0x0b3c  ehRecvr - ok
07:05:11.0426 0x0b3c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
07:05:11.0426 0x0b3c  ehSched - ok
07:05:11.0442 0x0b3c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
07:05:11.0457 0x0b3c  elxstor - ok
07:05:11.0535 0x0b3c  [ 142EA7DF1851C563571F2DCFC7AFBB40, 14DE008B68D127F246A64290DFCBD7ECDE8FF7932B3BAE660EB131860E826EAD ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
07:05:11.0535 0x0b3c  EraserUtilRebootDrv - ok
07:05:11.0582 0x0b3c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
07:05:11.0582 0x0b3c  ErrDev - ok
07:05:11.0613 0x0b3c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
07:05:11.0613 0x0b3c  EventSystem - ok
07:05:11.0629 0x0b3c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
07:05:11.0629 0x0b3c  exfat - ok
07:05:11.0644 0x0b3c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
07:05:11.0660 0x0b3c  fastfat - ok
07:05:11.0722 0x0b3c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
07:05:11.0738 0x0b3c  Fax - ok
07:05:11.0738 0x0b3c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
07:05:11.0754 0x0b3c  fdc - ok
07:05:11.0754 0x0b3c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
07:05:11.0754 0x0b3c  fdPHost - ok
07:05:11.0769 0x0b3c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
07:05:11.0769 0x0b3c  FDResPub - ok
07:05:11.0785 0x0b3c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
07:05:11.0785 0x0b3c  FileInfo - ok
07:05:11.0800 0x0b3c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
07:05:11.0800 0x0b3c  Filetrace - ok
07:05:11.0816 0x0b3c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
07:05:11.0816 0x0b3c  flpydisk - ok
07:05:11.0863 0x0b3c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
07:05:11.0863 0x0b3c  FltMgr - ok
07:05:11.0925 0x0b3c  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
07:05:11.0956 0x0b3c  FontCache - ok
07:05:12.0003 0x0b3c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:05:12.0003 0x0b3c  FontCache3.0.0.0 - ok
07:05:12.0081 0x0b3c  [ 9513B437B7ADB1E6065B7F0D83D11ECF, 3CC583C10D177635AD7BBB308AD90232651244EC66D8E93258316C35956C3D50 ] FreeAgentGoNext Service C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
07:05:12.0081 0x0b3c  FreeAgentGoNext Service - ok
07:05:12.0097 0x0b3c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
07:05:12.0097 0x0b3c  FsDepends - ok
07:05:12.0128 0x0b3c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
07:05:12.0128 0x0b3c  Fs_Rec - ok
07:05:12.0190 0x0b3c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
07:05:12.0190 0x0b3c  fvevol - ok
07:05:12.0206 0x0b3c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
07:05:12.0222 0x0b3c  gagp30kx - ok
07:05:12.0237 0x0b3c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:05:12.0237 0x0b3c  GEARAspiWDM - ok
07:05:12.0300 0x0b3c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
07:05:12.0315 0x0b3c  gpsvc - ok
07:05:12.0440 0x0b3c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:05:12.0440 0x0b3c  gupdate - ok
07:05:12.0471 0x0b3c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:05:12.0471 0x0b3c  gupdatem - ok
07:05:12.0487 0x0b3c  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
07:05:12.0502 0x0b3c  gusvc - ok
07:05:12.0549 0x0b3c  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
07:05:12.0549 0x0b3c  hamachi - ok
07:05:12.0674 0x0b3c  [ CD926C6DE583ADBE1A3A9A62C310FDE2, 9E5E2D9F3342ACBAD6E0F6A1DEFC369A30E5CB6743EF2178A886A95263E5B7EF ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
07:05:12.0705 0x0b3c  Hamachi2Svc - ok
07:05:12.0736 0x0b3c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
07:05:12.0736 0x0b3c  hcw85cir - ok
07:05:12.0783 0x0b3c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:05:12.0799 0x0b3c  HdAudAddService - ok
07:05:12.0814 0x0b3c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
07:05:12.0814 0x0b3c  HDAudBus - ok
07:05:12.0830 0x0b3c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
07:05:12.0830 0x0b3c  HidBatt - ok
07:05:12.0846 0x0b3c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
07:05:12.0861 0x0b3c  HidBth - ok
07:05:12.0877 0x0b3c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
07:05:12.0877 0x0b3c  HidIr - ok
07:05:12.0892 0x0b3c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
07:05:12.0892 0x0b3c  hidserv - ok
07:05:12.0939 0x0b3c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
07:05:12.0939 0x0b3c  HidUsb - ok
07:05:12.0970 0x0b3c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
07:05:12.0970 0x0b3c  hkmsvc - ok
07:05:13.0002 0x0b3c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:05:13.0002 0x0b3c  HomeGroupListener - ok
07:05:13.0048 0x0b3c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:05:13.0048 0x0b3c  HomeGroupProvider - ok
07:05:13.0080 0x0b3c  [ DBD2BB97A574FC565B1EB5C0A03F917A, 3946F8F95C3A7371E168BC82F068E7F830A07FD545A16F47336902E174E0370A ] HPFXBULK        C:\Windows\system32\drivers\hpfx64bulk.sys
07:05:13.0080 0x0b3c  HPFXBULK - ok
07:05:13.0095 0x0b3c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
07:05:13.0095 0x0b3c  HpSAMD - ok
07:05:13.0142 0x0b3c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
07:05:13.0158 0x0b3c  HTTP - ok
07:05:13.0189 0x0b3c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
07:05:13.0189 0x0b3c  hwpolicy - ok
07:05:13.0236 0x0b3c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
07:05:13.0236 0x0b3c  i8042prt - ok
07:05:13.0282 0x0b3c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
07:05:13.0282 0x0b3c  iaStorV - ok
07:05:13.0345 0x0b3c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:05:13.0360 0x0b3c  idsvc - ok
07:05:13.0470 0x0b3c  [ 77AC93E28B5F4DCE317EFA695E3F59E3, 57D510CEE1B777CFB52CECBAB43B0698A53B048B7E0C622473DEA9E03E2D9BEF ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20140919.001\IDSvia64.sys
07:05:13.0470 0x0b3c  IDSVia64 - ok
07:05:13.0485 0x0b3c  IEEtwCollectorService - ok
07:05:13.0516 0x0b3c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
07:05:13.0516 0x0b3c  iirsp - ok
07:05:13.0563 0x0b3c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
07:05:13.0579 0x0b3c  IKEEXT - ok
07:05:13.0844 0x0b3c  [ C2F868881D48A568B525255F084EF063, EFB1704AE223CF886EDA5F1411C8178EDE4B5E1F7EE373E3DA89A6EA1A57D91D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
07:05:13.0906 0x0b3c  IntcAzAudAddService - ok
07:05:13.0938 0x0b3c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
07:05:13.0938 0x0b3c  intelide - ok
07:05:13.0969 0x0b3c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
07:05:13.0969 0x0b3c  intelppm - ok
07:05:14.0062 0x0b3c  [ 3DC635B66DD7412E1C9C3A77B8D78F25, D3894065DA2D08744863ECC5EE9027A0E39711A6A56AAB599F1CAF4BB996F42A ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
07:05:14.0062 0x0b3c  IntuitUpdateService - ok
07:05:14.0109 0x0b3c  [ 0895CDD7F1542FFCC5BBB560EC78BC16, 383D9FFE7FB313EA201DE877F3D48B5116FFA261EDEF5D0D0FE79F14E9682D25 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
07:05:14.0109 0x0b3c  IntuitUpdateServiceV4 - ok
07:05:14.0140 0x0b3c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
07:05:14.0140 0x0b3c  IPBusEnum - ok
07:05:14.0172 0x0b3c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:05:14.0172 0x0b3c  IpFilterDriver - ok
07:05:14.0218 0x0b3c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
07:05:14.0234 0x0b3c  iphlpsvc - ok
07:05:14.0281 0x0b3c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
07:05:14.0281 0x0b3c  IPMIDRV - ok
07:05:14.0296 0x0b3c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
07:05:14.0296 0x0b3c  IPNAT - ok
07:05:14.0343 0x0b3c  [ 68A5EDD4843CF0033BAE537C9C495F69, 386C66A6562218D0F0A616D75457CDA4B82DB87DC3DA83935497819963DB6D86 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
07:05:14.0359 0x0b3c  iPod Service - ok
07:05:14.0406 0x0b3c  [ 02DEF37AB75E0032C50724646F708DE8, 1504041F6751A93F7AA0C8FDE287DD7500D85CC93B1969D0EFC82C023F69AA6C ] iPodDrv         C:\Windows\system32\drivers\iPodDrv.sys
07:05:14.0406 0x0b3c  iPodDrv - ok
07:05:14.0421 0x0b3c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
07:05:14.0421 0x0b3c  IRENUM - ok
07:05:14.0437 0x0b3c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
07:05:14.0437 0x0b3c  isapnp - ok
07:05:14.0468 0x0b3c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
07:05:14.0484 0x0b3c  iScsiPrt - ok
07:05:14.0499 0x0b3c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
07:05:14.0499 0x0b3c  kbdclass - ok
07:05:14.0515 0x0b3c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
07:05:14.0515 0x0b3c  kbdhid - ok
07:05:14.0530 0x0b3c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
07:05:14.0530 0x0b3c  KeyIso - ok
07:05:14.0546 0x0b3c  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
07:05:14.0562 0x0b3c  KSecDD - ok
07:05:14.0577 0x0b3c  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
07:05:14.0577 0x0b3c  KSecPkg - ok
07:05:14.0593 0x0b3c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
07:05:14.0593 0x0b3c  ksthunk - ok
07:05:14.0624 0x0b3c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
07:05:14.0624 0x0b3c  KtmRm - ok
07:05:14.0671 0x0b3c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
07:05:14.0686 0x0b3c  LanmanServer - ok
07:05:14.0718 0x0b3c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:05:14.0718 0x0b3c  LanmanWorkstation - ok
07:05:14.0842 0x0b3c  [ 7772DFAB22611050B79504E671B06E6E, 331FE235EDBCF48EE96A5A9D5D0560457CD85FA3FD7BEACD3700055F815D9F13 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
07:05:14.0842 0x0b3c  LBTServ - ok
07:05:14.0889 0x0b3c  [ 241F2648ADF090E2A10095BD6D6F5DCB, D31F50F7A70A62E3CA45071F75C56FFA21464BFAF4CA4A3AD2482D7477D78D4E ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
07:05:14.0889 0x0b3c  LHidFilt - ok
07:05:14.0936 0x0b3c  [ 2238B91AC1A12CC6CC4C4FED41258B2A, 11DEBFAC8D6B23415928C635981E3378DE7C1F361F2B7A1390D86B0D782C22C6 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
07:05:14.0936 0x0b3c  LightScribeService - ok
07:05:14.0952 0x0b3c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
07:05:14.0967 0x0b3c  lltdio - ok
07:05:15.0014 0x0b3c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
07:05:15.0014 0x0b3c  lltdsvc - ok
07:05:15.0030 0x0b3c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
07:05:15.0030 0x0b3c  lmhosts - ok
07:05:15.0108 0x0b3c  [ 367B044CC3A056242D85F4D26975E6C3, EA989217E91377535A8AECF2C0C23F1A183493CAD1EDE9B19541A93FD9AE290A ] LMIGuardianSvc  C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
07:05:15.0108 0x0b3c  LMIGuardianSvc - ok
07:05:15.0123 0x0b3c  [ 342ED5A4B3326014438F36D22D803737, 45488402BD919D84729A19E618B3595D615EB1F73FB9BC77675A21E7DB80AB6C ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
07:05:15.0123 0x0b3c  LMouFilt - ok
07:05:15.0154 0x0b3c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
07:05:15.0154 0x0b3c  LSI_FC - ok
07:05:15.0170 0x0b3c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
07:05:15.0170 0x0b3c  LSI_SAS - ok
07:05:15.0186 0x0b3c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:05:15.0186 0x0b3c  LSI_SAS2 - ok
07:05:15.0186 0x0b3c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:05:15.0186 0x0b3c  LSI_SCSI - ok
07:05:15.0201 0x0b3c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
07:05:15.0201 0x0b3c  luafv - ok
07:05:15.0217 0x0b3c  [ 29C733E1DE824670DC9315CFC9BDBCD3, 8CFC987FEB174D91E415DEC89437D31D7AA5F6B7685641372EF26790E1444610 ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
07:05:15.0217 0x0b3c  LUsbFilt - ok
07:05:15.0326 0x0b3c  [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
07:05:15.0357 0x0b3c  MBAMScheduler - ok
07:05:15.0373 0x0b3c  [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
07:05:15.0373 0x0b3c  MBAMSwissArmy - ok
07:05:15.0404 0x0b3c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
07:05:15.0404 0x0b3c  Mcx2Svc - ok
07:05:15.0420 0x0b3c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
07:05:15.0420 0x0b3c  megasas - ok
07:05:15.0451 0x0b3c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
07:05:15.0451 0x0b3c  MegaSR - ok
07:05:15.0466 0x0b3c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
07:05:15.0466 0x0b3c  MMCSS - ok
07:05:15.0482 0x0b3c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
07:05:15.0482 0x0b3c  Modem - ok
07:05:15.0513 0x0b3c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
07:05:15.0513 0x0b3c  monitor - ok
07:05:15.0513 0x0b3c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
07:05:15.0513 0x0b3c  mouclass - ok
07:05:15.0544 0x0b3c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
07:05:15.0544 0x0b3c  mouhid - ok
07:05:15.0591 0x0b3c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
07:05:15.0591 0x0b3c  mountmgr - ok
07:05:15.0669 0x0b3c  [ FD5E45969B82B83E33CB05B5C9B0E3F2, A6C21F7A0A97683DA50FC102131618CC1BE5CA0C3625D2FDAF5861B9B6523E45 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:05:15.0669 0x0b3c  MozillaMaintenance - ok
07:05:15.0700 0x0b3c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
07:05:15.0700 0x0b3c  mpio - ok
07:05:15.0716 0x0b3c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
07:05:15.0716 0x0b3c  mpsdrv - ok
07:05:15.0778 0x0b3c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
07:05:15.0794 0x0b3c  MpsSvc - ok
07:05:15.0810 0x0b3c  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
07:05:15.0825 0x0b3c  MRxDAV - ok
07:05:15.0856 0x0b3c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
07:05:15.0856 0x0b3c  mrxsmb - ok
07:05:15.0888 0x0b3c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:05:15.0903 0x0b3c  mrxsmb10 - ok
07:05:15.0903 0x0b3c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:05:15.0903 0x0b3c  mrxsmb20 - ok
07:05:15.0934 0x0b3c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
07:05:15.0934 0x0b3c  msahci - ok
07:05:15.0966 0x0b3c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
07:05:15.0966 0x0b3c  msdsm - ok
07:05:15.0981 0x0b3c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
07:05:15.0997 0x0b3c  MSDTC - ok
07:05:16.0012 0x0b3c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
07:05:16.0012 0x0b3c  Msfs - ok
07:05:16.0044 0x0b3c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
07:05:16.0044 0x0b3c  mshidkmdf - ok
07:05:16.0059 0x0b3c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
07:05:16.0059 0x0b3c  msisadrv - ok
07:05:16.0090 0x0b3c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
07:05:16.0090 0x0b3c  MSiSCSI - ok
07:05:16.0090 0x0b3c  msiserver - ok
07:05:16.0122 0x0b3c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
07:05:16.0122 0x0b3c  MSKSSRV - ok
07:05:16.0153 0x0b3c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
07:05:16.0153 0x0b3c  MSPCLOCK - ok
07:05:16.0153 0x0b3c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
07:05:16.0153 0x0b3c  MSPQM - ok
07:05:16.0200 0x0b3c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
07:05:16.0200 0x0b3c  MsRPC - ok
07:05:16.0215 0x0b3c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
07:05:16.0215 0x0b3c  mssmbios - ok
07:05:16.0215 0x0b3c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
07:05:16.0215 0x0b3c  MSTEE - ok
07:05:16.0231 0x0b3c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
07:05:16.0231 0x0b3c  MTConfig - ok
07:05:16.0246 0x0b3c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
07:05:16.0246 0x0b3c  Mup - ok
07:05:16.0293 0x0b3c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
07:05:16.0293 0x0b3c  napagent - ok
07:05:16.0324 0x0b3c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
07:05:16.0340 0x0b3c  NativeWifiP - ok
07:05:16.0402 0x0b3c  [ 1BF9D6476061B31CD7FC2BF848529A56, 95B585543240E823D7850ADEEEA7A4738EF9E18A4B07D921F145F6EF466F0271 ] NAV             C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
07:05:16.0402 0x0b3c  NAV - ok
07:05:16.0512 0x0b3c  [ C180A82874D3CDC390A27F2F1E1AF025, 9F473661524D645D5C1D616BF2BEC2996DFAE9268B7CF280FCCBD19AA072E567 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20140921.020\ENG64.SYS
07:05:16.0512 0x0b3c  NAVENG - ok
07:05:16.0605 0x0b3c  [ E66CA6C321614D7BC0AFC9C8436131B9, BF732419D56E1B8AB3B11B19403087D4EDBF9108F0252ACBB561235040AB4436 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20140921.020\EX64.SYS
07:05:16.0652 0x0b3c  NAVEX15 - ok
07:05:16.0714 0x0b3c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
07:05:16.0730 0x0b3c  NDIS - ok
07:05:16.0761 0x0b3c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
07:05:16.0761 0x0b3c  NdisCap - ok
07:05:16.0777 0x0b3c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
07:05:16.0777 0x0b3c  NdisTapi - ok
07:05:16.0808 0x0b3c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
07:05:16.0808 0x0b3c  Ndisuio - ok
07:05:16.0839 0x0b3c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
07:05:16.0855 0x0b3c  NdisWan - ok
07:05:16.0870 0x0b3c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
07:05:16.0870 0x0b3c  NDProxy - ok
07:05:16.0933 0x0b3c  [ B90E093E7A7250906F1054418B5339C0, F9A0BAC5B4B29F14B5CACA1047F8928A495EFD56E485492BF71C856B296476D6 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
07:05:16.0948 0x0b3c  Nero BackItUp Scheduler 4.0 - ok
07:05:16.0995 0x0b3c  [ 2C723E42FC8D7B0209492828F921FB50, 2ECF9F4D91F317432FB5A6D01D8271BB7E2A5B8A6CA9EF2F2036890D2B072E52 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
07:05:16.0995 0x0b3c  Net Driver HPZ12 - ok
07:05:17.0011 0x0b3c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
07:05:17.0011 0x0b3c  NetBIOS - ok
07:05:17.0058 0x0b3c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
07:05:17.0058 0x0b3c  NetBT - ok
07:05:17.0089 0x0b3c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
07:05:17.0089 0x0b3c  Netlogon - ok
07:05:17.0136 0x0b3c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
07:05:17.0136 0x0b3c  Netman - ok
07:05:17.0182 0x0b3c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:05:17.0182 0x0b3c  NetMsmqActivator - ok
07:05:17.0182 0x0b3c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:05:17.0198 0x0b3c  NetPipeActivator - ok
07:05:17.0214 0x0b3c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
07:05:17.0229 0x0b3c  netprofm - ok
07:05:17.0229 0x0b3c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:05:17.0229 0x0b3c  NetTcpActivator - ok
07:05:17.0245 0x0b3c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:05:17.0245 0x0b3c  NetTcpPortSharing - ok
07:05:17.0260 0x0b3c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
07:05:17.0260 0x0b3c  nfrd960 - ok
07:05:17.0276 0x0b3c  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
07:05:17.0292 0x0b3c  NlaSvc - ok
07:05:17.0292 0x0b3c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
07:05:17.0292 0x0b3c  Npfs - ok
07:05:17.0307 0x0b3c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
07:05:17.0307 0x0b3c  nsi - ok
07:05:17.0323 0x0b3c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
07:05:17.0323 0x0b3c  nsiproxy - ok
07:05:17.0401 0x0b3c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
07:05:17.0432 0x0b3c  Ntfs - ok
07:05:17.0448 0x0b3c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
07:05:17.0448 0x0b3c  Null - ok
07:05:17.0494 0x0b3c  [ B4F53BCA4C688FF47F04FA90098F896E, 6051CFC0CFE659A2C4CFC1029F19CF1B1B98A1A5E59C2B3A10D7B3407A7FA5C0 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
07:05:17.0494 0x0b3c  NVHDA - ok
07:05:17.0838 0x0b3c  [ 4EE399576F76D38C04745DB739BBC8C7, 7D7FB6013D5D3EE1908F37188AA440EE6EF80A432204EB59AE190ACD14CD1FE0 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:05:18.0025 0x0b3c  nvlddmkm - ok
07:05:18.0072 0x0b3c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
07:05:18.0072 0x0b3c  nvraid - ok
07:05:18.0087 0x0b3c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
07:05:18.0087 0x0b3c  nvstor - ok
07:05:18.0118 0x0b3c  [ 7335C3D78A7746D76D37F6722CC4A466, 18BDD51AB0EB4084E1DA2F27B8D4FCF488ED9161C034BB3CDFF5BE33F84C1D37 ] nvsvc           C:\Windows\system32\nvvsvc.exe
07:05:18.0150 0x0b3c  nvsvc - ok
07:05:18.0228 0x0b3c  [ B7C53DA1C73FF39F4A6248643EFD979A, 528C4984F09F66D4CBA5A9B7C78FBAA04E558309B0D66EB1C29AD2B30D9993F7 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
07:05:18.0259 0x0b3c  nvUpdatusService - ok
07:05:18.0321 0x0b3c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
07:05:18.0321 0x0b3c  nv_agp - ok
07:05:18.0384 0x0b3c  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:05:18.0399 0x0b3c  odserv - ok
07:05:18.0430 0x0b3c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
07:05:18.0430 0x0b3c  ohci1394 - ok
07:05:18.0462 0x0b3c  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:05:18.0462 0x0b3c  ose - ok
07:05:18.0493 0x0b3c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
07:05:18.0493 0x0b3c  p2pimsvc - ok
07:05:18.0524 0x0b3c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
07:05:18.0524 0x0b3c  p2psvc - ok
07:05:18.0540 0x0b3c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
07:05:18.0540 0x0b3c  Parport - ok
07:05:18.0571 0x0b3c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
07:05:18.0571 0x0b3c  partmgr - ok
07:05:18.0586 0x0b3c  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
07:05:18.0602 0x0b3c  PcaSvc - ok
07:05:18.0633 0x0b3c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
07:05:18.0633 0x0b3c  pci - ok
07:05:18.0680 0x0b3c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
07:05:18.0680 0x0b3c  pciide - ok
07:05:18.0696 0x0b3c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
07:05:18.0696 0x0b3c  pcmcia - ok
07:05:18.0711 0x0b3c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
07:05:18.0711 0x0b3c  pcw - ok
07:05:18.0758 0x0b3c  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
07:05:18.0758 0x0b3c  PEAUTH - ok
07:05:18.0820 0x0b3c  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
07:05:18.0852 0x0b3c  PeerDistSvc - ok
07:05:18.0914 0x0b3c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
07:05:18.0914 0x0b3c  PerfHost - ok
07:05:18.0976 0x0b3c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
07:05:19.0008 0x0b3c  pla - ok
07:05:19.0054 0x0b3c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
07:05:19.0070 0x0b3c  PlugPlay - ok
07:05:19.0101 0x0b3c  [ 171E6D91A20AAC8D02172A64E82CE90B, 0D51F00D6C0376CD12893620E0A15E687263048CFE20E953F6BB4B7D6CDC3F50 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
07:05:19.0101 0x0b3c  Pml Driver HPZ12 - ok
07:05:19.0117 0x0b3c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
07:05:19.0117 0x0b3c  PNRPAutoReg - ok
07:05:19.0132 0x0b3c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
07:05:19.0132 0x0b3c  PNRPsvc - ok
07:05:19.0164 0x0b3c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
07:05:19.0164 0x0b3c  PolicyAgent - ok
07:05:19.0195 0x0b3c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
07:05:19.0195 0x0b3c  Power - ok
07:05:19.0242 0x0b3c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
07:05:19.0242 0x0b3c  PptpMiniport - ok
07:05:19.0257 0x0b3c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
07:05:19.0257 0x0b3c  Processor - ok
07:05:19.0288 0x0b3c  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
07:05:19.0288 0x0b3c  ProfSvc - ok
07:05:19.0304 0x0b3c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:05:19.0304 0x0b3c  ProtectedStorage - ok
07:05:19.0351 0x0b3c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
07:05:19.0351 0x0b3c  Psched - ok
07:05:19.0398 0x0b3c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
07:05:19.0429 0x0b3c  ql2300 - ok
07:05:19.0444 0x0b3c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
07:05:19.0444 0x0b3c  ql40xx - ok
07:05:19.0460 0x0b3c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
07:05:19.0476 0x0b3c  QWAVE - ok
07:05:19.0491 0x0b3c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
07:05:19.0491 0x0b3c  QWAVEdrv - ok
07:05:19.0507 0x0b3c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
07:05:19.0507 0x0b3c  RasAcd - ok
07:05:19.0522 0x0b3c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
07:05:19.0522 0x0b3c  RasAgileVpn - ok
07:05:19.0538 0x0b3c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
07:05:19.0538 0x0b3c  RasAuto - ok
07:05:19.0554 0x0b3c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
07:05:19.0554 0x0b3c  Rasl2tp - ok
07:05:19.0585 0x0b3c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
07:05:19.0585 0x0b3c  RasMan - ok
07:05:19.0600 0x0b3c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
07:05:19.0600 0x0b3c  RasPppoe - ok
07:05:19.0616 0x0b3c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
07:05:19.0616 0x0b3c  RasSstp - ok
07:05:19.0663 0x0b3c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
07:05:19.0663 0x0b3c  rdbss - ok
07:05:19.0678 0x0b3c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
07:05:19.0678 0x0b3c  rdpbus - ok
07:05:19.0694 0x0b3c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
07:05:19.0694 0x0b3c  RDPCDD - ok
07:05:19.0725 0x0b3c  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
07:05:19.0725 0x0b3c  RDPDR - ok
07:05:19.0741 0x0b3c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
07:05:19.0756 0x0b3c  RDPENCDD - ok
07:05:19.0756 0x0b3c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
07:05:19.0756 0x0b3c  RDPREFMP - ok
07:05:19.0819 0x0b3c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
07:05:19.0819 0x0b3c  RdpVideoMiniport - ok
07:05:19.0850 0x0b3c  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
07:05:19.0850 0x0b3c  RDPWD - ok
07:05:19.0897 0x0b3c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
07:05:19.0897 0x0b3c  rdyboost - ok
07:05:19.0928 0x0b3c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
07:05:19.0928 0x0b3c  RemoteAccess - ok
07:05:19.0944 0x0b3c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
07:05:19.0944 0x0b3c  RemoteRegistry - ok
07:05:19.0959 0x0b3c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
07:05:19.0959 0x0b3c  RpcEptMapper - ok
07:05:19.0990 0x0b3c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
07:05:19.0990 0x0b3c  RpcLocator - ok
07:05:20.0037 0x0b3c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
07:05:20.0037 0x0b3c  RpcSs - ok
07:05:20.0068 0x0b3c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
07:05:20.0068 0x0b3c  rspndr - ok
07:05:20.0100 0x0b3c  [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
07:05:20.0115 0x0b3c  RTL8167 - ok
07:05:20.0146 0x0b3c  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
07:05:20.0146 0x0b3c  s3cap - ok
07:05:20.0162 0x0b3c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
07:05:20.0162 0x0b3c  SamSs - ok
07:05:20.0287 0x0b3c  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
07:05:20.0287 0x0b3c  SASDIFSV - ok
07:05:20.0318 0x0b3c  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
07:05:20.0334 0x0b3c  SASKUTIL - ok
07:05:20.0365 0x0b3c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
07:05:20.0365 0x0b3c  sbp2port - ok
07:05:20.0380 0x0b3c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
07:05:20.0380 0x0b3c  SCardSvr - ok
07:05:20.0412 0x0b3c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
07:05:20.0412 0x0b3c  scfilter - ok
07:05:20.0474 0x0b3c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
07:05:20.0490 0x0b3c  Schedule - ok
07:05:20.0521 0x0b3c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
07:05:20.0521 0x0b3c  SCPolicySvc - ok
07:05:20.0536 0x0b3c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
07:05:20.0552 0x0b3c  SDRSVC - ok
07:05:20.0646 0x0b3c  [ 95AA9E165C7DE1B64A11E8B18E91E499, 505BB51F358EAE5835071A89069530DFDA99E9C5220EA6A648842C15E74E4907 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
07:05:20.0677 0x0b3c  SDScannerService - ok
07:05:20.0739 0x0b3c  [ D31398D4BB4907B517B6E784C2100C4A, 36BDB2BFAC2C0ADF8C6DF6D1511ECF43C8F6ED7D4D76244DC5232AD97BA5E9C9 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
07:05:20.0755 0x0b3c  SDUpdateService - ok
07:05:20.0802 0x0b3c  [ 6AE8E702D1027A9627DDE2B77BB9992B, 5EA68E2A487D252A68DB0861E7FAFA69956D266CBAA5A1D77751F7E6BD4169B7 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
07:05:20.0802 0x0b3c  SDWSCService - ok
07:05:20.0833 0x0b3c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
07:05:20.0833 0x0b3c  secdrv - ok
07:05:20.0848 0x0b3c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
07:05:20.0848 0x0b3c  seclogon - ok
07:05:20.0848 0x0b3c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
07:05:20.0848 0x0b3c  SENS - ok
07:05:20.0880 0x0b3c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
07:05:20.0880 0x0b3c  SensrSvc - ok
07:05:20.0895 0x0b3c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
07:05:20.0895 0x0b3c  Serenum - ok
07:05:20.0911 0x0b3c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
07:05:20.0926 0x0b3c  Serial - ok
07:05:20.0958 0x0b3c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
07:05:20.0958 0x0b3c  sermouse - ok
07:05:21.0004 0x0b3c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
07:05:21.0004 0x0b3c  SessionEnv - ok
07:05:21.0036 0x0b3c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
07:05:21.0036 0x0b3c  sffdisk - ok
07:05:21.0051 0x0b3c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
07:05:21.0051 0x0b3c  sffp_mmc - ok
07:05:21.0067 0x0b3c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
07:05:21.0067 0x0b3c  sffp_sd - ok
07:05:21.0067 0x0b3c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
07:05:21.0082 0x0b3c  sfloppy - ok
07:05:21.0114 0x0b3c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
07:05:21.0129 0x0b3c  SharedAccess - ok
07:05:21.0145 0x0b3c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:05:21.0160 0x0b3c  ShellHWDetection - ok
07:05:21.0176 0x0b3c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:05:21.0176 0x0b3c  SiSRaid2 - ok
07:05:21.0192 0x0b3c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
07:05:21.0192 0x0b3c  SiSRaid4 - ok
07:05:21.0254 0x0b3c  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
07:05:21.0254 0x0b3c  SkypeUpdate - ok
07:05:21.0285 0x0b3c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
07:05:21.0285 0x0b3c  Smb - ok
07:05:21.0332 0x0b3c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
07:05:21.0332 0x0b3c  SNMPTRAP - ok
07:05:21.0348 0x0b3c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
07:05:21.0348 0x0b3c  spldr - ok
07:05:21.0394 0x0b3c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
07:05:21.0394 0x0b3c  Spooler - ok
07:05:21.0519 0x0b3c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
07:05:21.0582 0x0b3c  sppsvc - ok
07:05:21.0613 0x0b3c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
07:05:21.0613 0x0b3c  sppuinotify - ok
07:05:21.0660 0x0b3c  sprtlisten - ok
07:05:21.0738 0x0b3c  [ 2FD9346F9D76CB4192D37329CFA47A82, 4CD75B4006147D469116F3CBC10528928A592510DA8037D709CB198D89853CAB ] SRTSP           C:\Windows\System32\Drivers\NAVx64\1404000.028\SRTSP64.SYS
07:05:21.0753 0x0b3c  SRTSP - ok
07:05:21.0769 0x0b3c  [ 0E76CEF892C45734F7AED09FDDF35D4D, C25AF31E411AC3A090859C883132B9AE6A80C8D791168FF219BC0895E35A0359 ] SRTSPX          C:\Windows\system32\drivers\NAVx64\1404000.028\SRTSPX64.SYS
07:05:21.0769 0x0b3c  SRTSPX - ok
07:05:21.0816 0x0b3c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
07:05:21.0831 0x0b3c  srv - ok
07:05:21.0862 0x0b3c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
07:05:21.0878 0x0b3c  srv2 - ok
07:05:21.0894 0x0b3c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
07:05:21.0894 0x0b3c  srvnet - ok
07:05:21.0909 0x0b3c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
07:05:21.0909 0x0b3c  SSDPSRV - ok
07:05:21.0925 0x0b3c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
07:05:21.0925 0x0b3c  SstpSvc - ok
07:05:21.0972 0x0b3c  [ BC76D75A372BC02831A6A6AEA66510F8, 98EABF22D16E5326CE4FD4B7092E7A6BD52118698792D98A25C477ACCFDE7FF6 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
07:05:21.0987 0x0b3c  Steam Client Service - ok
07:05:22.0081 0x0b3c  [ 81F177C1954453AF407604160BD149CB, D6B05F7E399690233C71C1E4B88F95D566BC6A14D145715A8A8C0FFD591147F0 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
07:05:22.0081 0x0b3c  Stereo Service - ok
07:05:22.0112 0x0b3c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
07:05:22.0112 0x0b3c  stexstor - ok
07:05:22.0174 0x0b3c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
07:05:22.0174 0x0b3c  stisvc - ok
07:05:22.0206 0x0b3c  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
07:05:22.0221 0x0b3c  storflt - ok
07:05:22.0237 0x0b3c  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
07:05:22.0237 0x0b3c  StorSvc - ok
07:05:22.0268 0x0b3c  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
07:05:22.0268 0x0b3c  storvsc - ok
07:05:22.0299 0x0b3c  [ 2E5586392CDFBD1D73BADB20E9ED6386, 8C296A4EB50750D5CC59C8B96034017AD957F8BE09153196778A519F061876EA ] SupportSoft RemoteAssist C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe
07:05:22.0315 0x0b3c  SupportSoft RemoteAssist - ok
07:05:22.0330 0x0b3c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
07:05:22.0330 0x0b3c  swenum - ok
07:05:22.0362 0x0b3c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
07:05:22.0377 0x0b3c  swprv - ok
07:05:22.0440 0x0b3c  [ 52DC0048D667757A8A2E4C87182890AC, 7B43DF6DADFDDBBC5402477FE832052ADB6A39B90111CDA89B5E01CE900F55C5 ] SymDS           C:\Windows\system32\drivers\NAVx64\1404000.028\SYMDS64.SYS
07:05:22.0440 0x0b3c  SymDS - ok
07:05:22.0502 0x0b3c  [ 599872BAD7CFB45C7CE47CDED4B726D8, 5B15B1B22C3ACA1BC56CAFCAFFC2E974C75C77C0AB7355FBA91F2147C0911499 ] SymEFA          C:\Windows\system32\drivers\NAVx64\1404000.028\SYMEFA64.SYS
07:05:22.0518 0x0b3c  SymEFA - ok
07:05:22.0564 0x0b3c  [ F19E5E37ED8134B9E5F6287F2D3A75D7, 5804D6DF529213CCF7CD2C345483940554CAA5C6EA065A1B09AA54D114C612F8 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
07:05:22.0580 0x0b3c  SymEvent - ok
07:05:22.0627 0x0b3c  [ ADF37F1A715D6C56C8E065FD8569A9A4, 33E895CB326F62D4D22E345563B0641EB88D23B2104A07E8CEBE5ED150882767 ] SymIRON         C:\Windows\system32\drivers\NAVx64\1404000.028\Ironx64.SYS
07:05:22.0627 0x0b3c  SymIRON - ok
07:05:22.0642 0x0b3c  [ 9CDCA70485BD6B9D230365F67C31F132, 137995F1F0124E3A10AAA25551F811602BB5FE8361AE8CBA899C6B98486F4CF3 ] SymNetS         C:\Windows\System32\Drivers\NAVx64\1404000.028\SYMNETS.SYS
07:05:22.0658 0x0b3c  SymNetS - ok
07:05:22.0720 0x0b3c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
07:05:22.0752 0x0b3c  SysMain - ok
07:05:22.0783 0x0b3c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:05:22.0798 0x0b3c  TabletInputService - ok
07:05:22.0845 0x0b3c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
07:05:22.0845 0x0b3c  TapiSrv - ok
07:05:22.0892 0x0b3c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
07:05:22.0892 0x0b3c  TBS - ok
07:05:23.0017 0x0b3c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
07:05:23.0048 0x0b3c  Tcpip - ok
07:05:23.0126 0x0b3c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
07:05:23.0157 0x0b3c  TCPIP6 - ok
07:05:23.0188 0x0b3c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
07:05:23.0188 0x0b3c  tcpipreg - ok
07:05:23.0204 0x0b3c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
07:05:23.0220 0x0b3c  TDPIPE - ok
07:05:23.0235 0x0b3c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
07:05:23.0235 0x0b3c  TDTCP - ok
07:05:23.0251 0x0b3c  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
07:05:23.0251 0x0b3c  tdx - ok
07:05:23.0282 0x0b3c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
07:05:23.0282 0x0b3c  TermDD - ok
07:05:23.0329 0x0b3c  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
07:05:23.0344 0x0b3c  TermService - ok
07:05:23.0344 0x0b3c  TfFsMon - ok
07:05:23.0344 0x0b3c  TfNetMon - ok
07:05:23.0360 0x0b3c  TFSysMon - ok
07:05:23.0391 0x0b3c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
07:05:23.0391 0x0b3c  Themes - ok
07:05:23.0407 0x0b3c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
07:05:23.0407 0x0b3c  THREADORDER - ok
07:05:23.0438 0x0b3c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
07:05:23.0438 0x0b3c  TrkWks - ok
07:05:23.0469 0x0b3c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:05:23.0485 0x0b3c  TrustedInstaller - ok
07:05:23.0516 0x0b3c  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
07:05:23.0516 0x0b3c  tssecsrv - ok
07:05:23.0547 0x0b3c  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
07:05:23.0547 0x0b3c  TsUsbFlt - ok
07:05:23.0594 0x0b3c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
07:05:23.0594 0x0b3c  tunnel - ok
07:05:23.0610 0x0b3c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
07:05:23.0610 0x0b3c  uagp35 - ok
07:05:23.0641 0x0b3c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
07:05:23.0656 0x0b3c  udfs - ok
07:05:23.0672 0x0b3c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
07:05:23.0672 0x0b3c  UI0Detect - ok
07:05:23.0703 0x0b3c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
07:05:23.0703 0x0b3c  uliagpkx - ok
07:05:23.0734 0x0b3c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
07:05:23.0734 0x0b3c  umbus - ok
07:05:23.0750 0x0b3c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
07:05:23.0750 0x0b3c  UmPass - ok
07:05:23.0766 0x0b3c  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
07:05:23.0781 0x0b3c  UmRdpService - ok
07:05:23.0797 0x0b3c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
07:05:23.0812 0x0b3c  upnphost - ok
07:05:23.0828 0x0b3c  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
07:05:23.0844 0x0b3c  USBAAPL64 - ok
07:05:23.0890 0x0b3c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
07:05:23.0890 0x0b3c  usbaudio - ok
07:05:23.0922 0x0b3c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
07:05:23.0922 0x0b3c  usbccgp - ok
07:05:23.0937 0x0b3c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
07:05:23.0953 0x0b3c  usbcir - ok
07:05:23.0968 0x0b3c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
07:05:23.0968 0x0b3c  usbehci - ok
07:05:24.0000 0x0b3c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
07:05:24.0000 0x0b3c  usbhub - ok
07:05:24.0031 0x0b3c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
07:05:24.0031 0x0b3c  usbohci - ok
07:05:24.0046 0x0b3c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
07:05:24.0046 0x0b3c  usbprint - ok
07:05:24.0093 0x0b3c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:05:24.0093 0x0b3c  USBSTOR - ok
07:05:24.0109 0x0b3c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
07:05:24.0109 0x0b3c  usbuhci - ok
07:05:24.0140 0x0b3c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
07:05:24.0140 0x0b3c  UxSms - ok
07:05:24.0140 0x0b3c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
07:05:24.0156 0x0b3c  VaultSvc - ok
07:05:24.0187 0x0b3c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
07:05:24.0187 0x0b3c  vdrvroot - ok
07:05:24.0234 0x0b3c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
07:05:24.0234 0x0b3c  vds - ok
07:05:24.0249 0x0b3c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
07:05:24.0249 0x0b3c  vga - ok
07:05:24.0265 0x0b3c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
07:05:24.0265 0x0b3c  VgaSave - ok
07:05:24.0296 0x0b3c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
07:05:24.0312 0x0b3c  vhdmp - ok
07:05:24.0343 0x0b3c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
07:05:24.0343 0x0b3c  viaide - ok
07:05:24.0358 0x0b3c  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
07:05:24.0358 0x0b3c  vmbus - ok
07:05:24.0374 0x0b3c  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
07:05:24.0374 0x0b3c  VMBusHID - ok
07:05:24.0390 0x0b3c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
07:05:24.0390 0x0b3c  volmgr - ok
07:05:24.0436 0x0b3c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
07:05:24.0452 0x0b3c  volmgrx - ok
07:05:24.0468 0x0b3c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
07:05:24.0468 0x0b3c  volsnap - ok
07:05:24.0483 0x0b3c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
07:05:24.0499 0x0b3c  vsmraid - ok
07:05:24.0561 0x0b3c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
07:05:24.0592 0x0b3c  VSS - ok
07:05:24.0608 0x0b3c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
07:05:24.0608 0x0b3c  vwifibus - ok
07:05:24.0655 0x0b3c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
07:05:24.0655 0x0b3c  W32Time - ok
07:05:24.0670 0x0b3c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
07:05:24.0670 0x0b3c  WacomPen - ok
07:05:24.0686 0x0b3c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
07:05:24.0686 0x0b3c  WANARP - ok
07:05:24.0702 0x0b3c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
07:05:24.0702 0x0b3c  Wanarpv6 - ok
07:05:24.0780 0x0b3c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
07:05:24.0795 0x0b3c  WatAdminSvc - ok
07:05:24.0858 0x0b3c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
07:05:24.0889 0x0b3c  wbengine - ok
07:05:24.0904 0x0b3c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
07:05:24.0920 0x0b3c  WbioSrvc - ok
07:05:24.0936 0x0b3c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
07:05:24.0951 0x0b3c  wcncsvc - ok
07:05:24.0967 0x0b3c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:05:24.0967 0x0b3c  WcsPlugInService - ok
07:05:24.0982 0x0b3c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
07:05:24.0982 0x0b3c  Wd - ok
07:05:25.0029 0x0b3c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
07:05:25.0045 0x0b3c  Wdf01000 - ok
07:05:25.0060 0x0b3c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
07:05:25.0060 0x0b3c  WdiServiceHost - ok
07:05:25.0060 0x0b3c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
07:05:25.0060 0x0b3c  WdiSystemHost - ok
07:05:25.0092 0x0b3c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
07:05:25.0092 0x0b3c  WebClient - ok
07:05:25.0123 0x0b3c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
07:05:25.0138 0x0b3c  Wecsvc - ok
07:05:25.0154 0x0b3c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
07:05:25.0154 0x0b3c  wercplsupport - ok
07:05:25.0170 0x0b3c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
07:05:25.0170 0x0b3c  WerSvc - ok
07:05:25.0185 0x0b3c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
07:05:25.0185 0x0b3c  WfpLwf - ok
07:05:25.0201 0x0b3c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
07:05:25.0201 0x0b3c  WIMMount - ok
07:05:25.0216 0x0b3c  WinDefend - ok
07:05:25.0248 0x0b3c  WinHttpAutoProxySvc - ok
07:05:25.0279 0x0b3c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
07:05:25.0294 0x0b3c  Winmgmt - ok
07:05:25.0404 0x0b3c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
07:05:25.0450 0x0b3c  WinRM - ok
07:05:25.0466 0x0b3c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
07:05:25.0466 0x0b3c  WinUsb - ok
07:05:25.0513 0x0b3c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
07:05:25.0528 0x0b3c  Wlansvc - ok
07:05:25.0560 0x0b3c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
07:05:25.0560 0x0b3c  WmiAcpi - ok
07:05:25.0575 0x0b3c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
07:05:25.0575 0x0b3c  wmiApSrv - ok
07:05:25.0591 0x0b3c  WMPNetworkSvc - ok
07:05:25.0606 0x0b3c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
07:05:25.0606 0x0b3c  WPCSvc - ok
07:05:25.0638 0x0b3c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
07:05:25.0653 0x0b3c  WPDBusEnum - ok
07:05:25.0669 0x0b3c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
07:05:25.0669 0x0b3c  ws2ifsl - ok
07:05:25.0684 0x0b3c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
07:05:25.0684 0x0b3c  wscsvc - ok
07:05:25.0684 0x0b3c  WSearch - ok
07:05:25.0794 0x0b3c  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
07:05:25.0840 0x0b3c  wuauserv - ok
07:05:25.0872 0x0b3c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
07:05:25.0872 0x0b3c  WudfPf - ok
07:05:25.0887 0x0b3c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
07:05:25.0887 0x0b3c  WUDFRd - ok
07:05:25.0903 0x0b3c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
07:05:25.0903 0x0b3c  wudfsvc - ok
07:05:25.0934 0x0b3c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
07:05:25.0950 0x0b3c  WwanSvc - ok
07:05:25.0965 0x0b3c  ================ Scan global ===============================
07:05:25.0981 0x0b3c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
07:05:26.0028 0x0b3c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
07:05:26.0043 0x0b3c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
07:05:26.0074 0x0b3c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
07:05:26.0090 0x0b3c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
07:05:26.0106 0x0b3c  [ Global ] - ok
07:05:26.0106 0x0b3c  ================ Scan MBR ==================================
07:05:26.0106 0x0b3c  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
07:05:26.0106 0x0b3c  \Device\Harddisk1\DR1 - ok
07:05:26.0121 0x0b3c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:05:26.0246 0x0b3c  \Device\Harddisk0\DR0 - ok
07:05:26.0262 0x0b3c  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
07:05:26.0262 0x0b3c  \Device\Harddisk2\DR2 - ok
07:05:26.0262 0x0b3c  ================ Scan VBR ==================================
07:05:26.0262 0x0b3c  [ 4A73CC0C11989CED9304288D7040A5FF ] \Device\Harddisk1\DR1\Partition1
07:05:26.0262 0x0b3c  \Device\Harddisk1\DR1\Partition1 - ok
07:05:26.0262 0x0b3c  [ 0DAD8EE4F83923159012FF696E89C4A6 ] \Device\Harddisk1\DR1\Partition2
07:05:26.0277 0x0b3c  \Device\Harddisk1\DR1\Partition2 - ok
07:05:26.0277 0x0b3c  [ 4AD160F403C9FC1DC1536B8EDC3986BC ] \Device\Harddisk1\DR1\Partition3
07:05:26.0277 0x0b3c  \Device\Harddisk1\DR1\Partition3 - ok
07:05:26.0277 0x0b3c  [ 9F280C34BD45013DCE6BA9FF0635FDB1 ] \Device\Harddisk0\DR0\Partition1
07:05:26.0277 0x0b3c  \Device\Harddisk0\DR0\Partition1 - ok
07:05:26.0293 0x0b3c  [ 16175610B8B0D12A14E8138C2FA50FF5 ] \Device\Harddisk0\DR0\Partition2
07:05:26.0293 0x0b3c  \Device\Harddisk0\DR0\Partition2 - ok
07:05:26.0293 0x0b3c  [ 9FF4F8D96C012E7ADA63EC6F4F5291E3 ] \Device\Harddisk2\DR2\Partition1
07:05:26.0340 0x0b3c  \Device\Harddisk2\DR2\Partition1 - ok
07:05:26.0340 0x0b3c  ================ Scan generic autorun ======================
07:05:26.0542 0x0b3c  [ 4B0A41F99E324F159117B1EF4FEEFE4C, 143941A4137751C2ADF8F1405F816BE693964F3C52C20AD0AC0198210657BBB5 ] C:\Program Files (x86)\cardicon\iconcs50611310.exe
07:05:26.0730 0x0b3c  USBestCR - ok
07:05:26.0854 0x0b3c  [ DF72D700CC33611206675B8A2FD4D4F9, AB3AF6FD92140A1432FEAFFF2015CFAD5E9362F0018EA1D859A2DA349E95847D ] C:\Program Files\Logitech\SetPointP\SetPoint.exe
07:05:26.0886 0x0b3c  EvtMgr6 - ok
07:05:27.0291 0x0b3c  [ 834A309C2FDF52FC09353F348CFE1235, FF8D5B0C4D8DEF3B313E11B01D6A2A29758E8721EF2EC0AAC2DB3C9AAF399276 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
07:05:27.0603 0x0b3c  RTHDVCPL - ok
07:05:27.0619 0x0b3c  QwestTouchPointAgent - ok
07:05:27.0681 0x0b3c  [ 3FBBF6092C4EF5F50302707063E853EF, 70BF8FCDE0A793A66ACB65FA8C2B8C5872C3167DA95D6232A2520628F3768913 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
07:05:27.0681 0x0b3c  AppleSyncNotifier - ok
07:05:27.0712 0x0b3c  [ 2BC2FB9F702B62E2BDA8ACF8870F0822, A6A8371932F7825E904142AC251FA97299A945CDCA2394DA517E2FFDCD2F0146 ] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe
07:05:27.0712 0x0b3c  CarboniteSetupLite - ok
07:05:27.0744 0x0b3c  [ 473E323057CF9893D7E8C1E2D0CCED23, 30181735805B6F61DE0BD004DB53235F560FC21C7BEE7913B6AA56D2AA2ECBB6 ] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
07:05:27.0744 0x0b3c  MaxMenuMgr - ok
07:05:27.0946 0x0b3c  [ 4B0A41F99E324F159117B1EF4FEEFE4C, 143941A4137751C2ADF8F1405F816BE693964F3C52C20AD0AC0198210657BBB5 ] C:\Program Files (x86)\cardicon\iconcs50611310.exe
07:05:28.0071 0x0b3c  USBestCR - ok
07:05:28.0165 0x0b3c  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
07:05:28.0180 0x0b3c  Adobe ARM - ok
07:05:28.0243 0x0b3c  [ 545676F48851A5C65A38CAE5B5518C95, F7CD893B8198AA22347CB96A61C258217FA0A1B1CC1733784B5FD84A7B208264 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
07:05:28.0243 0x0b3c  APSDaemon - ok
07:05:28.0352 0x0b3c  [ 09E9425AD8C61664A37ED84B8B58BDCF, CCDB11BA663E9751315A9A164225621BFB20170977AFE2B5543BF49D90DDF002 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
07:05:28.0414 0x0b3c  SDTray - ok
07:05:28.0414 0x0b3c  CenturyLinkTouchPointAgent - ok
07:05:28.0492 0x0b3c  [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files (x86)\QuickTime\QTTask.exe
07:05:28.0508 0x0b3c  QuickTime Task - ok
07:05:28.0570 0x0b3c  [ 308F2EE28005510DE616409148CF077B, A2126CB185B0053086BDD6F0A16A503F6CA629AC677E4B7AE6D43C770061D087 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
07:05:28.0586 0x0b3c  SunJavaUpdateSched - ok
07:05:28.0633 0x0b3c  [ 3B5045DDD039FAB9782851BC486FD92B, 12C59F9E79EB37F26FE0805585EA6B0DAFB41FB8A4FAE972774BC8E3815A1673 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
07:05:28.0633 0x0b3c  iTunesHelper - ok
07:05:28.0773 0x0b3c  [ 8BD1E47690E0A8185F95D564F005C337, F48684B087634E4CB228309706B76CDE41910AAD15E04EC78FE2CD639F2B7F0E ] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
07:05:28.0867 0x0b3c  LogMeIn Hamachi Ui - ok
07:05:28.0945 0x0b3c  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
07:05:28.0976 0x0b3c  Sidebar - ok
07:05:29.0054 0x0b3c  [ E02E715FA2BC8D88FF9362374E309D76, A10E4D4B02F147A38364A2DEBF9691771BD381B8FC1E672EF96C0509DD919EDE ] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
07:05:29.0116 0x0b3c  LightScribe Control Panel - ok
07:05:29.0226 0x0b3c  [ 4BDCB1E05064D3997B4E9DF734FC7A61, 2E90B15A28BF4AD471618987984B1A27F1BEBAD16EDF428B9715CF626F527420 ] C:\Program Files (x86)\Steam\Steam.exe
07:05:29.0257 0x0b3c  Steam - ok
07:05:29.0475 0x0b3c  [ D8C1FBB3D14C3B33A3E374366CAC7F76, 035909B8AD34EE3169F18973F13F22ECCB452FDA029AF55962012C112E34C6AC ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
07:05:29.0678 0x0b3c  SUPERAntiSpyware - ok
07:05:29.0850 0x0b3c  [ BAB442AE1AEF7D7CFAB62344FCCCFEA7, 8B757713D0B298B1762A617D29B688E11D82EAD9DF1605A6FCFA93BBC52646B9 ] C:\Users\Family\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
07:05:29.0959 0x0b3c  Google+ Auto Backup - ok
07:05:30.0084 0x0b3c  [ AC08A03D7E579E2903925736E7AB48F2, B4350DFB5BF153D60C38835FD0D4A13A993B5FCEDE04F98750396EDF0070B3FE ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
07:05:30.0099 0x0b3c  AC96096499AAD424A6FF707AC333F10C57B3F0E7._service_run - ok
07:05:30.0255 0x0b3c  [ 05666E370F36C1F4DCFB9AD7464FFFE6, 5D52F827AC56B859DF4A4AC4692FAB2183D99549926AE5F659341F2E55546691 ] C:\Users\Family\AppData\Local\Amazon Music\Amazon Music Helper.exe
07:05:30.0349 0x0b3c  Amazon Music - ok
07:05:30.0427 0x0b3c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] C:\Users\Family\AppData\Local\Google\Update\GoogleUpdate.exe
07:05:30.0427 0x0b3c  Google Update - ok
07:05:30.0489 0x0b3c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
07:05:30.0552 0x0b3c  Sidebar - ok
07:05:30.0614 0x0b3c  [ E02E715FA2BC8D88FF9362374E309D76, A10E4D4B02F147A38364A2DEBF9691771BD381B8FC1E672EF96C0509DD919EDE ] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
07:05:30.0661 0x0b3c  LightScribe Control Panel - ok
07:05:30.0676 0x0b3c  MobileDocuments - ok
07:05:30.0692 0x0b3c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
07:05:30.0692 0x0b3c  mctadmin - ok
07:05:30.0739 0x0b3c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
07:05:30.0754 0x0b3c  Sidebar - ok
07:05:30.0817 0x0b3c  [ E02E715FA2BC8D88FF9362374E309D76, A10E4D4B02F147A38364A2DEBF9691771BD381B8FC1E672EF96C0509DD919EDE ] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
07:05:30.0864 0x0b3c  LightScribe Control Panel - ok
07:05:30.0864 0x0b3c  MobileDocuments - ok
07:05:30.0864 0x0b3c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
07:05:30.0879 0x0b3c  mctadmin - ok
07:05:30.0879 0x0b3c  Waiting for KSN requests completion. In queue: 136
07:05:31.0893 0x0b3c  AV detected via SS2: Norton AntiVirus Online, C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\WSCStub.exe ( 20.4.0.0 ), 0x51000 ( enabled : updated )
07:05:31.0893 0x0b3c  Win FW state via NFP2: enabled
07:05:34.0514 0x0b3c  ============================================================
07:05:34.0514 0x0b3c  Scan finished
07:05:34.0514 0x0b3c  ============================================================
07:05:34.0514 0x0a8c  Detected object count: 0
07:05:34.0514 0x0a8c  Actual detected object count: 0

Regards,

 

Ron Nelson



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:53 AM

Posted 23 September 2014 - 10:01 AM

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    WSE Rocket
    RocketTab
    File Extractor
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.


If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Edited by TB-Psychotic, 23 September 2014 - 10:02 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 RDN1

RDN1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 23 September 2014 - 11:59 PM

Marius:

 

Okay, but to start, using Firefox, whenever I load this page, I get the following error:

A script on this page may be busy, or it may have stopped responding. You can stop the script now, open the script in the debugger, or let the script continue.

Script: resource://gre/modules/addons/XPIProvider.jsm -> jar:file:///C:/Program%20Files%20(x86)/Mozilla%20Firefox/browser/extensions/%7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D.xpi!/bootstrap.js -> resource://gre/modules/commonjs/toolkit/loader.js -> resource://gre/modules/commonjs/sdk/loader/sandbox.js -> resource://skype_ff_extension-at-jetpack/skype_ff_extension/data/mutation-summary.js:263

The FRST Fixlog.txt file:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2014
Ran by Family at 2014-09-23 21:16:09 Run:1
Running from C:\Users\Family\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_md_14_30_ff&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy0D0D0EyByCtC0F0EtBtBtN0D0Tzu0SzytAyCtN1L2XzutAtFtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzzyCtCtAtAtB0AtG0DtAtA0FtGzztB0E0FtGtA0BtD0FtGtAtC0F0AtDzzyEzz0EtD0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtAtAtD0B0E0DyBtG0D0B0C0BtGyE0AzztBtG0ByB0CyCtGyByEtByC0CtDyEyBtByCtA0E2Q&cr=466389620&ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_md_14_30_ff&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy0D0D0EyByCtC0F0EtBtBtN0D0Tzu0SzytAyCtN1L2XzutAtFtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzzyCtCtAtAtB0AtG0DtAtA0FtGzztB0E0FtGtA0BtD0FtGtAtC0F0AtDzzyEzz0EtD0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtAtAtD0B0E0DyBtG0D0B0C0BtGyE0AzztBtG0ByB0CyCtGyByEtByC0CtDyEyBtByCtA0E2Q&cr=466389620&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_md_14_30_ff&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy0D0D0EyByCtC0F0EtBtBtN0D0Tzu0SzytAyCtN1L2XzutAtFtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBzzyCtCtAtAtB0AtG0DtAtA0FtGzztB0E0FtGtA0BtD0FtGtAtC0F0AtDzzyEzz0EtD0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtAtAtD0B0E0DyBtG0D0B0C0BtGyE0AzztBtG0ByB0CyCtGyByEtByC0CtDyEyBtByCtA0E2Q&cr=466389620&ir=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
Task: {A1DBC3EE-AA1D-4567-8A85-6F0EDBED4A33} - System32\Tasks\RocketTab => cmd.exe  <==== ATTENTION
Task: {5F94E677-AE57-4C17-AA63-A2BD14313AED} - \RegClean Pro No Task File <==== ATTENTION
Task: {05BAD1B6-56E1-4C84-9188-0B81324BB101} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-09-20] () <==== ATTENTION
ProxyServer: http=127.0.0.1:49170;https=127.0.0.1:49170
C:\Program Files (x86)\Search Extensions
2014-09-20 21:18 - 2014-09-20 21:18 - 01224123 _____ () C:\Users\Family\AppData\Local\Malware360Installer.exe
2014-09-20 21:18 - 2014-09-20 21:18 - 00004160 _____ () C:\Windows\System32\Tasks\RocketTab Update Task
2014-09-20 21:18 - 2014-09-20 21:18 - 00003374 _____ () C:\Windows\System32\Tasks\RocketTab
2014-09-20 21:18 - 2014-09-20 21:18 - 00003280 _____ () C:\Windows\System32\Tasks\Malware Protection 360
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Users\Family\AppData\Roaming\Linkey
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files\ShopperPro
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files\Settings Manager
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files\SearchProtect
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files\Linkey
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files\Common Files\Goobzo
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files (x86)\ShopperPro
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files (x86)\Settings Manager
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files (x86)\SearchProtect
2014-09-20 21:18 - 2014-09-20 21:18 - 00000000 ___HD () C:\Program Files (x86)\Linkey

EmptyTemp:
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
C:\ProgramData\TEMP => ":430C6D84" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1DBC3EE-AA1D-4567-8A85-6F0EDBED4A33}" => Key not found.
C:\Windows\System32\Tasks\RocketTab not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5F94E677-AE57-4C17-AA63-A2BD14313AED}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F94E677-AE57-4C17-AA63-A2BD14313AED}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05BAD1B6-56E1-4C84-9188-0B81324BB101}" => Key not found.
C:\Windows\System32\Tasks\RocketTab Update Task not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => Key not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
C:\Program Files (x86)\Search Extensions => Moved successfully.
C:\Users\Family\AppData\Local\Malware360Installer.exe => Moved successfully.
"C:\Windows\System32\Tasks\RocketTab Update Task" => File/Directory not found.
"C:\Windows\System32\Tasks\RocketTab" => File/Directory not found.
C:\Windows\System32\Tasks\Malware Protection 360 => Moved successfully.
C:\Users\Family\AppData\Roaming\Linkey => Moved successfully.
"C:\Program Files\ShopperPro" => File/Directory not found.
C:\Program Files\Settings Manager => Moved successfully.
C:\Program Files\SearchProtect => Moved successfully.
C:\Program Files\Linkey => Moved successfully.
C:\Program Files\Common Files\Goobzo => Moved successfully.
"C:\Program Files (x86)\ShopperPro" => File/Directory not found.
C:\Program Files (x86)\Settings Manager => Moved successfully.
C:\Program Files (x86)\SearchProtect => Moved successfully.
C:\Program Files (x86)\Linkey => Moved successfully.
EmptyTemp: => Removed 2.6 GB temporary data.


The system needed a reboot. 

==== End of Fixlog ====

On MBAM, I had it installed already, but it would not run. I had to uninstall it and reinstall it to get it to run. Here is the log for MBAM: MBAM did not ask for a restart.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/23/2014
Scan Time: 9:37:04 PM
Logfile: 
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.24.04
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Family

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393402
Time Elapsed: 9 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.Goobzo, C:\Program Files (x86)\Common Files\Goobzo, Quarantined, [77fd34bd04773afc0c9b01fd35cdd42c], 

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Thanks again,

 

Ron Nelson

 

Also, after running REVO Uninstaller, it appears my Firefox had some changes - specifically I had saved this page link in my toolbar, and the link was gone!

 

Is it possible my hard drive is going bad? Or does this look like malware?



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:53 AM

Posted 24 September 2014 - 07:45 AM

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 RDN1

RDN1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 24 September 2014 - 10:23 PM

Marius:

 

The results from AdwCleaner:

# AdwCleaner v3.310 - Report created 24/09/2014 at 20:17:21
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Family - FAMILY-PC
# Running from : C:\Users\Family\Desktop\adwcleaner_3.310.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\efzvvg6q.Mark's Awesome Profile\user.js
File Deleted : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\klypnjdj.Jenna\user.js
File Deleted : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\lqntaf26.Darlene\user.js
File Deleted : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\tvn6xr5d.Mark\user.js
File Deleted : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\user.js
File Deleted : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\v1186k9v.Mark\user.js
File Deleted : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\xc6e2v23.Mark\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\InstallCore

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.2 (x86 en-US)

[ File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\efzvvg6q.Mark's Awesome Profile\prefs.js ]


[ File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\klypnjdj.Jenna\prefs.js ]


[ File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\lqntaf26.Darlene\prefs.js ]


[ File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\tvn6xr5d.Mark\prefs.js ]


[ File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\prefs.js ]


[ File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\v1186k9v.Mark\prefs.js ]


[ File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\xc6e2v23.Mark\prefs.js ]


-\\ Google Chrome v37.0.2062.120

*************************

AdwCleaner[R0].txt - [2765 octets] - [29/11/2013 23:17:11]
AdwCleaner[R1].txt - [2239 octets] - [30/03/2014 22:18:39]
AdwCleaner[R2].txt - [2415 octets] - [24/09/2014 20:14:16]
AdwCleaner[S0].txt - [2712 octets] - [29/11/2013 23:20:00]
AdwCleaner[S1].txt - [2222 octets] - [30/03/2014 22:20:56]
AdwCleaner[S2].txt - [2352 octets] - [24/09/2014 20:17:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2412 octets] ##########

Also, I still have to stop the script on this page. It freezes my browser.

 

Regards,

 

Ron Nelson



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:53 AM

Posted 25 September 2014 - 08:18 AM

Please remove your Firefox-Extension for Skype - it produces the error.

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 RDN1

RDN1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 27 September 2014 - 01:06 PM

Thanks, disabling the Skype extension fixed the page load problem.

 

The MBAM log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/27/2014
Scan Time: 12:08:24 AM
Logfile: 
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.27.02
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Family

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393889
Time Elapsed: 10 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

The ESET Found Threats:

C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir	a variant of Win64/Systweak.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Search Extensions\uninstall.exe	a variant of MSIL/Adware.iBryte.G application
C:\Users\Family\Downloads\ccsetup408.exe	Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Family\Downloads\FileExtractorSetup(1).exe	a variant of Win32/InstallCore.PK potentially unwanted application
C:\Users\Family\Downloads\PFPortChecker.exe	Win32/InstallMonetizer.AN potentially unwanted application
C:\Users\Family\Downloads\UTPlayer_Setup(1).exe	Win32/InstallMonetizer.AN potentially unwanted application
C:\Users\Family\Downloads\UTPlayer_Setup.exe	Win32/InstallMonetizer.AN potentially unwanted application

The computer does seem to work better. I have not tried all the profiles for errors though.

 

Regards,

 

Ron Nelson



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:53 AM

Posted 29 September 2014 - 04:41 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK Mirror (if the link is down)

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread (Note: Do NOT post this one into a code box!


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 RDN1

RDN1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 29 September 2014 - 08:50 PM

I ran AdwCleaner, here is the log:

# AdwCleaner v3.310 - Report created 29/09/2014 at 18:17:00
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Family - FAMILY-PC
# Running from : C:\Users\Family\Desktop\adwcleaner_3.310.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\efzvvg6q.Mark's Awesome Profile\prefs.js ]


[ File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\klypnjdj.Jenna\prefs.js ]


[ File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\lqntaf26.Darlene\prefs.js ]


[ File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\tvn6xr5d.Mark\prefs.js ]

Line Deleted : user_pref("storage.arcadeyum.script", "//srdrvp.com/cmn2?p=YTQxMTMyNTEzNzYyZR2xr7kLog7iswVuP8yEcHae6bMyPh%2FQipfjqVJdzeEturGBq0BBEJoF%2B1cEYUEgo8bAhsjbguQGOoy1apVxWyE2Moc2RCZ6GjAbe8dEN3fKEx7MXAHpWSzwE[...]

[ File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\ufwer1tt.default\prefs.js ]


[ File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\v1186k9v.Mark\prefs.js ]


[ File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\xc6e2v23.Mark\prefs.js ]


-\\ Google Chrome v37.0.2062.124

*************************

AdwCleaner[R0].txt - [2765 octets] - [29/11/2013 23:17:11]
AdwCleaner[R1].txt - [2239 octets] - [30/03/2014 22:18:39]
AdwCleaner[R2].txt - [2415 octets] - [24/09/2014 20:14:16]
AdwCleaner[R3].txt - [2040 octets] - [29/09/2014 17:52:36]
AdwCleaner[S0].txt - [2712 octets] - [29/11/2013 23:20:00]
AdwCleaner[S1].txt - [2222 octets] - [30/03/2014 22:20:56]
AdwCleaner[S2].txt - [2492 octets] - [24/09/2014 20:17:21]
AdwCleaner[S3].txt - [1963 octets] - [29/09/2014 18:17:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2023 octets] ##########

When I run JRT, it quickly fills a couple of bars with information that it is backing up and saving some data, but no JRT log is saved or created.

 

When I run SercurityCheck, it hangs at the stage that says, **Preparing** and doesn't do anything more.

 

Regards

 

Ron Nelson



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:53 AM

Posted 30 September 2014 - 09:08 AM

please reboot and try again.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 RDN1

RDN1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 30 September 2014 - 10:08 PM

Marius:

 

The same results as before: When I run JRT, It saves some files to C:\Windows\ERUNT\JRT

None of these files is a .txt file

 

They are:

Users (contains a couple of .dat files)

BCD

DEFAULT

ERDNT.CON

ERDNT.EXE

ERDNT.INF

ERDNTDOS.LOC

ERDNTWIN.LOC

SAM

SECURITY

SOFTWARE

SYSTEM

 

And, when I run Security Check, it scolls thru a bunch of lines faster than I can read them, erases those lines, and hangs at the line that simply reads ''Preparing''

 

So neither of those programs will run as advertised on my computer.

There are some old JRT files from the past in C:\JRT. I tried deleting them in case that was the problem, and then restored them since it didn't make any difference.

 

Do I need to run something stronger like Combofix?

 

EDIT: if I let Security Check run long enough, I get an error (3) times, in separate boxes, that reads:

 

Line-1:

 

Error Recursion level has been exceeded - AutoIt will quit to prevent

stack overflow.

 

EDIT2: Sitting here, the hard drive started spooling up, and the CPU usage shot way up.

 

So I opened up task manager to see what was going on - it appears I have (3) instances of Objlist.exe *32 running at once.

 

Regards,

 

Ron


Edited by RDN1, 30 September 2014 - 10:25 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users