# Bsod!!!!



## bdarger (May 6, 2013)

I have gotten the BSOD when i start my computer. I can run it in safe mode but the BSOD pops up every time I try to run it normaly. The info from the BSOD info is below...

PAGE_FAULT_IN_NONPAGED_AREA

STOP: 0x00000050 (0xFFFFF88015D17770, 0x0000000000000001, 0xFFFFFA8008D1C2E6, x0000000000000002)

Dump file is located here
https://skydrive.live.com/embed?cid...=B2D672F12E03C08A!128&authkey=AADQo9TdS35EngI

It is an HP dv6-6033cl Intel I5 running Windows 7. I have no idea what is going on but any info to help fix the problem is appreciated!

Thanks


----------



## dai (Mar 7, 2003)

http://msdn.microsoft.com/en-us/library/windows/hardware/ff559023(v=vs.85).aspx

start with running memtest on the ram 1 stick at a time


----------



## Mark1956 (May 7, 2011)

The BSOD appears to have been caused by the driver hpdskflt.sys from HP. Although it could be a memory fault I would first try a reinstall of the software that contains the driver.

All your HP drivers are available from this page: http://h10025.www1.hp.com/ewfrf/wc/...en&cc=us&dlc=en&sw_lang=&product=5078423#N224

The driver hpdskflt.sys is from this software: 'HP ProtectSmart Hard Drive Protection software' so I would suggest you uninstall it and then download and install a fresh copy from here:

http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?cc=uk&lc=en&dlc=en&softwareitem=ob-76187-1

You should be able to complete all of this running the system in Safe Mode with Networking.

Let us know if that stops the BSOD's.


----------



## bdarger (May 6, 2013)

I removed what I could and ran chkdsk but I still have the BSOD. When I try to uninstall anything I get pop up saying "The Windows Installer Service could not be accessed. This can occur if the windows installer is not correctly installed. Contact your support personnel for assistance."

The codes in the Technical Information section of the BSOD have changed slightly though. They are now as shown below

STOP: 0x00000050 (0xFFFFF8801F400000, 0x0000000000000001, 0xFFFFFA8008D462E6, 0x0000000000000002)

Newest dump file can be found here

https://skydrive.live.com/embed?cid...=B2D672F12E03C08A!129&authkey=AJ6NNs0fLHQGX7c

Thanks


----------



## Mark1956 (May 7, 2011)

That crash dump points to the same driver.

Please follow this guide and run the automatic Fix-it tool.


----------



## bdarger (May 6, 2013)

What guide?? Did you mean to post a link??


----------



## Mark1956 (May 7, 2011)

Sorry about that, here it is:
http://support.microsoft.com/mats/Program_Install_and_Uninstall


----------



## bdarger (May 6, 2013)

I removed a bunch of HP things but the 'HP Protect Smart' was not listed as one. I have no idea what else to do. The problem still remains!


----------



## Mark1956 (May 7, 2011)

Ok, lets do a search for the file and the program.

Please download *SystemLook* from the following link below and save it to your Desktop.


*SystemLook (64-bit)*


Double-click *SystemLook.exe* to run it.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
Copy and paste everything in the codebox below into the main textfield:


```
:filefind
hpdskflt.sys
:folderfind
ProtectSmart
:regfind
ProtectSmart
```

Click the Look button to start the scan.
When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
Please copy and paste the contents of that log in your next reply.


----------



## bdarger (May 6, 2013)

results below..

SystemLook 30.07.11 by jpshortstuff
Log created at 18:59 on 07/05/2013 by brandon
Administrator - Elevation successful

========== filefind ==========

Searching for "hpdskflt.sys"
C:\Program Files\Hewlett-Packard\Drivers\Global\HPMDP\amd64\hpdskflt.sys --a---- 30008 bytes [00:24 13/08/2010] [00:24 13/08/2010] CCBE758967CC0F53F5BA3B271653C4E6
C:\Program Files\Hewlett-Packard\Drivers\Global\HPMDP\x86\hpdskflt.sys --a---- 25656 bytes [00:24 13/08/2010] [00:24 13/08/2010] D5C35E6416A379C445CDA826B9FE452F
C:\SwSetup\Drivers\HPProtSHD\amd64\hpdskflt.sys --a---- 30008 bytes [13:24 13/08/2010] [13:24 13/08/2010] CCBE758967CC0F53F5BA3B271653C4E6
C:\SwSetup\Drivers\HPProtSHD\x86\hpdskflt.sys --a---- 25656 bytes [13:24 13/08/2010] [13:24 13/08/2010] D5C35E6416A379C445CDA826B9FE452F
C:\SwSetup\sp45501\amd64\hpdskflt.sys --a---- 30008 bytes [18:49 08/07/2009] [18:49 08/07/2009] 05712FDDBD45A5864EB326FAABC6A4E3
C:\SwSetup\sp45501\x86\hpdskflt.sys --a---- 25656 bytes [18:48 08/07/2009] [18:48 08/07/2009] E1D82F0C8456ABB03B7DF5D623CA47D1
C:\Windows\System32\drivers\hpdskflt.sys --a---- 30008 bytes [00:24 13/08/2010] [00:24 13/08/2010] CCBE758967CC0F53F5BA3B271653C4E6
C:\Windows\System32\DriverStore\FileRepository\accelerometer.inf_amd64_neutral_8a2001ab8aedb1b6\amd64\hpdskflt.sys --a---- 30008 bytes [00:24 13/08/2010] [00:24 13/08/2010] CCBE758967CC0F53F5BA3B271653C4E6

========== folderfind ==========

Searching for "ProtectSmart"
No folders found.

========== regfind ==========

Searching for "ProtectSmart"
No data found.

-= EOF =-


----------



## Mark1956 (May 7, 2011)

We can see there are several instances of that driver, I would not advise you to go deleting any more HP related software as it may cause further issues.

Run SystemLook again and use the script below, post the results.


```
:service
HPMDP
HPProtSHD
```


----------



## bdarger (May 6, 2013)

Results are below

SystemLook 30.07.11 by jpshortstuff
Log created at 14:17 on 08/05/2013 by brandon
Administrator - Elevation successful

========== service ==========

HPMDP - Unable to open Service Handle.

HPProtSHD - Unable to open Service Handle.

-= EOF =-


----------



## Mark1956 (May 7, 2011)

I think this would be a good time to have a look at what is on your system.

Please go Here and follow the instructions to run DDS, then *Copy and Paste* both the logs into your next reply. You need not run HJT or GMER.


----------



## bdarger (May 6, 2013)

Logs below... DDS first, attach second

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
Run by brandon at 23:34:43 on 2013-05-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4190 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\syswow64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [WF-7520 Series(Network)] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIHDA.EXE /FU "C:\Users\brandon\AppData\Local\Temp\E_S860E.tmp" /EF "HKCU"
uRun: [Artisan 830(Network)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGXA.EXE /FU "C:\Users\brandon\AppData\Local\Temp\E_S86C9.tmp" /EF "HKCU"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CITRIX~1.LNK - C:\Program Files\Citrix\Secure Access Client\nsload.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{EF12FD3E-5056-497E-9645-2BB24E1C0F1B} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{EF12FD3E-5056-497E-9645-2BB24E1C0F1B}\1534027456F602F46666963656 : DHCPNameServer = 192.168.2.1 97.64.183.164 97.64.209.37
TCP: Interfaces\{EF12FD3E-5056-497E-9645-2BB24E1C0F1B}\27F6D656F6 : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{EF12FD3E-5056-497E-9645-2BB24E1C0F1B}\A424 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [dshic] "C:\Windows\System32\rundll32.exe" "C:\Users\brandon\AppData\Roaming\dshic.dll",Method_Type
x64-Run: [scogf] "C:\Windows\System32\rundll32.exe" "C:\Users\brandon\AppData\Roaming\scogf.dll",destroy_info_struct
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\4ifshhpy.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files\Citrix\Secure Access Client\npagee.dll
FF - plugin: C:\Program Files\Citrix\Secure Access Client\npagee64.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\4ifshhpy.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-04-27 09:26; {bac3eb53-a317-11e2-8274-b8ac6f996f26}; C:\Users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\4ifshhpy.default\extensions\{bac3eb53-a317-11e2-8274-b8ac6f996f26}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - 
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys [2012-6-11 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2012-6-11 912504]
R3 ctxva51;Citrix Virtual Adapter;C:\Windows\System32\drivers\ctxva51.sys [2010-1-19 45720]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-2-7 1041760]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-19 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-19 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-7 406632]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-20 1157240]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120406.002\IDSviA64.sys [2012-4-6 488568]
S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2012-6-11 171128]
S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys [2012-6-11 386168]
S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-2-7 89600]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2012-2-7 679176]
S2 cag;Citrix cag plugin for Access Gateway;C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [2009-10-22 93720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
S2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-7 249672]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-3 92216]
S2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-7 13336]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]
S2 nsverctl;Citrix Secure Access Client Service;C:\Program Files\Citrix\Secure Access Client\nsverctl.exe [2010-1-19 154264]
S2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-2-23 1871032]
S2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-7 2656280]
S3 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2012-2-7 4150864]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2012-2-7 1188616]
S3 BTMCOM;Bluetooth Serial Port;C:\Windows\System32\drivers\btmcom.sys [2012-2-7 52736]
S3 BTMNET;Motorola Bluetooth Network Adapter Service;C:\Windows\System32\drivers\btmnet.sys [2012-2-7 30208]
S3 BTMUSB;Motorola Bluetooth Radio Service;C:\Windows\System32\drivers\btmusb.sys [2012-2-7 484224]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-12-11 31088]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-2-7 1028096]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-2-7 317440]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-1-12 333928]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-2-8 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-7 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-05-07 19:58:05 -------- d-----w- C:\MATS
2013-05-05 19:13:48 -------- d-----w- C:\Users\brandon\AppData\Roaming\Roxio Log Files
2013-05-02 03:06:58 -------- d-----w- C:\Users\brandon\AppData\Local\Symantec
2013-05-02 01:49:16 190999 ----a-w- C:\6187721.exe
2013-04-22 02:20:52 -------- d-----r- C:\Program Files (x86)\Skype
2013-04-12 02:22:00 507904 ----a-w- C:\Users\brandon\AppData\Roaming\scogf.dll
2013-04-12 02:21:55 786432 ----a-w- C:\Users\brandon\AppData\Roaming\dshic.dll
.
==================== Find3M ====================
.
2013-04-04 19:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-17 13:53:18 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-17 13:53:18 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-08 12:03:50 829264 ----a-w- C:\Windows\System32\msvcr100.dll
2013-02-08 12:03:50 608080 ----a-w- C:\Windows\System32\msvcp100.dll
.
============= FINISH: 23:36:04.99 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 2/7/2012 5:53:35 PM
System Uptime: 5/8/2013 11:30:08 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 1658
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU1 | 2294/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 579 GiB total, 511.192 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2.073 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer: 
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP115: 3/2/2013 10:13:28 PM - Configured Microsoft Office Home and Student 2010
RP116: 3/24/2013 4:03:00 PM - Removed Skype 6.3
RP117: 3/24/2013 4:03:55 PM - Removed Skype Click to Call
RP118: 4/5/2013 10:14:56 PM - Scheduled Checkpoint
RP119: 4/21/2013 9:50:51 PM - Removed Skype 6.3
RP120: 4/22/2013 8:29:11 PM - Restore Operation
RP121: 4/28/2013 8:08:10 PM - Removed Skype 6.3
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
Amazon MP3 Downloader 1.0.15
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVS Update Manager 1.0
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
Bonjour
Bounce Symphony
Build-a-lot 2
Cake Mania
CCleaner
Chuzzle Deluxe
Citrix Access Gateway Plug-in
Citrix XenApp Web Plugin
CyberLink DVD Suite
CyberLink YouCam
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Energy Star Digital Logo
EPSON Artisan 830 Series Printer Uninstall
Epson Connect
Epson Customer Participation
Epson Download Navigator
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WF-7520 Series Printer Uninstall
EpsonNet Print
EpsonNet Setup 3.3
Escape Rosecliff Island
ESU for Microsoft Windows 7
Farm Frenzy
FATE
ffdshow v1.2.4486 [2012-08-25]
Final Drive Nitro
Heroes of Hellas 2 - Olympia
HP 3D DriveGuard
HP Auto
HP Client Services
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP SimplePass 2011
HP Software Framework
HP Support Assistant
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
iTunes
Java 7 Update 10
Java Auto Updater
Java(TM) 6 Update 22 (64-bit)
Java(TM) 6 Update 31
Jewel Quest Solitaire 2
LabelPrint
LightScribe System Software
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 365 Home Premium - en-us
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SkyDrive
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
Norton Internet Security
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
ooVoo
Penguins!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
Ralink Motorola BC8 Bluetooth 3.0+HS Adapter
Ralink RT5390 802.11b/g/n WiFi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
Remote Control USB Driver
Renesas Electronics USB 3.0 Host Controller Driver
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype 6.3
Synaptics Pointing Device Driver
TurboTax 2011
TurboTax 2011 wiliper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 wiliper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Validity WBF DDK
Virtual Families
Virtual Villagers 4 - The Tree of Life
Wheel of Fortune 2
Windows Live Mesh ActiveX Control for Remote Connections
WinZip 16.0
XP Codec Pack
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
5/8/2013 2:12:33 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8800dea8970, 0x0000000000000001, 0xfffffa8008b9e2e6, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050813-34304-01.
5/8/2013 11:32:55 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
5/8/2013 11:31:24 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
5/8/2013 11:31:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/8/2013 11:31:23 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/8/2013 11:31:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/8/2013 11:31:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/8/2013 11:31:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/8/2013 11:30:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
5/7/2013 8:43:21 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
5/7/2013 8:42:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/7/2013 8:42:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service Bluetooth Device Manager with arguments "" in order to run the server: {3428CA47-50B8-48C2-8839-48D3C4C59B23}
5/7/2013 7:53:10 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/7/2013 7:53:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/7/2013 7:53:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/7/2013 7:52:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
5/7/2013 7:52:38 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/7/2013 7:52:38 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/7/2013 7:52:38 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/7/2013 7:52:38 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/7/2013 7:52:38 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/7/2013 7:52:38 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
5/7/2013 7:52:38 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/7/2013 7:52:38 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/7/2013 7:52:38 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/7/2013 7:52:38 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/7/2013 7:52:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8800df8df70, 0x0000000000000001, 0xfffffa8008d342e6, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050713-23415-01.
5/7/2013 6:55:13 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.
5/7/2013 6:55:13 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8801f400000, 0x0000000000000001, 0xfffffa8008d3b2e6, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
5/7/2013 4:13:25 PM, Error: Service Control Manager [7000] - The HP Wireless Assistant Service service failed to start due to the following error: The system cannot find the file specified.
5/7/2013 4:13:18 PM, Error: Service Control Manager [7000] - The Citrix Secure Access Client Service service failed to start due to the following error: The system cannot find the file specified.
5/7/2013 4:13:05 PM, Error: Service Control Manager [7000] - The Citrix cag plugin for Access Gateway service failed to start due to the following error: The system cannot find the file specified.
5/7/2013 4:13:05 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The system cannot find the file specified.
5/7/2013 4:12:22 PM, Error: Service Control Manager [7000] - The TrueSuiteService service failed to start due to the following error: The system cannot find the file specified.
5/7/2013 3:58:23 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8801f400000, 0x0000000000000001, 0xfffffa8008d292e6, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050713-29702-01.
5/7/2013 3:13:25 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8800df16570, 0x0000000000000001, 0xfffffa8008d372e6, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050713-32276-01.
5/6/2013 7:16:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8801f400000, 0x0000000000000001, 0xfffffa8008d512e6, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050613-33805-01.
5/6/2013 6:50:57 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8801f400000, 0x0000000000000001, 0xfffffa8008d462e6, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050613-43461-01.
5/6/2013 6:39:59 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/6/2013 3:27:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8801f400000, 0x0000000000000001, 0xfffffa8008d5f2e6, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050613-29515-01.
5/6/2013 3:24:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
5/6/2013 3:09:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8800df27550, 0x0000000000000001, 0xfffffa8008d1a2e6, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
5/5/2013 9:52:45 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.
5/5/2013 9:52:45 AM, Error: Service Control Manager [7000] - The HP Software Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/5/2013 9:52:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
5/5/2013 9:51:57 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/5/2013 9:51:57 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
5/5/2013 9:50:54 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the OfficeSvc service.
5/5/2013 9:50:54 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
5/5/2013 9:50:54 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/5/2013 9:50:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/5/2013 3:56:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
5/5/2013 3:56:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/5/2013 2:22:46 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff88015d17770, 0x0000000000000001, 0xfffffa8008d1c2e6, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050513-32588-01.
5/5/2013 2:09:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff88016ba2d10, 0x0000000000000001, 0xfffffa8008d3a2e6, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050513-35755-01.
5/1/2013 8:46:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8801f400000, 0x0000000000000001, 0xfffffa80089a82e6, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050113-25896-01.
5/1/2013 8:38:34 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8801f400000, 0x0000000000000001, 0xfffffa8008a0d2e6, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050113-30076-01.
5/1/2013 7:00:50 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
5/1/2013 10:08:18 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff88019e00000, 0x0000000000000001, 0xfffffa80079282e6, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050113-36395-01.
5/1/2013 10:08:11 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
5/1/2013 10:06:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr SymNetS
5/1/2013 10:06:30 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
5/1/2013 10:06:30 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
5/1/2013 10:06:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8801f400000, 0x0000000000000001, 0xfffffa8008b442e6, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050113-28969-01.
.
==== End Of File ===========================


----------



## Mark1956 (May 7, 2011)

Please find the log from the Disk Check that you ran so I can see the results and then run the following scans.

Follow this guide to find the *chkdsk* log. *NOTE:* You need to do the search for *wininit* not *chkdsk*.
Windows 7 Disk Check log

Once the log is in view then click on* Copy* in the right hand pane and select *"Copy details as text".*
You can then *right click* on the message box on this forum and select *Paste* and the log will appear, add any further information asked for and then click on *Submit/Post Quick Reply* and your done.

===========================================================

Please download RKill 
There are three buttons to choose from with different names on, select the first one and save it to your desktop.


Double-click on the *Rkill* desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and *Run As Administrator*.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
A log pops up at the end of the run. This log file is located at *C:\rkill.log*. Please post this in your next reply.
If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
If the tool does not run from any of the links provided, please let me know.

*DO NOT* reboot, run *Malwarebytes*, let it update and run a *full* scan. If it finds anything, fix it and post the resulting log. If it finds nothing, post that log instead.

You can download Malwarebytes from here if you do not have it: Malwarebytes

============================================================

Please run these two scans and post the logs:

*SCAN 1*
Click on this link to download : ADWCleaner and save it to your desktop.

*NOTE:* If using Internet Explorer and you get an alert that stops the program downloading click on *Tools > Smartscreen Filter > Turn off Smartscreen Filter* then click on *OK* in the box that opens. Then click on the link again.

Close your browser and click on this icon on your desktop:









You will then see the screen below, click on the *Delete* button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post. If the log does not appear you should find it on your C: drive, using Windows Explorer, as ADWCleaner[S1].










*SCAN 2*
Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page select the 32bit or 64bit button to match the bit rate of your version of Windows.


Quit all running programs. 
Start RogueKiller.exe by double clicking on the icon. 
Wait until Prescan has finished. 
Ensure all boxes are ticked under "Report" tab. 
Click on Scan. 
Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
NOTE: *DO NOT attempt to remove anything that the scan detects.*


----------



## bdarger (May 6, 2013)

chkdsk log below

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 5/6/2013 6:34:02 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: brandon-HP
Description:

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
222976 file records processed.

File verification completed.
604 large file records processed.

0 bad file records processed.

0 EA records processed.

60 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
293894 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
222976 file SDs/SIDs processed.

Cleaning up 1496 unused index entries from index $SII of file 0x9.
Cleaning up 1496 unused index entries from index $SDH of file 0x9.
Cleaning up 1496 unused security descriptors.
CHKDSK is compacting the security descriptor stream
35460 data files processed.

CHKDSK is verifying Usn Journal...
36947904 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
222960 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
134918327 free clusters processed.

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

607508479 KB total disk space.
67381140 KB in 178846 files.
108872 KB in 35463 indexes.
0 KB in bad sectors.
345155 KB in use by the system.
65536 KB occupied by the log file.
539673312 KB available on disk.

4096 bytes in each allocation unit.
151877119 total allocation units on disk.
134918328 allocation units available on disk.

Internal Info:
00 67 03 00 2f 45 03 00 9e ff 05 00 00 00 00 00 .g../E..........
97 06 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 ....<...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-05-06T23:34:02.000000000Z" />
<EventRecordID>24765</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>brandon-HP</Computer>
<Security />
</System>
<EventData>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
222976 file records processed.

File verification completed.
604 large file records processed.

0 bad file records processed.

0 EA records processed.

60 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
293894 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
222976 file SDs/SIDs processed.

Cleaning up 1496 unused index entries from index $SII of file 0x9.
Cleaning up 1496 unused index entries from index $SDH of file 0x9.
Cleaning up 1496 unused security descriptors.
CHKDSK is compacting the security descriptor stream
35460 data files processed.

CHKDSK is verifying Usn Journal...
36947904 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
222960 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
134918327 free clusters processed.

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

607508479 KB total disk space.
67381140 KB in 178846 files.
108872 KB in 35463 indexes.
0 KB in bad sectors.
345155 KB in use by the system.
65536 KB occupied by the log file.
539673312 KB available on disk.

4096 bytes in each allocation unit.
151877119 total allocation units on disk.
134918328 allocation units available on disk.

Internal Info:
00 67 03 00 2f 45 03 00 9e ff 05 00 00 00 00 00 .g../E..........
97 06 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 ....<...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

</EventData>
</Event>


----------



## bdarger (May 6, 2013)

rkill log below

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/09/2013 09:45:51 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\brandon\Desktop\rkill\rkill-05-09-2013-09-45-53.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Disabled

* Security Center (wscsvc) is not Running.
Startup Type set to: Disabled

* Windows Update (wuauserv) is not Running.
Startup Type set to: Disabled

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 05/09/2013 09:46:06 AM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)


----------



## triniwiz (May 9, 2013)

why not try to do a system restore a update probably caused it


----------



## bdarger (May 6, 2013)

Malwarebytes report below

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.09.04

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
brandon :: BRANDON-HP [administrator]

5/9/2013 9:48:50 AM
mbam-log-2013-05-09 (09-48-50).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 440500
Time elapsed: 49 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\6187721.exe (Trojan.Dropper.ED) -> Quarantined and deleted successfully.
C:\Users\brandon\AppData\Roaming\dshic.dll (Trojan.Medfos.Gen) -> Quarantined and deleted successfully.
C:\Users\brandon\AppData\Roaming\scogf.dll (Trojan.Medfos.Gen) -> Quarantined and deleted successfully.

(end)


----------



## Mark1956 (May 7, 2011)

Triniwiz, please do not suggest a System Restore when scans are being run.

Please *DO NOT* do a System Restore. Malwarebytes has detected a Trojan infection so I have requested this is moved to the Malware forum. Please do not make any changes to the system or run any scans unless requested.

Please tell me if you disabled the services listed in the RKill log:

* COM+ Event System (EventSystem)
* Security Center (wscsvc)
* Windows Update (wuauserv)

Please now reboot the system and run Malwarebytes again and post the new log. If the infections have returned we will have to dig deeper.

Please also continue with the instructions to run ADWCleaner and RogueKiller.


----------



## bdarger (May 6, 2013)

Rougekiller report below

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : brandon [Admin rights]
Mode : Scan -- Date : 05/09/2013 11:39:41
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [x] -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : dshic ("C:\Windows\System32\rundll32.exe" "C:\Users\brandon\AppData\Roaming\dshic.dll",Method_Type) [7] -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : scogf ("C:\Windows\System32\rundll32.exe" "C:\Users\brandon\AppData\Roaming\scogf.dll",destroy_info_struct) [7] -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9640320AS +++++
--- User ---
[MBR] 597da898a491cb466223cfd2bd97ac05
[BSP] cb3e273f3efe7253fd0d9aafe1a5a1da : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 593270 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1215426560 | Size: 16906 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 288aa500cfe6337fa633a191681913f0
[BSP] cb3e273f3efe7253fd0d9aafe1a5a1da : Windows 7/8 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 593270 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1215426560 | Size: 16906 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 288aa500cfe6337fa633a191681913f0
[BSP] cb3e273f3efe7253fd0d9aafe1a5a1da : Windows 7/8 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 593270 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1215426560 | Size: 16906 Mo

Finished : << RKreport[1]_S_05092013_02d1139.txt >>
RKreport[1]_S_05092013_02d1139.txt


----------



## bdarger (May 6, 2013)

I did not disable anything after rkill. Just posted the log. I will run malwarebytes again now.


----------



## Mark1956 (May 7, 2011)

RogueKiller is showing signs of a Master Boot Record infection and has found the same files that Malwarebytes deleted so the chances are the next Malwarebytes log is going to show them again, we shall see.

Proceed with the Malwarebytes scan and post the log.
Run ADWCleaner and post the log from that.

Then run this scan:

Please follow the instructions exactly as written, deviating from the instructions and trying to fix anything before I have seen the logs may make your PC unbootable. If TDSSKiller does not offer the Cure option *DO NOT select delete* as you may remove files needed for the system to operate.

Please download Kaspersky's *TDSSKiller* and *save it to your Desktop. <-Important!*
_-- The tool is frequently updated...if you used TDSSKiller before, delete that version and download the most current one before using again._

_Be sure to print out and follow all of these instructions unless you can view them on another PC while running the program. _.


Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
Alternatively, you can download TDSSKiller.exe and use that instead.
Double-click on *TDSSKiller.exe* to run the tool for known TDSS variants.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
If an update is available, TDSSKiller will prompt you to update and download the most current version. Click *Load Update*. Close TDSSKiller and start again.


When the program opens, click the *Change parameters.*










Under "Additional options", check the boxes next to *Verify file digital signatures* and *Detect TDLFS file system*, then click *OK*.










Click the *Start Scan* button.










Do not use the computer during the scan
If the scan completes with nothing found, click *Close* to exit.
If '*Suspicious objects*' are detected, the default action will be *Skip*. Leave the default set to Skip and click on *Continue*.
If *Malicious objects* are detected, they will show in the Scan results - *Select action for found objects:* and offer three options.










Ensure *Cure* is selected...then click *Continue* -> *Reboot computer* *for cure completion.*










*Important! ->* If *Cure* *is not available*, please choose *Skip* instead. *Do not choose Delete unless instructed.* If you choose *Delete* you may *remove critical system files* and make your PC *unstable* or possibly *unbootable*.

A log file named *TDSSKiller_version_date_time_log.txt* will be created and saved to the root directory (usually Local Disk C: ).
Copy and paste the contents of that file in your next reply.

_-- If TDSSKiller does not run, try renaming it. To do this, right-click on *TDSSKiller.exe*, select *Rename* and give it a random name with the *.com* file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else *before* beginning the download and saving to the computer or to perform the scan in "safe mode"._


----------



## bdarger (May 6, 2013)

Malwarebytes below. Running others now

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.09.04

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
brandon :: BRANDON-HP [administrator]

5/9/2013 11:45:29 AM
mbam-log-2013-05-09 (11-45-29).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 451331
Time elapsed: 52 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## bdarger (May 6, 2013)

rouge kill report below

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : brandon [Admin rights]
Mode : Scan -- Date : 05/09/2013 11:39:41
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [x] -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : dshic ("C:\Windows\System32\rundll32.exe" "C:\Users\brandon\AppData\Roaming\dshic.dll",Method_Type) [7] -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : scogf ("C:\Windows\System32\rundll32.exe" "C:\Users\brandon\AppData\Roaming\scogf.dll",destroy_info_struct) [7] -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9640320AS +++++
--- User ---
[MBR] 597da898a491cb466223cfd2bd97ac05
[BSP] cb3e273f3efe7253fd0d9aafe1a5a1da : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 593270 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1215426560 | Size: 16906 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 288aa500cfe6337fa633a191681913f0
[BSP] cb3e273f3efe7253fd0d9aafe1a5a1da : Windows 7/8 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 593270 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1215426560 | Size: 16906 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 288aa500cfe6337fa633a191681913f0
[BSP] cb3e273f3efe7253fd0d9aafe1a5a1da : Windows 7/8 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 593270 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1215426560 | Size: 16906 Mo

Finished : << RKreport[1]_S_05092013_02d1139.txt >>
RKreport[1]_S_05092013_02d1139.txt


----------



## bdarger (May 6, 2013)

TDSSKiller report below

13:16:12.0016 4708 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:16:12.0624 4708 ============================================================
13:16:12.0624 4708 Current date / time: 2013/05/09 13:16:12.0624
13:16:12.0624 4708 SystemInfo:
13:16:12.0624 4708 
13:16:12.0624 4708 OS Version: 6.1.7601 ServicePack: 1.0
13:16:12.0624 4708 Product type: Workstation
13:16:12.0624 4708 ComputerName: BRANDON-HP
13:16:12.0624 4708 UserName: brandon
13:16:12.0624 4708 Windows directory: C:\Windows
13:16:12.0624 4708 System windows directory: C:\Windows
13:16:12.0624 4708 Running under WOW64
13:16:12.0624 4708 Processor architecture: Intel x64
13:16:12.0624 4708 Number of processors: 4
13:16:12.0624 4708 Page size: 0x1000
13:16:12.0624 4708 Boot type: Normal boot
13:16:12.0624 4708 ============================================================
13:16:31.0043 4708 BG loaded
13:16:33.0087 4708 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:16:33.0103 4708 ============================================================
13:16:33.0103 4708 \Device\Harddisk0\DR0:
13:16:33.0103 4708 MBR partitions:
13:16:33.0103 4708 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
13:16:33.0103 4708 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x486BB000
13:16:33.0103 4708 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4871F000, BlocksNum 0x2105000
13:16:33.0103 4708 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
13:16:33.0103 4708 ============================================================
13:16:33.0165 4708 C: <-> \Device\Harddisk0\DR0\Partition2
13:16:33.0617 4708 D: <-> \Device\Harddisk0\DR0\Partition3
13:16:33.0617 4708 ============================================================
13:16:33.0617 4708 Initialize success
13:16:33.0617 4708 ============================================================
13:17:18.0094 4656 Deinitialize success


----------



## bdarger (May 6, 2013)

The TDSS Killer seemed to have found the problem. I had been getting the BSOD when not starting my computer in safe mode. After the cure from TDSS killer I can once again run my computer regularly. Does this mean that the problem has been taken care of or are there more steps for me to do??

Thanks a ton


----------



## Mark1956 (May 7, 2011)

We are not done yet, I need to see what TDSSKiller found, you have only posted the top section of the log. Please post the whole log for me to see.

Also in my last post I asked you to do this:



> Proceed with the Malwarebytes scan and post the log.
> Run ADWCleaner and post the log from that.


You posted the Malwarebytes log which surprisingly has come up clean and then you posted the RogueKiller log again instead of the ADWCleaner log that I asked for.

Please now post the complete TDSSKiller log and the ADWCleaner log.


----------



## bdarger (May 6, 2013)

ADWCleaner log is below. I will re-run TDSSKiller

# AdwCleaner v2.300 - Logfile created 05/09/2013 at 20:03:42
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : brandon - BRANDON-HP
# Boot Mode : Normal
# Running from : C:\Users\brandon\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\4ifshhpy.default\prefs.js

[OK] File is clean.

File : C:\Users\sexy kate\AppData\Roaming\Mozilla\Firefox\Profiles\qk70dgxy.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [17813 octets] - [09/05/2013 10:41:19]
AdwCleaner[S2].txt - [1003 octets] - [09/05/2013 12:48:54]
AdwCleaner[S3].txt - [1063 octets] - [09/05/2013 12:55:45]
AdwCleaner[S4].txt - [1124 octets] - [09/05/2013 13:00:12]
AdwCleaner[S5].txt - [1037 octets] - [09/05/2013 20:03:42]

########## EOF - C:\AdwCleaner[S5].txt - [1097 octets] ##########


----------



## bdarger (May 6, 2013)

TDSSKiller log is below

20:08:47.0992 6596 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:08:48.0616 6596 ============================================================
20:08:48.0616 6596 Current date / time: 2013/05/09 20:08:48.0616
20:08:48.0616 6596 SystemInfo:
20:08:48.0616 6596 
20:08:48.0616 6596 OS Version: 6.1.7601 ServicePack: 1.0
20:08:48.0616 6596 Product type: Workstation
20:08:48.0616 6596 ComputerName: BRANDON-HP
20:08:48.0616 6596 UserName: brandon
20:08:48.0616 6596 Windows directory: C:\Windows
20:08:48.0616 6596 System windows directory: C:\Windows
20:08:48.0616 6596 Running under WOW64
20:08:48.0616 6596 Processor architecture: Intel x64
20:08:48.0616 6596 Number of processors: 4
20:08:48.0616 6596 Page size: 0x1000
20:08:48.0616 6596 Boot type: Normal boot
20:08:48.0616 6596 ============================================================
20:08:49.0178 6596 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:08:49.0193 6596 ============================================================
20:08:49.0193 6596 \Device\Harddisk0\DR0:
20:08:49.0193 6596 MBR partitions:
20:08:49.0193 6596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:08:49.0193 6596 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x486BB000
20:08:49.0193 6596 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4871F000, BlocksNum 0x2105000
20:08:49.0193 6596 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
20:08:49.0193 6596 ============================================================
20:08:49.0256 6596 C: <-> \Device\Harddisk0\DR0\Partition2
20:08:49.0303 6596 D: <-> \Device\Harddisk0\DR0\Partition3
20:08:49.0303 6596 ============================================================
20:08:49.0303 6596 Initialize success
20:08:49.0303 6596 ============================================================
20:09:46.0367 6820 ============================================================
20:09:46.0367 6820 Scan started
20:09:46.0367 6820 Mode: Manual; 
20:09:46.0367 6820 ============================================================
20:09:48.0629 6820 ================ Scan system memory ========================
20:09:48.0629 6820 System memory - ok
20:09:48.0629 6820 ================ Scan services =============================
20:09:48.0785 6820 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:09:48.0801 6820 1394ohci - ok
20:09:48.0832 6820 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
20:09:48.0832 6820 Accelerometer - ok
20:09:48.0879 6820 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:09:48.0879 6820 ACPI - ok
20:09:48.0926 6820 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:09:48.0926 6820 AcpiPmi - ok
20:09:49.0019 6820 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:09:49.0019 6820 AdobeARMservice - ok
20:09:49.0113 6820 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:09:49.0113 6820 AdobeFlashPlayerUpdateSvc - ok
20:09:49.0175 6820 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:09:49.0191 6820 adp94xx - ok
20:09:49.0222 6820 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:09:49.0253 6820 adpahci - ok
20:09:49.0331 6820 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:09:49.0347 6820 adpu320 - ok
20:09:49.0378 6820 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:09:49.0378 6820 AeLookupSvc - ok
20:09:49.0456 6820 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
20:09:49.0456 6820 AESTFilters - ok
20:09:49.0503 6820 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:09:49.0519 6820 AFD - ok
20:09:49.0565 6820 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:09:49.0565 6820 agp440 - ok
20:09:49.0581 6820 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:09:49.0597 6820 ALG - ok
20:09:49.0628 6820 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:09:49.0628 6820 aliide - ok
20:09:49.0659 6820 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:09:49.0659 6820 amdide - ok
20:09:49.0690 6820 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:09:49.0690 6820 AmdK8 - ok
20:09:49.0706 6820 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:09:49.0706 6820 AmdPPM - ok
20:09:49.0721 6820 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:09:49.0721 6820 amdsata - ok
20:09:49.0753 6820 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:09:49.0753 6820 amdsbs - ok
20:09:49.0784 6820 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:09:49.0784 6820 amdxata - ok
20:09:49.0831 6820 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:09:49.0831 6820 AppID - ok
20:09:49.0862 6820 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:09:49.0862 6820 AppIDSvc - ok
20:09:49.0893 6820 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:09:49.0893 6820 Appinfo - ok
20:09:49.0987 6820 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:09:49.0987 6820 Apple Mobile Device - ok
20:09:50.0033 6820 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:09:50.0033 6820 arc - ok
20:09:50.0049 6820 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:09:50.0049 6820 arcsas - ok
20:09:50.0080 6820 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:09:50.0080 6820 AsyncMac - ok
20:09:50.0111 6820 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:09:50.0111 6820 atapi - ok
20:09:50.0158 6820 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:09:50.0189 6820 AudioEndpointBuilder - ok
20:09:50.0221 6820 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:09:50.0236 6820 AudioSrv - ok
20:09:50.0283 6820 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:09:50.0299 6820 AxInstSV - ok
20:09:50.0330 6820 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:09:50.0361 6820 b06bdrv - ok
20:09:50.0377 6820 Scan interrupted by user!
20:09:50.0377 6820 ================ Scan global ===============================
20:09:50.0377 6820 Scan interrupted by user!
20:09:50.0377 6820 ================ Scan MBR ==================================
20:09:50.0377 6820 Scan interrupted by user!
20:09:50.0377 6820 ================ Scan VBR ==================================
20:09:50.0377 6820 Scan interrupted by user!
20:09:50.0377 6820 ============================================================
20:09:50.0377 6820 Scan finished
20:09:50.0377 6820 ============================================================
20:09:50.0392 6812 Detected object count: 0
20:09:50.0392 6812 Actual detected object count: 0
20:09:56.0648 6912 ============================================================
20:09:56.0648 6912 Scan started
20:09:56.0648 6912 Mode: Manual; SigCheck; TDLFS; 
20:09:56.0648 6912 ============================================================
20:09:56.0804 6912 ================ Scan system memory ========================
20:09:56.0804 6912 System memory - ok
20:09:56.0804 6912 ================ Scan services =============================
20:09:56.0976 6912 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:09:57.0163 6912 1394ohci - ok
20:09:57.0194 6912 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
20:09:57.0225 6912 Accelerometer - ok
20:09:57.0256 6912 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:09:57.0272 6912 ACPI - ok
20:09:57.0288 6912 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:09:57.0397 6912 AcpiPmi - ok
20:09:57.0475 6912 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:09:57.0506 6912 AdobeARMservice - ok
20:09:57.0615 6912 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:09:57.0646 6912 AdobeFlashPlayerUpdateSvc - ok
20:09:57.0693 6912 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:09:57.0724 6912 adp94xx - ok
20:09:57.0740 6912 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:09:57.0756 6912 adpahci - ok
20:09:57.0771 6912 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:09:57.0787 6912 adpu320 - ok
20:09:57.0818 6912 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:09:58.0005 6912 AeLookupSvc - ok
20:09:58.0068 6912 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
20:09:58.0177 6912 AESTFilters - ok
20:09:58.0208 6912 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:09:58.0317 6912 AFD - ok
20:09:58.0348 6912 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:09:58.0380 6912 agp440 - ok
20:09:58.0411 6912 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:09:58.0504 6912 ALG - ok
20:09:58.0520 6912 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:09:58.0551 6912 aliide - ok
20:09:58.0567 6912 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:09:58.0582 6912 amdide - ok
20:09:58.0614 6912 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:09:58.0692 6912 AmdK8 - ok
20:09:58.0707 6912 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:09:58.0770 6912 AmdPPM - ok
20:09:58.0801 6912 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:09:58.0832 6912 amdsata - ok
20:09:58.0832 6912 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:09:58.0863 6912 amdsbs - ok
20:09:58.0879 6912 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:09:58.0894 6912 amdxata - ok
20:09:58.0926 6912 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:09:59.0144 6912 AppID - ok
20:09:59.0175 6912 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:09:59.0269 6912 AppIDSvc - ok
20:09:59.0300 6912 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:09:59.0394 6912 Appinfo - ok
20:09:59.0472 6912 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:09:59.0487 6912 Apple Mobile Device - ok
20:09:59.0518 6912 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:09:59.0550 6912 arc - ok
20:09:59.0550 6912 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:09:59.0581 6912 arcsas - ok
20:09:59.0612 6912 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:09:59.0706 6912 AsyncMac - ok
20:09:59.0737 6912 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:09:59.0768 6912 atapi - ok
20:09:59.0815 6912 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:09:59.0924 6912 AudioEndpointBuilder - ok
20:09:59.0955 6912 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:10:00.0049 6912 AudioSrv - ok
20:10:00.0080 6912 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:10:00.0205 6912 AxInstSV - ok
20:10:00.0236 6912 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:10:00.0314 6912 b06bdrv - ok
20:10:00.0345 6912 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:10:00.0408 6912 b57nd60a - ok
20:10:00.0470 6912 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:10:00.0548 6912 BDESVC - ok
20:10:00.0564 6912 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:10:00.0657 6912 Beep - ok
20:10:00.0735 6912 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:10:00.0860 6912 BFE - ok
20:10:01.0032 6912 [ 6C64FA457C200874FAA87D74152E0D84 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
20:10:01.0110 6912 BHDrvx64 - ok
20:10:01.0141 6912 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:10:01.0266 6912 BITS - ok
20:10:01.0297 6912 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:10:01.0359 6912 blbdrive - ok
20:10:01.0500 6912 [ E7062088161C56BF42E7DBA53664E584 ] Bluetooth Device Manager C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
20:10:01.0656 6912 Bluetooth Device Manager - ok
20:10:01.0687 6912 [ 21B1CB06C0254BBC08B8C30D8F282E69 ] Bluetooth Media Service C:\Program Files\Motorola\Bluetooth\audiosrv.exe
20:10:01.0749 6912 Bluetooth Media Service - ok
20:10:01.0780 6912 [ 0BC0DC720F22A9D6D721FD5B7D15E84F ] Bluetooth OBEX Service C:\Program Files\Motorola\Bluetooth\obexsrv.exe
20:10:01.0827 6912 Bluetooth OBEX Service - ok
20:10:01.0890 6912 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:10:01.0952 6912 Bonjour Service - ok
20:10:01.0983 6912 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:10:02.0061 6912 bowser - ok
20:10:02.0092 6912 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:10:02.0217 6912 BrFiltLo - ok
20:10:02.0217 6912 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:10:02.0264 6912 BrFiltUp - ok
20:10:02.0295 6912 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:10:02.0389 6912 Browser - ok
20:10:02.0420 6912 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:10:02.0514 6912 Brserid - ok
20:10:02.0514 6912 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:10:02.0576 6912 BrSerWdm - ok
20:10:02.0576 6912 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:10:02.0607 6912 BrUsbMdm - ok
20:10:02.0607 6912 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:10:02.0638 6912 BrUsbSer - ok
20:10:02.0701 6912 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
20:10:02.0794 6912 BthEnum - ok
20:10:02.0826 6912 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:10:02.0904 6912 BTHMODEM - ok
20:10:02.0950 6912 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:10:03.0013 6912 BthPan - ok
20:10:03.0075 6912 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
20:10:03.0184 6912 BTHPORT - ok
20:10:03.0231 6912 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:10:03.0325 6912 bthserv - ok
20:10:03.0372 6912 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
20:10:03.0418 6912 BTHUSB - ok
20:10:03.0496 6912 [ 6D3FF2B480F7AB8DA103CBC7FBEACD48 ] BTMCOM C:\Windows\system32\Drivers\btmcom.sys
20:10:03.0559 6912 BTMCOM - ok
20:10:03.0668 6912 [ 8AEF214DD4816AF9AFB5D425F7302DAE ] BTMNET C:\Windows\system32\DRIVERS\btmnet.sys
20:10:03.0808 6912 BTMNET - ok
20:10:03.0902 6912 [ 8515AA7DC5ECEBDFCC480D2001398BD7 ] BTMUSB C:\Windows\system32\Drivers\btmusb.sys
20:10:04.0120 6912 BTMUSB - ok
20:10:04.0245 6912 [ 37B50B3A19CD1F3BB751FCD9C33ACDAF ] cag C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys
20:10:04.0261 6912 cag - ok
20:10:04.0292 6912 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:10:04.0370 6912 cdfs - ok
20:10:04.0464 6912 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:10:04.0526 6912 cdrom - ok
20:10:05.0166 6912 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:10:05.0290 6912 CertPropSvc - ok
20:10:05.0337 6912 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:10:05.0446 6912 circlass - ok
20:10:05.0509 6912 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:10:05.0540 6912 CLFS - ok
20:10:05.0634 6912 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:10:05.0680 6912 clr_optimization_v2.0.50727_32 - ok
20:10:05.0805 6912 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:10:05.0836 6912 clr_optimization_v2.0.50727_64 - ok
20:10:05.0946 6912 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:10:05.0992 6912 clr_optimization_v4.0.30319_32 - ok
20:10:06.0164 6912 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:10:06.0195 6912 clr_optimization_v4.0.30319_64 - ok
20:10:06.0226 6912 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
20:10:06.0258 6912 clwvd - ok
20:10:06.0304 6912 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:10:06.0367 6912 CmBatt - ok
20:10:06.0382 6912 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:10:06.0414 6912 cmdide - ok
20:10:06.0507 6912 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:10:06.0601 6912 CNG - ok
20:10:06.0648 6912 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:10:06.0679 6912 Compbatt - ok
20:10:06.0757 6912 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:10:06.0835 6912 CompositeBus - ok
20:10:06.0850 6912 COMSysApp - ok
20:10:06.0897 6912 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:10:06.0928 6912 crcdisk - ok
20:10:07.0006 6912 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:10:07.0131 6912 CryptSvc - ok
20:10:07.0162 6912 [ 5C5EECDD72C392F05328356FFCDF19AB ] ctxva51 C:\Windows\system32\DRIVERS\ctxva51.sys
20:10:07.0178 6912 ctxva51 - ok
20:10:07.0287 6912 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:10:07.0443 6912 DcomLaunch - ok
20:10:07.0490 6912 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:10:07.0584 6912 defragsvc - ok
20:10:07.0646 6912 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:10:07.0771 6912 DfsC - ok
20:10:07.0833 6912 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:10:07.0927 6912 Dhcp - ok
20:10:07.0974 6912 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:10:08.0052 6912 discache - ok
20:10:08.0130 6912 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:10:08.0145 6912 Disk - ok
20:10:08.0223 6912 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
20:10:08.0239 6912 DNE - ok
20:10:08.0286 6912 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:10:08.0364 6912 Dnscache - ok
20:10:08.0426 6912 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:10:08.0566 6912 dot3svc - ok
20:10:08.0613 6912 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:10:08.0722 6912 DPS - ok
20:10:08.0754 6912 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:10:08.0816 6912 drmkaud - ok
20:10:08.0941 6912 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:10:08.0988 6912 DXGKrnl - ok
20:10:09.0050 6912 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:10:09.0159 6912 EapHost - ok
20:10:09.0284 6912 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:10:09.0487 6912 ebdrv - ok
20:10:09.0580 6912 [ 0C3F9EFF8DDD9F9EB56D754B4620155F ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:10:09.0612 6912 eeCtrl - ok
20:10:09.0627 6912 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:10:09.0690 6912 EFS - ok
20:10:09.0846 6912 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:10:09.0986 6912 ehRecvr - ok
20:10:10.0017 6912 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:10:10.0095 6912 ehSched - ok
20:10:10.0158 6912 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:10:10.0204 6912 elxstor - ok
20:10:10.0251 6912 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
20:10:10.0298 6912 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
20:10:10.0298 6912 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
20:10:10.0360 6912 [ 757305C7AD34222F4A46D86FE0BEE241 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
20:10:10.0423 6912 EpsonCustomerParticipation - ok
20:10:10.0438 6912 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:10:10.0485 6912 ErrDev - ok
20:10:10.0563 6912 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:10:10.0672 6912 EventSystem - ok
20:10:10.0704 6912 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:10:10.0797 6912 exfat - ok
20:10:10.0828 6912 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:10:10.0891 6912 fastfat - ok
20:10:10.0953 6912 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:10:11.0078 6912 Fax - ok
20:10:11.0109 6912 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:10:11.0156 6912 fdc - ok
20:10:11.0203 6912 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:10:11.0250 6912 fdPHost - ok
20:10:11.0265 6912 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:10:11.0312 6912 FDResPub - ok
20:10:11.0343 6912 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:10:11.0359 6912 FileInfo - ok
20:10:11.0374 6912 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:10:11.0499 6912 Filetrace - ok
20:10:11.0546 6912 [ 3D9B36631032FDE0FFEA0DC0260E4E35 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:10:11.0593 6912 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
20:10:11.0593 6912 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
20:10:11.0640 6912 [ 52C0312AB35EB7187015FB6A99136BB5 ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
20:10:11.0686 6912 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - warning
20:10:11.0686 6912 FLEXnet Licensing Service 64 - detected UnsignedFile.Multi.Generic (1)
20:10:11.0718 6912 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:10:11.0733 6912 flpydisk - ok
20:10:11.0780 6912 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:10:11.0827 6912 FltMgr - ok
20:10:11.0874 6912 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:10:11.0983 6912 FontCache - ok
20:10:12.0061 6912 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:10:12.0076 6912 FontCache3.0.0.0 - ok
20:10:12.0170 6912 [ CDC54DB949D1E2BBF86B0C7AB86B912E ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
20:10:12.0201 6912 FPLService - ok
20:10:12.0217 6912 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:10:12.0248 6912 FsDepends - ok
20:10:12.0295 6912 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:10:12.0326 6912 Fs_Rec - ok
20:10:12.0357 6912 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:10:12.0388 6912 fvevol - ok
20:10:12.0435 6912 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:10:12.0451 6912 gagp30kx - ok
20:10:12.0529 6912 [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
20:10:12.0560 6912 GameConsoleService - ok
20:10:12.0591 6912 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:10:12.0607 6912 GEARAspiWDM - ok
20:10:12.0654 6912 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:10:12.0778 6912 gpsvc - ok
20:10:12.0810 6912 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:10:12.0888 6912 hcw85cir - ok
20:10:12.0919 6912 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:10:12.0997 6912 HdAudAddService - ok
20:10:13.0044 6912 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:10:13.0106 6912 HDAudBus - ok
20:10:13.0122 6912 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:10:13.0153 6912 HidBatt - ok
20:10:13.0168 6912 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:10:13.0184 6912 HidBth - ok
20:10:13.0200 6912 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:10:13.0231 6912 HidIr - ok
20:10:13.0278 6912 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:10:13.0371 6912 hidserv - ok
20:10:13.0418 6912 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:10:13.0449 6912 HidUsb - ok
20:10:13.0480 6912 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:10:13.0590 6912 hkmsvc - ok
20:10:13.0636 6912 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:10:13.0668 6912 HomeGroupListener - ok
20:10:13.0714 6912 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:10:13.0761 6912 HomeGroupProvider - ok
20:10:13.0870 6912 [ 7A24AD37416B91E4B5E5B46BD25C075F ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
20:10:13.0886 6912 HP Health Check Service - ok
20:10:13.0948 6912 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
20:10:13.0980 6912 HP Wireless Assistant Service - ok
20:10:14.0011 6912 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
20:10:14.0042 6912 HPClientSvc - ok
20:10:14.0104 6912 [ 2A047E7E0F1018E3134A4065636F2025 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
20:10:14.0136 6912 HPDrvMntSvc.exe - ok
20:10:14.0167 6912 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
20:10:14.0182 6912 hpdskflt - ok
20:10:14.0229 6912 [ 59CB6A1CA093EDC2881598A45518857D ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
20:10:14.0276 6912 hpqwmiex - ok
20:10:14.0323 6912 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:10:14.0354 6912 HpSAMD - ok
20:10:14.0385 6912 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
20:10:14.0401 6912 hpsrv - ok
20:10:14.0448 6912 [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
20:10:14.0463 6912 HPWMISVC - ok
20:10:14.0510 6912 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:10:14.0635 6912 HTTP - ok
20:10:14.0682 6912 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:10:14.0713 6912 hwpolicy - ok
20:10:14.0760 6912 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:10:14.0791 6912 i8042prt - ok
20:10:14.0838 6912 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:10:14.0869 6912 iaStor - ok
20:10:14.0962 6912 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:10:14.0978 6912 IAStorDataMgrSvc - ok
20:10:15.0025 6912 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:10:15.0087 6912 iaStorV - ok
20:10:15.0150 6912 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:10:15.0212 6912 idsvc - ok
20:10:15.0306 6912 [ 18C40C3F368323B203ACE403CB430DB1 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120406.002\IDSvia64.sys
20:10:15.0337 6912 IDSVia64 - ok
20:10:15.0586 6912 [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:10:16.0008 6912 igfx - ok
20:10:16.0039 6912 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:10:16.0070 6912 iirsp - ok
20:10:16.0117 6912 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:10:16.0226 6912 IKEEXT - ok
20:10:16.0257 6912 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
20:10:16.0335 6912 IntcDAud - ok
20:10:16.0382 6912 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:10:16.0413 6912 intelide - ok
20:10:16.0444 6912 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:10:16.0491 6912 intelppm - ok
20:10:16.0600 6912 [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
20:10:16.0616 6912 IntuitUpdateServiceV4 - ok
20:10:16.0647 6912 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:10:16.0725 6912 IPBusEnum - ok
20:10:16.0756 6912 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:10:16.0850 6912 IpFilterDriver - ok
20:10:16.0897 6912 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:10:16.0975 6912 iphlpsvc - ok
20:10:16.0990 6912 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:10:17.0053 6912 IPMIDRV - ok
20:10:17.0084 6912 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:10:17.0209 6912 IPNAT - ok
20:10:17.0287 6912 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:10:17.0365 6912 iPod Service - ok
20:10:17.0380 6912 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:10:17.0490 6912 IRENUM - ok
20:10:17.0536 6912 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:10:17.0568 6912 isapnp - ok
20:10:17.0583 6912 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:10:17.0630 6912 iScsiPrt - ok
20:10:17.0661 6912 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:10:17.0692 6912 kbdclass - ok
20:10:17.0724 6912 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:10:17.0755 6912 kbdhid - ok
20:10:17.0770 6912 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:10:17.0802 6912 KeyIso - ok
20:10:17.0817 6912 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:10:17.0848 6912 KSecDD - ok
20:10:17.0864 6912 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:10:17.0895 6912 KSecPkg - ok
20:10:17.0926 6912 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:10:18.0004 6912 ksthunk - ok
20:10:18.0036 6912 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:10:18.0129 6912 KtmRm - ok
20:10:18.0176 6912 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:10:18.0285 6912 LanmanServer - ok
20:10:18.0316 6912 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:10:18.0410 6912 LanmanWorkstation - ok
20:10:18.0488 6912 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:10:18.0504 6912 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:10:18.0504 6912 LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:10:18.0519 6912 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:10:18.0628 6912 lltdio - ok
20:10:18.0660 6912 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:10:18.0769 6912 lltdsvc - ok
20:10:18.0800 6912 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:10:18.0831 6912 lmhosts - ok
20:10:18.0878 6912 [ C463A25F01C6237295917417C5E9E344 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:10:18.0909 6912 LMS - ok
20:10:18.0956 6912 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:10:18.0987 6912 LSI_FC - ok
20:10:19.0003 6912 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:10:19.0018 6912 LSI_SAS - ok
20:10:19.0018 6912 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:10:19.0050 6912 LSI_SAS2 - ok
20:10:19.0050 6912 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:10:19.0065 6912 LSI_SCSI - ok
20:10:19.0096 6912 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:10:19.0174 6912 luafv - ok
20:10:19.0221 6912 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:10:19.0268 6912 Mcx2Svc - ok
20:10:19.0299 6912 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:10:19.0315 6912 megasas - ok
20:10:19.0346 6912 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:10:19.0377 6912 MegaSR - ok
20:10:19.0408 6912 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:10:19.0440 6912 MEIx64 - ok
20:10:19.0471 6912 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:10:19.0564 6912 MMCSS - ok
20:10:19.0611 6912 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:10:19.0720 6912 Modem - ok
20:10:19.0752 6912 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:10:19.0814 6912 monitor - ok
20:10:19.0861 6912 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:10:19.0892 6912 mouclass - ok
20:10:19.0923 6912 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:10:19.0954 6912 mouhid - ok
20:10:20.0001 6912 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:10:20.0032 6912 mountmgr - ok
20:10:20.0110 6912 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:10:20.0142 6912 MozillaMaintenance - ok
20:10:20.0157 6912 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:10:20.0188 6912 mpio - ok
20:10:20.0220 6912 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:10:20.0298 6912 mpsdrv - ok
20:10:20.0329 6912 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:10:20.0438 6912 MpsSvc - ok
20:10:20.0469 6912 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:10:20.0532 6912 MRxDAV - ok
20:10:20.0578 6912 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:10:20.0656 6912 mrxsmb - ok
20:10:20.0672 6912 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:10:20.0734 6912 mrxsmb10 - ok
20:10:20.0766 6912 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:10:20.0797 6912 mrxsmb20 - ok
20:10:20.0828 6912 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:10:20.0859 6912 msahci - ok
20:10:20.0875 6912 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:10:20.0906 6912 msdsm - ok
20:10:20.0922 6912 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:10:20.0968 6912 MSDTC - ok
20:10:21.0000 6912 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:10:21.0062 6912 Msfs - ok
20:10:21.0078 6912 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:10:21.0109 6912 mshidkmdf - ok
20:10:21.0140 6912 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:10:21.0140 6912 msisadrv - ok
20:10:21.0171 6912 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:10:21.0218 6912 MSiSCSI - ok
20:10:21.0218 6912 msiserver - ok
20:10:21.0265 6912 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:10:21.0327 6912 MSKSSRV - ok
20:10:21.0327 6912 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:10:21.0374 6912 MSPCLOCK - ok
20:10:21.0405 6912 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:10:21.0468 6912 MSPQM - ok
20:10:21.0514 6912 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:10:21.0546 6912 MsRPC - ok
20:10:21.0592 6912 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:10:21.0608 6912 mssmbios - ok
20:10:21.0639 6912 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:10:21.0717 6912 MSTEE - ok
20:10:21.0717 6912 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:10:21.0733 6912 MTConfig - ok
20:10:21.0764 6912 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:10:21.0764 6912 Mup - ok
20:10:21.0795 6912 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:10:21.0904 6912 napagent - ok
20:10:21.0967 6912 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:10:22.0029 6912 NativeWifiP - ok
20:10:22.0123 6912 [ 2DBE90210DE76BE6E1653BB20EC70EC2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120406.034\ENG64.SYS
20:10:22.0138 6912 NAVENG - ok
20:10:22.0216 6912 [ 346DA70E203B8E2C850277713DE8F71B ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120406.034\EX64.SYS
20:10:22.0326 6912 NAVEX15 - ok
20:10:22.0372 6912 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:10:22.0435 6912 NDIS - ok
20:10:22.0466 6912 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:10:22.0544 6912 NdisCap - ok
20:10:22.0575 6912 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:10:22.0669 6912 NdisTapi - ok
20:10:22.0700 6912 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:10:22.0794 6912 Ndisuio - ok
20:10:22.0825 6912 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:10:22.0903 6912 NdisWan - ok
20:10:22.0950 6912 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:10:23.0059 6912 NDProxy - ok
20:10:23.0106 6912 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:10:23.0184 6912 NetBIOS - ok
20:10:23.0230 6912 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:10:23.0355 6912 NetBT - ok
20:10:23.0386 6912 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:10:23.0418 6912 Netlogon - ok
20:10:23.0464 6912 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:10:23.0605 6912 Netman - ok
20:10:23.0652 6912 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:10:23.0776 6912 netprofm - ok
20:10:23.0823 6912 [ 24CF1304D899124336F67F88F3C15E21 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
20:10:23.0886 6912 netr28x - ok
20:10:23.0901 6912 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:10:23.0932 6912 NetTcpPortSharing - ok
20:10:24.0104 6912 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
20:10:24.0322 6912 netw5v64 - ok
20:10:24.0338 6912 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:10:24.0354 6912 nfrd960 - ok
20:10:24.0416 6912 [ E78A365CC3E0FBFC018A33DCE01909F8 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
20:10:24.0447 6912 NIS - ok
20:10:24.0478 6912 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:10:24.0541 6912 NlaSvc - ok
20:10:24.0588 6912 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:10:24.0666 6912 Npfs - ok
20:10:24.0697 6912 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:10:24.0806 6912 nsi - ok
20:10:24.0822 6912 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:10:24.0853 6912 nsiproxy - ok
20:10:24.0900 6912 [ 08849429CE646B4D10892D239F9D6A7A ] nsverctl C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
20:10:24.0915 6912 nsverctl - ok
20:10:24.0962 6912 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:10:25.0024 6912 Ntfs - ok
20:10:25.0056 6912 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:10:25.0149 6912 Null - ok
20:10:25.0180 6912 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
20:10:25.0212 6912 nusb3hub - ok
20:10:25.0258 6912 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:10:25.0290 6912 nusb3xhc - ok
20:10:25.0321 6912 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:10:25.0352 6912 nvraid - ok
20:10:25.0383 6912 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:10:25.0399 6912 nvstor - ok
20:10:25.0430 6912 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:10:25.0461 6912 nv_agp - ok
20:10:25.0586 6912 [ E0506331F0454C347B28B2AE4BD14636 ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
20:10:25.0711 6912 OfficeSvc - ok
20:10:25.0758 6912 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:10:25.0789 6912 ohci1394 - ok
20:10:25.0882 6912 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:10:25.0914 6912 ose - ok
20:10:26.0226 6912 [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:10:26.0366 6912 osppsvc - ok
20:10:26.0413 6912 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:10:26.0491 6912 p2pimsvc - ok
20:10:26.0538 6912 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:10:26.0584 6912 p2psvc - ok
20:10:26.0616 6912 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:10:26.0647 6912 Parport - ok
20:10:26.0678 6912 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:10:26.0709 6912 partmgr - ok
20:10:26.0740 6912 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:10:26.0818 6912 PcaSvc - ok
20:10:26.0850 6912 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:10:26.0865 6912 pci - ok
20:10:26.0896 6912 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:10:26.0928 6912 pciide - ok
20:10:26.0959 6912 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:10:26.0990 6912 pcmcia - ok
20:10:27.0006 6912 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:10:27.0021 6912 pcw - ok
20:10:27.0084 6912 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:10:27.0208 6912 PEAUTH - ok
20:10:27.0380 6912 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:10:27.0442 6912 PerfHost - ok
20:10:27.0645 6912 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:10:27.0801 6912 pla - ok
20:10:27.0848 6912 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:10:27.0942 6912 PlugPlay - ok
20:10:27.0988 6912 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:10:28.0020 6912 PNRPAutoReg - ok
20:10:28.0051 6912 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:10:28.0082 6912 PNRPsvc - ok
20:10:28.0160 6912 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:10:28.0285 6912 PolicyAgent - ok
20:10:28.0347 6912 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:10:28.0472 6912 Power - ok
20:10:28.0519 6912 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:10:28.0628 6912 PptpMiniport - ok
20:10:28.0659 6912 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:10:28.0706 6912 Processor - ok
20:10:28.0768 6912 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:10:28.0862 6912 ProfSvc - ok
20:10:28.0878 6912 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:10:28.0909 6912 ProtectedStorage - ok
20:10:28.0940 6912 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:10:29.0049 6912 Psched - ok
20:10:29.0112 6912 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:10:29.0221 6912 ql2300 - ok
20:10:29.0236 6912 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:10:29.0252 6912 ql40xx - ok
20:10:29.0283 6912 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:10:29.0361 6912 QWAVE - ok
20:10:29.0392 6912 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:10:29.0439 6912 QWAVEdrv - ok
20:10:29.0486 6912 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:10:29.0580 6912 RasAcd - ok
20:10:29.0611 6912 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:10:29.0673 6912 RasAgileVpn - ok
20:10:29.0689 6912 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:10:29.0782 6912 RasAuto - ok
20:10:29.0814 6912 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp  C:\Windows\system32\DRIVERS\rasl2tp.sys
20:10:29.0907 6912 Rasl2tp - ok
20:10:29.0938 6912 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:10:30.0032 6912 RasMan - ok
20:10:30.0079 6912 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:10:30.0172 6912 RasPppoe - ok
20:10:30.0188 6912 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:10:30.0282 6912 RasSstp - ok
20:10:30.0375 6912 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:10:30.0500 6912 rdbss - ok
20:10:30.0547 6912 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:10:30.0609 6912 rdpbus - ok
20:10:30.0640 6912 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:10:30.0734 6912 RDPCDD - ok
20:10:30.0781 6912 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:10:30.0874 6912 RDPENCDD - ok
20:10:30.0890 6912 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:10:30.0937 6912 RDPREFMP - ok
20:10:30.0952 6912 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:10:31.0046 6912 RDPWD - ok
20:10:31.0108 6912 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:10:31.0140 6912 rdyboost - ok
20:10:31.0171 6912 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:10:31.0249 6912 RemoteAccess - ok
20:10:31.0296 6912 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:10:31.0405 6912 RemoteRegistry - ok
20:10:31.0436 6912 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:10:31.0498 6912 RFCOMM - ok
20:10:31.0686 6912 [ C1568E17039B2EC2B73A4F880DDD51E5 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
20:10:31.0732 6912 RoxioNow Service - ok
20:10:31.0779 6912 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:10:31.0920 6912 RpcEptMapper - ok
20:10:31.0935 6912 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:10:31.0966 6912 RpcLocator - ok
20:10:32.0013 6912 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:10:32.0107 6912 RpcSs - ok
20:10:32.0154 6912 [ D5C3E1629A3F7F0857D27949252B94CE ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
20:10:32.0169 6912 RSPCIESTOR - ok
20:10:32.0216 6912 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:10:32.0310 6912 rspndr - ok
20:10:32.0341 6912 [ 5D6A444BD37B52FF846387C87DCDF98A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:10:32.0388 6912 RTL8167 - ok
20:10:32.0403 6912 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:10:32.0434 6912 SamSs - ok
20:10:32.0512 6912 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:10:32.0544 6912 sbp2port - ok
20:10:32.0575 6912 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:10:32.0684 6912 SCardSvr - ok
20:10:32.0700 6912 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:10:32.0809 6912 scfilter - ok
20:10:33.0090 6912 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:10:33.0230 6912 Schedule - ok
20:10:33.0246 6912 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:10:33.0308 6912 SCPolicySvc - ok
20:10:33.0370 6912 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
20:10:33.0433 6912 sdbus - ok
20:10:33.0480 6912 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:10:33.0573 6912 SDRSVC - ok
20:10:33.0604 6912 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:10:33.0714 6912 secdrv - ok
20:10:33.0729 6912 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:10:33.0776 6912 seclogon - ok
20:10:33.0807 6912 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:10:33.0838 6912 SENS - ok
20:10:33.0870 6912 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:10:33.0948 6912 SensrSvc - ok
20:10:33.0963 6912 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:10:34.0026 6912 Serenum - ok
20:10:34.0057 6912 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:10:34.0088 6912 Serial - ok
20:10:34.0135 6912 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:10:34.0197 6912 sermouse - ok
20:10:34.0260 6912 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:10:34.0369 6912 SessionEnv - ok
20:10:34.0431 6912 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:10:34.0540 6912 sffdisk - ok
20:10:34.0572 6912 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:10:34.0618 6912 sffp_mmc - ok
20:10:34.0650 6912 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:10:34.0696 6912 sffp_sd - ok
20:10:34.0759 6912 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:10:34.0806 6912 sfloppy - ok
20:10:34.0868 6912 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:10:34.0977 6912 SharedAccess - ok
20:10:35.0040 6912 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:10:35.0164 6912 ShellHWDetection - ok
20:10:35.0242 6912 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:10:35.0274 6912 SiSRaid2 - ok
20:10:35.0289 6912 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:10:35.0305 6912 SiSRaid4 - ok
20:10:35.0383 6912 [ 3467821FD04A66C9786DF0C8C0219A73 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:10:35.0414 6912 SkypeUpdate - ok
20:10:35.0461 6912 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:10:35.0586 6912 Smb - ok
20:10:35.0632 6912 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:10:35.0695 6912 SNMPTRAP - ok
20:10:35.0726 6912 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:10:35.0757 6912 spldr - ok
20:10:35.0851 6912 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:10:35.0929 6912 Spooler - ok
20:10:36.0054 6912 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:10:36.0350 6912 sppsvc - ok
20:10:36.0366 6912 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:10:36.0459 6912 sppuinotify - ok
20:10:36.0740 6912 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
20:10:36.0818 6912 SRTSP - ok
20:10:36.0849 6912 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
20:10:36.0865 6912 SRTSPX - ok
20:10:36.0943 6912 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:10:37.0036 6912 srv - ok
20:10:37.0083 6912 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:10:37.0161 6912 srv2 - ok
20:10:37.0208 6912 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:10:37.0255 6912 SrvHsfHDA - ok
20:10:37.0317 6912 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:10:37.0442 6912 SrvHsfV92 - ok
20:10:37.0536 6912 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:10:37.0598 6912 SrvHsfWinac - ok
20:10:37.0629 6912 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:10:37.0676 6912 srvnet - ok
20:10:37.0738 6912 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:10:37.0832 6912 SSDPSRV - ok
20:10:37.0848 6912 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:10:37.0894 6912 SstpSvc - ok
20:10:37.0941 6912 [ 7C49A5E1943AFDA4672D80726AF3BAE4 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
20:10:38.0019 6912 STacSV - ok
20:10:38.0050 6912 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:10:38.0082 6912 stexstor - ok
20:10:38.0144 6912 [ 0AAD250A31A7EE96E0945AB9E1F3BAA7 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
20:10:38.0222 6912 STHDA - ok
20:10:38.0284 6912 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:10:38.0394 6912 stisvc - ok
20:10:38.0440 6912 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:10:38.0472 6912 swenum - ok
20:10:38.0518 6912 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:10:38.0690 6912 swprv - ok
20:10:38.0737 6912 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
20:10:38.0768 6912 SymDS - ok
20:10:38.0830 6912 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
20:10:38.0924 6912 SymEFA - ok
20:10:38.0971 6912 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:10:38.0986 6912 SymEvent - ok
20:10:39.0064 6912 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
20:10:39.0096 6912 SymIRON - ok
20:10:39.0158 6912 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
20:10:39.0189 6912 SymNetS - ok
20:10:39.0267 6912 [ 33E6A285DAA5134D8EA2247914C86C09 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:10:39.0345 6912 SynTP - ok
20:10:39.0579 6912 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:10:39.0704 6912 SysMain - ok
20:10:39.0751 6912 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:10:39.0782 6912 TabletInputService - ok
20:10:39.0798 6912 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:10:39.0860 6912 TapiSrv - ok
20:10:39.0907 6912 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:10:39.0985 6912 TBS - ok
20:10:40.0125 6912 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:10:40.0188 6912 Tcpip - ok
20:10:40.0250 6912 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:10:40.0312 6912 TCPIP6 - ok
20:10:40.0344 6912 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:10:40.0406 6912 tcpipreg - ok
20:10:40.0453 6912 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:10:40.0515 6912 TDPIPE - ok
20:10:40.0546 6912 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:10:40.0593 6912 TDTCP - ok
20:10:40.0640 6912 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:10:40.0702 6912 tdx - ok
20:10:40.0734 6912 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:10:40.0749 6912 TermDD - ok
20:10:40.0843 6912 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:10:40.0968 6912 TermService - ok
20:10:40.0999 6912 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:10:41.0077 6912 Themes - ok
20:10:41.0124 6912 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:10:41.0202 6912 THREADORDER - ok
20:10:41.0311 6912 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:10:41.0436 6912 TrkWks - ok
20:10:41.0514 6912 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:10:41.0607 6912 TrustedInstaller - ok
20:10:41.0638 6912 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:10:41.0748 6912 tssecsrv - ok
20:10:41.0826 6912 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:10:41.0904 6912 TsUsbFlt - ok
20:10:41.0950 6912 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:10:42.0044 6912 tunnel - ok
20:10:42.0060 6912 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:10:42.0075 6912 uagp35 - ok
20:10:42.0153 6912 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:10:42.0262 6912 udfs - ok
20:10:42.0294 6912 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:10:42.0309 6912 UI0Detect - ok
20:10:42.0340 6912 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:10:42.0356 6912 uliagpkx - ok
20:10:42.0387 6912 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:10:42.0418 6912 umbus - ok
20:10:42.0465 6912 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:10:42.0496 6912 UmPass - ok
20:10:42.0902 6912 [ 3A1ECEF8D49FC1A786A6CCD5A86A8878 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:10:43.0027 6912 UNS - ok
20:10:43.0074 6912 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:10:43.0152 6912 upnphost - ok
20:10:43.0198 6912 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:10:43.0245 6912 USBAAPL64 - ok
20:10:43.0261 6912 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:10:43.0292 6912 usbccgp - ok
20:10:43.0308 6912 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:10:43.0323 6912 usbcir - ok
20:10:43.0354 6912 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:10:43.0370 6912 usbehci - ok
20:10:43.0401 6912 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:10:43.0417 6912 usbhub - ok
20:10:43.0448 6912 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:10:43.0448 6912 usbohci - ok
20:10:43.0479 6912 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:10:43.0510 6912 usbprint - ok
20:10:43.0557 6912 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:10:43.0620 6912 USBSTOR - ok
20:10:43.0635 6912 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:10:43.0682 6912 usbuhci - ok
20:10:43.0713 6912 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:10:43.0744 6912 usbvideo - ok
20:10:43.0776 6912 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:10:43.0854 6912 UxSms - ok
20:10:43.0885 6912 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:10:43.0885 6912 VaultSvc - ok
20:10:43.0932 6912 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:10:43.0932 6912 vdrvroot - ok
20:10:43.0994 6912 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:10:44.0056 6912 vds - ok
20:10:44.0072 6912 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:10:44.0088 6912 vga - ok
20:10:44.0088 6912 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:10:44.0150 6912 VgaSave - ok
20:10:44.0181 6912 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:10:44.0197 6912 vhdmp - ok
20:10:44.0228 6912 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:10:44.0244 6912 viaide - ok
20:10:44.0259 6912 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:10:44.0275 6912 volmgr - ok
20:10:44.0337 6912 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:10:44.0384 6912 volmgrx - ok
20:10:44.0415 6912 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:10:44.0446 6912 volsnap - ok
20:10:44.0478 6912 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:10:44.0493 6912 vsmraid - ok
20:10:44.0556 6912 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:10:44.0665 6912 VSS - ok
20:10:44.0712 6912 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:10:44.0774 6912 vwifibus - ok
20:10:44.0821 6912 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:10:44.0852 6912 vwififlt - ok
20:10:44.0899 6912 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:10:44.0930 6912 W32Time - ok
20:10:44.0977 6912 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:10:45.0024 6912 WacomPen - ok
20:10:45.0086 6912 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:10:45.0195 6912 WANARP - ok
20:10:45.0211 6912 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:10:45.0258 6912 Wanarpv6 - ok
20:10:45.0320 6912 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:10:45.0429 6912 WatAdminSvc - ok
20:10:45.0632 6912 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:10:45.0741 6912 wbengine - ok
20:10:45.0772 6912 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:10:45.0788 6912 WbioSrvc - ok
20:10:45.0804 6912 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:10:45.0850 6912 wcncsvc - ok
20:10:45.0882 6912 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:10:45.0913 6912 WcsPlugInService - ok
20:10:45.0928 6912 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:10:45.0944 6912 Wd - ok
20:10:45.0991 6912 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:10:46.0084 6912 Wdf01000 - ok
20:10:46.0116 6912 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:10:46.0256 6912 WdiServiceHost - ok
20:10:46.0272 6912 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:10:46.0303 6912 WdiSystemHost - ok
20:10:46.0350 6912 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:10:46.0428 6912 WebClient - ok
20:10:46.0474 6912 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:10:46.0584 6912 Wecsvc - ok
20:10:46.0615 6912 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:10:46.0693 6912 wercplsupport - ok
20:10:46.0724 6912 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:10:46.0802 6912 WerSvc - ok
20:10:46.0833 6912 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:10:46.0911 6912 WfpLwf - ok
20:10:46.0942 6912 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:10:46.0958 6912 WIMMount - ok
20:10:46.0974 6912 WinDefend - ok
20:10:46.0974 6912 WinHttpAutoProxySvc - ok
20:10:47.0130 6912 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:10:47.0223 6912 Winmgmt - ok
20:10:47.0301 6912 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:10:47.0520 6912 WinRM - ok
20:10:47.0566 6912 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
20:10:47.0613 6912 WinUsb - ok
20:10:47.0754 6912 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:10:47.0894 6912 Wlansvc - ok
20:10:47.0925 6912 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:10:47.0972 6912 WmiAcpi - ok
20:10:48.0034 6912 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:10:48.0097 6912 wmiApSrv - ok
20:10:48.0128 6912 WMPNetworkSvc - ok
20:10:48.0175 6912 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:10:48.0222 6912 WPCSvc - ok
20:10:48.0253 6912 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:10:48.0284 6912 WPDBusEnum - ok
20:10:48.0346 6912 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:10:48.0502 6912 ws2ifsl - ok
20:10:48.0549 6912 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:10:48.0627 6912 wscsvc - ok
20:10:48.0674 6912 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
20:10:48.0736 6912 WSDPrintDevice - ok
20:10:48.0768 6912 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
20:10:48.0799 6912 WSDScan - ok
20:10:48.0799 6912 WSearch - ok
20:10:48.0877 6912 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:10:49.0002 6912 wuauserv - ok
20:10:49.0048 6912 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:10:49.0142 6912 WudfPf - ok
20:10:49.0173 6912 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:10:49.0220 6912 WUDFRd - ok
20:10:49.0251 6912 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:10:49.0314 6912 wudfsvc - ok
20:10:49.0360 6912 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:10:49.0438 6912 WwanSvc - ok
20:10:49.0532 6912 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
20:10:49.0594 6912 yukonw7 - ok
20:10:49.0626 6912 ================ Scan global ===============================
20:10:49.0672 6912 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:10:49.0704 6912 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
20:10:49.0735 6912 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
20:10:49.0766 6912 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:10:49.0813 6912 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:10:49.0813 6912 [Global] - ok
20:10:49.0813 6912 ================ Scan MBR ==================================
20:10:49.0828 6912 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:10:51.0076 6912 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:10:51.0076 6912 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:10:51.0092 6912 ================ Scan VBR ==================================
20:10:51.0092 6912 [ 22DD9776BBBCE3ACA8CE6E6ABE32B66F ] \Device\Harddisk0\DR0\Partition1
20:10:51.0154 6912 \Device\Harddisk0\DR0\Partition1 - ok
20:10:51.0170 6912 [ 2DD336662FEAF8DFCB7D6393A56BD338 ] \Device\Harddisk0\DR0\Partition2
20:10:51.0170 6912 \Device\Harddisk0\DR0\Partition2 - ok
20:10:51.0607 6912 [ 9A38CA6698648C1C930FDE0569DC7C92 ] \Device\Harddisk0\DR0\Partition3
20:10:51.0622 6912 \Device\Harddisk0\DR0\Partition3 - ok
20:10:52.0371 6912 [ E538711485DBF7D37B15663ED2DFF791 ] \Device\Harddisk0\DR0\Partition4
20:10:52.0387 6912 \Device\Harddisk0\DR0\Partition4 - ok
20:10:52.0387 6912 ============================================================
20:10:52.0387 6912 Scan finished
20:10:52.0387 6912 ============================================================
20:10:52.0402 6904 Detected object count: 5
20:10:52.0402 6904 Actual detected object count: 5
20:11:05.0865 6904 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
20:11:05.0865 6904 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:11:05.0865 6904 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:11:05.0865 6904 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:11:05.0865 6904 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - skipped by user
20:11:05.0865 6904 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:11:05.0881 6904 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:11:05.0881 6904 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:11:05.0881 6904 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:11:05.0881 6904 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


----------



## Mark1956 (May 7, 2011)

That scans indicates that a Rootkit infection was removed in the first scan, but I still need to see the first scan results. You will find the log saved to your C: drive, please put it in your next post.


----------



## bdarger (May 6, 2013)

First scan is below

13:11:11.0998 4624 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:11:12.0451 4624 ============================================================
13:11:12.0451 4624 Current date / time: 2013/05/09 13:11:12.0451
13:11:12.0451 4624 SystemInfo:
13:11:12.0451 4624 
13:11:12.0451 4624 OS Version: 6.1.7601 ServicePack: 1.0
13:11:12.0451 4624 Product type: Workstation
13:11:12.0451 4624 ComputerName: BRANDON-HP
13:11:12.0451 4624 UserName: brandon
13:11:12.0451 4624 Windows directory: C:\Windows
13:11:12.0451 4624 System windows directory: C:\Windows
13:11:12.0451 4624 Running under WOW64
13:11:12.0451 4624 Processor architecture: Intel x64
13:11:12.0451 4624 Number of processors: 4
13:11:12.0451 4624 Page size: 0x1000
13:11:12.0451 4624 Boot type: Safe boot with network
13:11:12.0451 4624 ============================================================
13:11:13.0184 4624 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:11:13.0184 4624 ============================================================
13:11:13.0184 4624 \Device\Harddisk0\DR0:
13:11:13.0184 4624 MBR partitions:
13:11:13.0184 4624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
13:11:13.0184 4624 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x486BB000
13:11:13.0184 4624 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4871F000, BlocksNum 0x2105000
13:11:13.0184 4624 ============================================================
13:11:13.0200 4624 C: <-> \Device\Harddisk0\DR0\Partition2
13:11:13.0262 4624 D: <-> \Device\Harddisk0\DR0\Partition3
13:11:13.0262 4624 ============================================================
13:11:13.0262 4624 Initialize success
13:11:13.0262 4624 ============================================================
13:11:37.0863 0344 ============================================================
13:11:37.0863 0344 Scan started
13:11:37.0863 0344 Mode: Manual; SigCheck; TDLFS; 
13:11:37.0863 0344 ============================================================
13:11:40.0859 0344 ================ Scan system memory ========================
13:11:40.0859 0344 System memory - ok
13:11:40.0859 0344 ================ Scan services =============================
13:11:41.0015 0344 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:11:41.0186 0344 1394ohci - ok
13:11:41.0264 0344 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
13:11:41.0264 0344 Accelerometer - ok
13:11:41.0311 0344 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:11:41.0327 0344 ACPI - ok
13:11:41.0389 0344 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:11:41.0467 0344 AcpiPmi - ok
13:11:41.0561 0344 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:11:41.0576 0344 AdobeARMservice - ok
13:11:41.0639 0344 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:11:41.0654 0344 AdobeFlashPlayerUpdateSvc - ok
13:11:41.0701 0344 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:11:41.0732 0344 adp94xx - ok
13:11:41.0763 0344 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:11:41.0779 0344 adpahci - ok
13:11:41.0795 0344 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:11:41.0810 0344 adpu320 - ok
13:11:41.0841 0344 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:11:41.0951 0344 AeLookupSvc - ok
13:11:42.0029 0344 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
13:11:42.0107 0344 AESTFilters - ok
13:11:42.0153 0344 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:11:42.0231 0344 AFD - ok
13:11:42.0263 0344 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:11:42.0278 0344 agp440 - ok
13:11:42.0309 0344 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:11:42.0387 0344 ALG - ok
13:11:42.0419 0344 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:11:42.0434 0344 aliide - ok
13:11:42.0434 0344 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:11:42.0450 0344 amdide - ok
13:11:42.0481 0344 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:11:42.0543 0344 AmdK8 - ok
13:11:42.0559 0344 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:11:42.0590 0344 AmdPPM - ok
13:11:42.0637 0344 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:11:42.0637 0344 amdsata - ok
13:11:42.0684 0344 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:11:42.0699 0344 amdsbs - ok
13:11:42.0715 0344 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:11:42.0731 0344 amdxata - ok
13:11:42.0840 0344 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:11:43.0058 0344 AppID - ok
13:11:43.0074 0344 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:11:43.0167 0344 AppIDSvc - ok
13:11:43.0230 0344 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:11:43.0308 0344 Appinfo - ok
13:11:43.0401 0344 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:11:43.0417 0344 Apple Mobile Device - ok
13:11:43.0464 0344 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:11:43.0479 0344 arc - ok
13:11:43.0479 0344 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:11:43.0495 0344 arcsas - ok
13:11:43.0526 0344 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:11:43.0604 0344 AsyncMac - ok
13:11:43.0667 0344 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:11:43.0682 0344 atapi - ok
13:11:43.0729 0344 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:11:43.0838 0344 AudioEndpointBuilder - ok
13:11:43.0869 0344 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:11:43.0916 0344 AudioSrv - ok
13:11:43.0994 0344 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:11:44.0103 0344 AxInstSV - ok
13:11:44.0135 0344 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:11:44.0197 0344 b06bdrv - ok
13:11:44.0244 0344 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:11:44.0291 0344 b57nd60a - ok
13:11:44.0337 0344 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:11:44.0415 0344 BDESVC - ok
13:11:44.0415 0344 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:11:44.0509 0344 Beep - ok
13:11:44.0587 0344 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:11:44.0681 0344 BFE - ok
13:11:44.0852 0344 [ 6C64FA457C200874FAA87D74152E0D84 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
13:11:44.0915 0344 BHDrvx64 - ok
13:11:44.0946 0344 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:11:45.0086 0344 BITS - ok
13:11:45.0133 0344 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:11:45.0180 0344 blbdrive - ok
13:11:45.0320 0344 [ E7062088161C56BF42E7DBA53664E584 ] Bluetooth Device Manager C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
13:11:45.0476 0344 Bluetooth Device Manager - ok
13:11:45.0539 0344 [ 21B1CB06C0254BBC08B8C30D8F282E69 ] Bluetooth Media Service C:\Program Files\Motorola\Bluetooth\audiosrv.exe
13:11:45.0585 0344 Bluetooth Media Service - ok
13:11:45.0617 0344 [ 0BC0DC720F22A9D6D721FD5B7D15E84F ] Bluetooth OBEX Service C:\Program Files\Motorola\Bluetooth\obexsrv.exe
13:11:45.0632 0344 Bluetooth OBEX Service - ok
13:11:45.0710 0344 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:11:45.0726 0344 Bonjour Service - ok
13:11:45.0835 0344 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:11:45.0944 0344 bowser - ok
13:11:45.0960 0344 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:11:46.0038 0344 BrFiltLo - ok
13:11:46.0038 0344 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:11:46.0053 0344 BrFiltUp - ok
13:11:46.0085 0344 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:11:46.0147 0344 Browser - ok
13:11:46.0163 0344 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:11:46.0225 0344 Brserid - ok
13:11:46.0241 0344 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:11:46.0272 0344 BrSerWdm - ok
13:11:46.0287 0344 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:11:46.0303 0344 BrUsbMdm - ok
13:11:46.0303 0344 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:11:46.0319 0344 BrUsbSer - ok
13:11:46.0381 0344 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
13:11:46.0506 0344 BthEnum - ok
13:11:46.0521 0344 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:11:46.0568 0344 BTHMODEM - ok
13:11:46.0631 0344 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
13:11:46.0662 0344 BthPan - ok
13:11:46.0709 0344 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
13:11:46.0787 0344 BTHPORT - ok
13:11:46.0833 0344 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:11:46.0896 0344 bthserv - ok
13:11:46.0943 0344 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
13:11:46.0974 0344 BTHUSB - ok
13:11:47.0021 0344 [ 6D3FF2B480F7AB8DA103CBC7FBEACD48 ] BTMCOM C:\Windows\system32\Drivers\btmcom.sys
13:11:47.0083 0344 BTMCOM - ok
13:11:47.0145 0344 [ 8AEF214DD4816AF9AFB5D425F7302DAE ] BTMNET C:\Windows\system32\DRIVERS\btmnet.sys
13:11:47.0192 0344 BTMNET - ok
13:11:47.0239 0344 [ 8515AA7DC5ECEBDFCC480D2001398BD7 ] BTMUSB C:\Windows\system32\Drivers\btmusb.sys
13:11:47.0317 0344 BTMUSB - ok
13:11:47.0379 0344 [ 37B50B3A19CD1F3BB751FCD9C33ACDAF ] cag C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys
13:11:47.0395 0344 cag - ok
13:11:47.0411 0344 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:11:47.0489 0344 cdfs - ok
13:11:47.0535 0344 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:11:47.0567 0344 cdrom - ok
13:11:47.0613 0344 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:11:47.0691 0344 CertPropSvc - ok
13:11:47.0754 0344 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:11:47.0801 0344 circlass - ok
13:11:47.0847 0344 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:11:47.0863 0344 CLFS - ok
13:11:47.0925 0344 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:11:47.0957 0344 clr_optimization_v2.0.50727_32 - ok
13:11:48.0003 0344 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:11:48.0019 0344 clr_optimization_v2.0.50727_64 - ok
13:11:48.0081 0344 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:11:48.0128 0344 clr_optimization_v4.0.30319_32 - ok
13:11:48.0191 0344 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:11:48.0206 0344 clr_optimization_v4.0.30319_64 - ok
13:11:48.0253 0344 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
13:11:48.0253 0344 clwvd - ok
13:11:48.0300 0344 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:11:48.0331 0344 CmBatt - ok
13:11:48.0378 0344 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:11:48.0393 0344 cmdide - ok
13:11:48.0425 0344 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:11:48.0471 0344 CNG - ok
13:11:48.0518 0344 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:11:48.0534 0344 Compbatt - ok
13:11:48.0581 0344 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:11:48.0612 0344 CompositeBus - ok
13:11:48.0627 0344 COMSysApp - ok
13:11:48.0659 0344 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:11:48.0674 0344 crcdisk - ok
13:11:48.0721 0344 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:11:48.0783 0344 CryptSvc - ok
13:11:48.0830 0344 [ 5C5EECDD72C392F05328356FFCDF19AB ] ctxva51 C:\Windows\system32\DRIVERS\ctxva51.sys
13:11:48.0846 0344 ctxva51 - ok
13:11:48.0908 0344 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:11:48.0986 0344 DcomLaunch - ok
13:11:49.0002 0344 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:11:49.0080 0344 defragsvc - ok
13:11:49.0127 0344 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:11:49.0205 0344 DfsC - ok
13:11:49.0251 0344 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:11:49.0314 0344 Dhcp - ok
13:11:49.0329 0344 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:11:49.0376 0344 discache - ok
13:11:49.0454 0344 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:11:49.0454 0344 Disk - ok
13:11:49.0517 0344 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
13:11:49.0517 0344 DNE - ok
13:11:49.0548 0344 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:11:49.0610 0344 Dnscache - ok
13:11:49.0641 0344 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:11:49.0719 0344 dot3svc - ok
13:11:49.0751 0344 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:11:49.0813 0344 DPS - ok
13:11:49.0860 0344 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:11:49.0907 0344 drmkaud - ok
13:11:49.0969 0344 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:11:50.0016 0344 DXGKrnl - ok
13:11:50.0063 0344 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:11:50.0125 0344 EapHost - ok
13:11:50.0203 0344 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:11:50.0328 0344 ebdrv - ok
13:11:50.0390 0344 [ 0C3F9EFF8DDD9F9EB56D754B4620155F ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
13:11:50.0406 0344 eeCtrl - ok
13:11:50.0437 0344 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:11:50.0484 0344 EFS - ok
13:11:50.0577 0344 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:11:50.0655 0344 ehRecvr - ok
13:11:50.0687 0344 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:11:50.0749 0344 ehSched - ok
13:11:50.0796 0344 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:11:50.0827 0344 elxstor - ok
13:11:50.0858 0344 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
13:11:50.0889 0344 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
13:11:50.0889 0344 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
13:11:50.0967 0344 [ 757305C7AD34222F4A46D86FE0BEE241 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
13:11:50.0999 0344 EpsonCustomerParticipation - ok
13:11:51.0045 0344 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:11:51.0077 0344 ErrDev - ok
13:11:51.0123 0344 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:11:51.0217 0344 EventSystem - ok
13:11:51.0248 0344 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:11:51.0326 0344 exfat - ok
13:11:51.0342 0344 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:11:51.0404 0344 fastfat - ok
13:11:51.0482 0344 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:11:51.0560 0344 Fax - ok
13:11:51.0576 0344 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:11:51.0607 0344 fdc - ok
13:11:51.0669 0344 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:11:51.0716 0344 fdPHost - ok
13:11:51.0732 0344 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:11:51.0794 0344 FDResPub - ok
13:11:51.0825 0344 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:11:51.0841 0344 FileInfo - ok
13:11:51.0857 0344 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:11:51.0919 0344 Filetrace - ok
13:11:51.0966 0344 [ 3D9B36631032FDE0FFEA0DC0260E4E35 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:11:51.0981 0344 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:11:51.0981 0344 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:11:52.0013 0344 [ 52C0312AB35EB7187015FB6A99136BB5 ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
13:11:52.0044 0344 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - warning
13:11:52.0044 0344 FLEXnet Licensing Service 64 - detected UnsignedFile.Multi.Generic (1)
13:11:52.0059 0344 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:11:52.0075 0344 flpydisk - ok
13:11:52.0122 0344 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:11:52.0137 0344 FltMgr - ok
13:11:52.0184 0344 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:11:52.0278 0344 FontCache - ok
13:11:52.0325 0344 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:11:52.0340 0344 FontCache3.0.0.0 - ok
13:11:52.0418 0344 [ CDC54DB949D1E2BBF86B0C7AB86B912E ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
13:11:52.0434 0344 FPLService - ok
13:11:52.0465 0344 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:11:52.0481 0344 FsDepends - ok
13:11:52.0496 0344 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:11:52.0512 0344 Fs_Rec - ok
13:11:52.0574 0344 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:11:52.0590 0344 fvevol - ok
13:11:52.0621 0344 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:11:52.0637 0344 gagp30kx - ok
13:11:52.0730 0344 [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
13:11:52.0746 0344 GameConsoleService - ok
13:11:52.0777 0344 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:11:52.0793 0344 GEARAspiWDM - ok
13:11:52.0808 0344 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:11:52.0902 0344 gpsvc - ok
13:11:52.0917 0344 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:11:52.0980 0344 hcw85cir - ok
13:11:53.0027 0344 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:11:53.0042 0344 HdAudAddService - ok
13:11:53.0073 0344 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:11:53.0120 0344 HDAudBus - ok
13:11:53.0151 0344 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:11:53.0183 0344 HidBatt - ok
13:11:53.0214 0344 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:11:53.0229 0344 HidBth - ok
13:11:53.0245 0344 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:11:53.0292 0344 HidIr - ok
13:11:53.0323 0344 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:11:53.0385 0344 hidserv - ok
13:11:53.0463 0344 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:11:53.0463 0344 HidUsb - ok
13:11:53.0495 0344 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:11:53.0573 0344 hkmsvc - ok
13:11:53.0651 0344 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:11:53.0666 0344 HomeGroupListener - ok
13:11:53.0713 0344 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:11:53.0744 0344 HomeGroupProvider - ok
13:11:53.0838 0344 [ 7A24AD37416B91E4B5E5B46BD25C075F ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
13:11:53.0838 0344 HP Health Check Service - ok
13:11:53.0900 0344 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
13:11:53.0916 0344 HP Wireless Assistant Service - ok
13:11:53.0947 0344 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
13:11:53.0963 0344 HPClientSvc - ok
13:11:54.0025 0344 [ 2A047E7E0F1018E3134A4065636F2025 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
13:11:54.0025 0344 HPDrvMntSvc.exe - ok
13:11:54.0056 0344 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
13:11:54.0087 0344 hpdskflt - ok
13:11:54.0103 0344 [ 59CB6A1CA093EDC2881598A45518857D ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
13:11:54.0150 0344 hpqwmiex - ok
13:11:54.0197 0344 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:11:54.0212 0344 HpSAMD - ok
13:11:54.0243 0344 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
13:11:54.0259 0344 hpsrv - ok
13:11:54.0321 0344 [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
13:11:54.0337 0344 HPWMISVC - ok
13:11:54.0399 0344 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:11:54.0477 0344 HTTP - ok
13:11:54.0524 0344 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:11:54.0540 0344 hwpolicy - ok
13:11:54.0602 0344 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:11:54.0618 0344 i8042prt - ok
13:11:54.0665 0344 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
13:11:54.0680 0344 iaStor - ok
13:11:54.0774 0344 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
13:11:54.0789 0344 IAStorDataMgrSvc - ok
13:11:54.0821 0344 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:11:54.0852 0344 iaStorV - ok
13:11:54.0914 0344 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:11:54.0945 0344 idsvc - ok
13:11:55.0023 0344 [ 18C40C3F368323B203ACE403CB430DB1 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120406.002\IDSvia64.sys
13:11:55.0055 0344 IDSVia64 - ok
13:11:55.0367 0344 [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:11:55.0757 0344 igfx - ok
13:11:55.0788 0344 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:11:55.0803 0344 iirsp - ok
13:11:55.0835 0344 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:11:55.0913 0344 IKEEXT - ok
13:11:55.0959 0344 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
13:11:56.0022 0344 IntcDAud - ok
13:11:56.0053 0344 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:11:56.0069 0344 intelide - ok
13:11:56.0115 0344 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:11:56.0147 0344 intelppm - ok
13:11:56.0225 0344 [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
13:11:56.0225 0344 IntuitUpdateServiceV4 - ok
13:11:56.0256 0344 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:11:56.0318 0344 IPBusEnum - ok
13:11:56.0349 0344 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:11:56.0396 0344 IpFilterDriver - ok
13:11:56.0443 0344 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:11:56.0490 0344 iphlpsvc - ok
13:11:56.0505 0344 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:11:56.0537 0344 IPMIDRV - ok
13:11:56.0568 0344 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:11:56.0615 0344 IPNAT - ok
13:11:56.0677 0344 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:11:56.0724 0344 iPod Service - ok
13:11:56.0755 0344 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:11:56.0880 0344 IRENUM - ok
13:11:56.0911 0344 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:11:56.0911 0344 isapnp - ok
13:11:56.0958 0344 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:11:56.0973 0344 iScsiPrt - ok
13:11:57.0020 0344 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:11:57.0020 0344 kbdclass - ok
13:11:57.0067 0344 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:11:57.0083 0344 kbdhid - ok
13:11:57.0098 0344 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:11:57.0098 0344 KeyIso - ok
13:11:57.0129 0344 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:11:57.0129 0344 KSecDD - ok
13:11:57.0161 0344 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:11:57.0176 0344 KSecPkg - ok
13:11:57.0223 0344 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:11:57.0270 0344 ksthunk - ok
13:11:57.0317 0344 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:11:57.0379 0344 KtmRm - ok
13:11:57.0426 0344 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:11:57.0473 0344 LanmanServer - ok
13:11:57.0535 0344 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:11:57.0629 0344 LanmanWorkstation - ok
13:11:57.0675 0344 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
13:11:57.0691 0344 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
13:11:57.0691 0344 LightScribeService - detected UnsignedFile.Multi.Generic (1)
13:11:57.0722 0344 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:11:57.0785 0344 lltdio - ok
13:11:57.0816 0344 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:11:57.0894 0344 lltdsvc - ok
13:11:57.0894 0344 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:11:57.0956 0344 lmhosts - ok
13:11:58.0019 0344 [ C463A25F01C6237295917417C5E9E344 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:11:58.0034 0344 LMS - ok
13:11:58.0065 0344 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:11:58.0081 0344 LSI_FC - ok
13:11:58.0097 0344 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:11:58.0112 0344 LSI_SAS - ok
13:11:58.0112 0344 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:11:58.0128 0344 LSI_SAS2 - ok
13:11:58.0143 0344 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:11:58.0159 0344 LSI_SCSI - ok
13:11:58.0190 0344 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:11:58.0268 0344 luafv - ok
13:11:58.0284 0344 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:11:58.0331 0344 Mcx2Svc - ok
13:11:58.0377 0344 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:11:58.0393 0344 megasas - ok
13:11:58.0409 0344 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:11:58.0424 0344 MegaSR - ok
13:11:58.0487 0344 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
13:11:58.0502 0344 MEIx64 - ok
13:11:58.0533 0344 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:11:58.0627 0344 MMCSS - ok
13:11:58.0658 0344 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:11:58.0736 0344 Modem - ok
13:11:58.0799 0344 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:11:58.0845 0344 monitor - ok
13:11:58.0908 0344 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:11:58.0908 0344 mouclass - ok
13:11:58.0939 0344 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:11:58.0955 0344 mouhid - ok
13:11:58.0986 0344 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:11:59.0017 0344 mountmgr - ok
13:11:59.0173 0344 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:11:59.0189 0344 MozillaMaintenance - ok
13:11:59.0235 0344 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:11:59.0251 0344 mpio - ok
13:11:59.0282 0344 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:11:59.0329 0344 mpsdrv - ok
13:11:59.0376 0344 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:11:59.0469 0344 MpsSvc - ok
13:11:59.0501 0344 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:11:59.0547 0344 MRxDAV - ok
13:11:59.0594 0344 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:11:59.0657 0344 mrxsmb - ok
13:11:59.0672 0344 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:11:59.0703 0344 mrxsmb10 - ok
13:11:59.0735 0344 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:11:59.0750 0344 mrxsmb20 - ok
13:11:59.0766 0344 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:11:59.0781 0344 msahci - ok
13:11:59.0828 0344 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:11:59.0844 0344 msdsm - ok
13:11:59.0859 0344 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:11:59.0891 0344 MSDTC - ok
13:11:59.0922 0344 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:11:59.0969 0344 Msfs - ok
13:11:59.0984 0344 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:12:00.0031 0344 mshidkmdf - ok
13:12:00.0047 0344 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:12:00.0062 0344 msisadrv - ok
13:12:00.0109 0344 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:12:00.0156 0344 MSiSCSI - ok
13:12:00.0171 0344 msiserver - ok
13:12:00.0218 0344 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:12:00.0281 0344 MSKSSRV - ok
13:12:00.0281 0344 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:12:00.0343 0344 MSPCLOCK - ok
13:12:00.0359 0344 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:12:00.0421 0344 MSPQM - ok
13:12:00.0468 0344 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:12:00.0499 0344 MsRPC - ok
13:12:00.0530 0344 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:12:00.0530 0344 mssmbios - ok
13:12:00.0546 0344 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:12:00.0624 0344 MSTEE - ok
13:12:00.0624 0344 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:12:00.0671 0344 MTConfig - ok
13:12:00.0702 0344 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:12:00.0717 0344 Mup - ok
13:12:00.0749 0344 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:12:00.0827 0344 napagent - ok
13:12:00.0873 0344 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:12:00.0920 0344 NativeWifiP - ok
13:12:00.0998 0344 [ 2DBE90210DE76BE6E1653BB20EC70EC2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120406.034\ENG64.SYS
13:12:01.0014 0344 NAVENG - ok
13:12:01.0076 0344 [ 346DA70E203B8E2C850277713DE8F71B ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120406.034\EX64.SYS
13:12:01.0154 0344 NAVEX15 - ok
13:12:01.0217 0344 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:12:01.0263 0344 NDIS - ok
13:12:01.0295 0344 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:12:01.0373 0344 NdisCap - ok
13:12:01.0388 0344 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:12:01.0419 0344 NdisTapi - ok
13:12:01.0466 0344 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:12:01.0497 0344 Ndisuio - ok
13:12:01.0529 0344 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:12:01.0591 0344 NdisWan - ok
13:12:01.0622 0344 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:12:01.0685 0344 NDProxy - ok
13:12:01.0747 0344 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:12:01.0809 0344 NetBIOS - ok
13:12:01.0856 0344 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:12:01.0919 0344 NetBT - ok
13:12:01.0934 0344 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:12:01.0950 0344 Netlogon - ok
13:12:01.0997 0344 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:12:02.0059 0344 Netman - ok
13:12:02.0090 0344 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:12:02.0168 0344 netprofm - ok
13:12:02.0231 0344 [ 24CF1304D899124336F67F88F3C15E21 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
13:12:02.0262 0344 netr28x - ok
13:12:02.0277 0344 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:12:02.0293 0344 NetTcpPortSharing - ok
13:12:02.0449 0344 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
13:12:02.0589 0344 netw5v64 - ok
13:12:02.0605 0344 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:12:02.0621 0344 nfrd960 - ok
13:12:02.0667 0344 [ E78A365CC3E0FBFC018A33DCE01909F8 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
13:12:02.0699 0344 NIS - ok
13:12:02.0761 0344 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:12:02.0808 0344 NlaSvc - ok
13:12:02.0839 0344 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:12:02.0886 0344 Npfs - ok
13:12:02.0933 0344 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:12:03.0011 0344 nsi - ok
13:12:03.0042 0344 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:12:03.0089 0344 nsiproxy - ok
13:12:03.0167 0344 [ 08849429CE646B4D10892D239F9D6A7A ] nsverctl C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
13:12:03.0182 0344 nsverctl - ok
13:12:03.0276 0344 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:12:03.0338 0344 Ntfs - ok
13:12:03.0354 0344 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:12:03.0432 0344 Null - ok
13:12:03.0463 0344 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
13:12:03.0494 0344 nusb3hub - ok
13:12:03.0510 0344 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:12:03.0557 0344 nusb3xhc - ok
13:12:03.0588 0344 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:12:03.0588 0344 nvraid - ok
13:12:03.0619 0344 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:12:03.0635 0344 nvstor - ok
13:12:03.0650 0344 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:12:03.0666 0344 nv_agp - ok
13:12:03.0791 0344 [ E0506331F0454C347B28B2AE4BD14636 ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
13:12:03.0853 0344 OfficeSvc - ok
13:12:03.0884 0344 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:12:03.0900 0344 ohci1394 - ok
13:12:03.0978 0344 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:12:03.0993 0344 ose - ok
13:12:04.0149 0344 [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:12:04.0305 0344 osppsvc - ok
13:12:04.0352 0344 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:12:04.0415 0344 p2pimsvc - ok
13:12:04.0446 0344 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:12:04.0461 0344 p2psvc - ok
13:12:04.0493 0344 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:12:04.0493 0344 Parport - ok
13:12:04.0524 0344 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:12:04.0539 0344 partmgr - ok
13:12:04.0773 0344 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:12:04.0929 0344 PcaSvc - ok
13:12:04.0976 0344 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:12:04.0992 0344 pci - ok
13:12:05.0007 0344 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:12:05.0023 0344 pciide - ok
13:12:05.0039 0344 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:12:05.0054 0344 pcmcia - ok
13:12:05.0070 0344 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:12:05.0085 0344 pcw - ok
13:12:05.0101 0344 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:12:05.0148 0344 PEAUTH - ok
13:12:05.0257 0344 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:12:05.0288 0344 PerfHost - ok
13:12:05.0351 0344 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:12:05.0429 0344 pla - ok
13:12:05.0475 0344 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:12:05.0522 0344 PlugPlay - ok
13:12:05.0553 0344 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:12:05.0569 0344 PNRPAutoReg - ok
13:12:05.0585 0344 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:12:05.0600 0344 PNRPsvc - ok
13:12:05.0631 0344 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:12:05.0694 0344 PolicyAgent - ok
13:12:05.0725 0344 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:12:05.0787 0344 Power - ok
13:12:05.0834 0344 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:12:05.0881 0344 PptpMiniport - ok
13:12:05.0928 0344 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:12:05.0959 0344 Processor - ok
13:12:06.0006 0344 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:12:06.0068 0344 ProfSvc - ok
13:12:06.0084 0344 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:12:06.0084 0344 ProtectedStorage - ok
13:12:06.0146 0344 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:12:06.0209 0344 Psched - ok
13:12:06.0255 0344 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:12:06.0302 0344 ql2300 - ok
13:12:06.0318 0344 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:12:06.0333 0344 ql40xx - ok
13:12:06.0365 0344 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:12:06.0396 0344 QWAVE - ok
13:12:06.0427 0344 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:12:06.0474 0344 QWAVEdrv - ok
13:12:06.0521 0344 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:12:06.0567 0344 RasAcd - ok
13:12:06.0645 0344 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:12:06.0677 0344 RasAgileVpn - ok
13:12:06.0708 0344 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:12:06.0755 0344 RasAuto - ok
13:12:06.0801 0344 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:12:06.0879 0344 Rasl2tp - ok
13:12:06.0911 0344 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:12:06.0957 0344 RasMan - ok
13:12:06.0973 0344 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:12:07.0051 0344 RasPppoe - ok
13:12:07.0082 0344 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:12:07.0145 0344 RasSstp - ok
13:12:07.0191 0344 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:12:07.0269 0344 rdbss - ok
13:12:07.0285 0344 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:12:07.0332 0344 rdpbus - ok
13:12:07.0347 0344 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:12:07.0425 0344 RDPCDD - ok
13:12:07.0441 0344 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:12:07.0503 0344 RDPENCDD - ok
13:12:07.0535 0344 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:12:07.0581 0344 RDPREFMP - ok
13:12:07.0597 0344 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:12:07.0659 0344 RDPWD - ok
13:12:07.0706 0344 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:12:07.0706 0344 rdyboost - ok
13:12:07.0737 0344 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:12:07.0784 0344 RemoteAccess - ok
13:12:07.0831 0344 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:12:07.0878 0344 RemoteRegistry - ok
13:12:07.0940 0344 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
13:12:07.0987 0344 RFCOMM - ok
13:12:08.0065 0344 [ C1568E17039B2EC2B73A4F880DDD51E5 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
13:12:08.0081 0344 RoxioNow Service - ok
13:12:08.0112 0344 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:12:08.0174 0344 RpcEptMapper - ok
13:12:08.0205 0344 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:12:08.0221 0344 RpcLocator - ok
13:12:08.0268 0344 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:12:08.0315 0344 RpcSs - ok
13:12:08.0361 0344 [ D5C3E1629A3F7F0857D27949252B94CE ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
13:12:08.0377 0344 RSPCIESTOR - ok
13:12:08.0408 0344 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:12:08.0455 0344 rspndr - ok
13:12:08.0486 0344 [ 5D6A444BD37B52FF846387C87DCDF98A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:12:08.0502 0344 RTL8167 - ok
13:12:08.0517 0344 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:12:08.0533 0344 SamSs - ok
13:12:08.0767 0344 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:12:08.0783 0344 sbp2port - ok
13:12:08.0814 0344 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:12:08.0876 0344 SCardSvr - ok
13:12:08.0923 0344 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:12:08.0985 0344 scfilter - ok
13:12:09.0032 0344 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:12:09.0126 0344 Schedule - ok
13:12:09.0157 0344 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:12:09.0188 0344 SCPolicySvc - ok
13:12:09.0235 0344 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
13:12:09.0282 0344 sdbus - ok
13:12:09.0329 0344 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:12:09.0375 0344 SDRSVC - ok
13:12:09.0407 0344 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:12:09.0485 0344 secdrv - ok
13:12:09.0516 0344 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:12:09.0563 0344 seclogon - ok
13:12:09.0594 0344 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:12:09.0641 0344 SENS - ok
13:12:09.0687 0344 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:12:09.0750 0344 SensrSvc - ok
13:12:09.0765 0344 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:12:09.0797 0344 Serenum - ok
13:12:09.0828 0344 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:12:09.0843 0344 Serial - ok
13:12:09.0890 0344 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:12:09.0921 0344 sermouse - ok
13:12:09.0968 0344 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:12:10.0031 0344 SessionEnv - ok
13:12:10.0046 0344 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:12:10.0093 0344 sffdisk - ok
13:12:10.0109 0344 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:12:10.0155 0344 sffp_mmc - ok
13:12:10.0171 0344 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:12:10.0202 0344 sffp_sd - ok
13:12:10.0233 0344 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:12:10.0265 0344 sfloppy - ok
13:12:10.0311 0344 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:12:10.0374 0344 SharedAccess - ok
13:12:10.0421 0344 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:12:10.0499 0344 ShellHWDetection - ok
13:12:10.0545 0344 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:12:10.0577 0344 SiSRaid2 - ok
13:12:10.0982 0344 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:12:10.0998 0344 SiSRaid4 - ok
13:12:11.0076 0344 [ 3467821FD04A66C9786DF0C8C0219A73 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:12:11.0076 0344 SkypeUpdate - ok
13:12:11.0123 0344 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:12:11.0185 0344 Smb - ok
13:12:11.0232 0344 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:12:11.0263 0344 SNMPTRAP - ok
13:12:11.0279 0344 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:12:11.0294 0344 spldr - ok
13:12:11.0403 0344 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:12:11.0435 0344 Spooler - ok
13:12:11.0528 0344 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:12:11.0669 0344 sppsvc - ok
13:12:11.0700 0344 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:12:11.0762 0344 sppuinotify - ok
13:12:11.0840 0344 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
13:12:11.0871 0344 SRTSP - ok
13:12:11.0887 0344 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
13:12:11.0903 0344 SRTSPX - ok
13:12:11.0934 0344 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:12:11.0996 0344 srv - ok
13:12:12.0012 0344 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:12:12.0043 0344 srv2 - ok
13:12:12.0074 0344 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
13:12:12.0090 0344 SrvHsfHDA - ok
13:12:12.0121 0344 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:12:12.0183 0344 SrvHsfV92 - ok
13:12:12.0230 0344 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
13:12:12.0261 0344 SrvHsfWinac - ok
13:12:12.0277 0344 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:12:12.0308 0344 srvnet - ok
13:12:12.0355 0344 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:12:12.0417 0344 SSDPSRV - ok
13:12:12.0433 0344 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:12:12.0464 0344 SstpSvc - ok
13:12:12.0542 0344 [ 7C49A5E1943AFDA4672D80726AF3BAE4 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
13:12:12.0589 0344 STacSV - ok
13:12:12.0620 0344 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:12:12.0636 0344 stexstor - ok
13:12:12.0698 0344 [ 0AAD250A31A7EE96E0945AB9E1F3BAA7 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
13:12:12.0729 0344 STHDA - ok
13:12:12.0792 0344 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:12:12.0839 0344 stisvc - ok
13:12:12.0870 0344 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:12:12.0885 0344 swenum - ok
13:12:12.0901 0344 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:12:12.0963 0344 swprv - ok
13:12:13.0010 0344 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
13:12:13.0026 0344 SymDS - ok
13:12:13.0057 0344 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
13:12:13.0088 0344 SymEFA - ok
13:12:13.0119 0344 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
13:12:13.0135 0344 SymEvent - ok
13:12:13.0151 0344 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
13:12:13.0151 0344 SymIRON - ok
13:12:13.0166 0344 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
13:12:13.0182 0344 SymNetS - ok
13:12:13.0260 0344 [ 33E6A285DAA5134D8EA2247914C86C09 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:12:13.0275 0344 SynTP - ok
13:12:13.0353 0344 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:12:13.0431 0344 SysMain - ok
13:12:13.0478 0344 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:12:13.0494 0344 TabletInputService - ok
13:12:13.0525 0344 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:12:13.0587 0344 TapiSrv - ok
13:12:13.0619 0344 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:12:13.0650 0344 TBS - ok
13:12:13.0743 0344 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:12:13.0806 0344 Tcpip - ok
13:12:13.0884 0344 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:12:13.0915 0344 TCPIP6 - ok
13:12:13.0946 0344 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:12:13.0977 0344 tcpipreg - ok
13:12:14.0040 0344 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:12:14.0087 0344 TDPIPE - ok
13:12:14.0102 0344 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:12:14.0149 0344 TDTCP - ok
13:12:14.0196 0344 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:12:14.0227 0344 tdx - ok
13:12:14.0258 0344 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:12:14.0274 0344 TermDD - ok
13:12:14.0305 0344 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:12:14.0352 0344 TermService - ok
13:12:14.0383 0344 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:12:14.0414 0344 Themes - ok
13:12:14.0445 0344 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:12:14.0477 0344 THREADORDER - ok
13:12:14.0508 0344 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:12:14.0555 0344 TrkWks - ok
13:12:14.0633 0344 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:12:14.0679 0344 TrustedInstaller - ok
13:12:14.0711 0344 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:12:14.0773 0344 tssecsrv - ok
13:12:14.0820 0344 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:12:14.0867 0344 TsUsbFlt - ok
13:12:14.0929 0344 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:12:14.0976 0344 tunnel - ok
13:12:15.0007 0344 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:12:15.0023 0344 uagp35 - ok
13:12:15.0038 0344 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:12:15.0085 0344 udfs - ok
13:12:15.0101 0344 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:12:15.0116 0344 UI0Detect - ok
13:12:15.0147 0344 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:12:15.0163 0344 uliagpkx - ok
13:12:15.0210 0344 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:12:15.0241 0344 umbus - ok
13:12:15.0257 0344 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:12:15.0288 0344 UmPass - ok
13:12:15.0397 0344 [ 3A1ECEF8D49FC1A786A6CCD5A86A8878 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:12:15.0491 0344 UNS - ok
13:12:15.0522 0344 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:12:15.0584 0344 upnphost - ok
13:12:15.0631 0344 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:12:15.0678 0344 USBAAPL64 - ok
13:12:15.0725 0344 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:12:15.0756 0344 usbccgp - ok
13:12:15.0787 0344 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:12:15.0803 0344 usbcir - ok
13:12:15.0834 0344 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:12:15.0865 0344 usbehci - ok
13:12:15.0896 0344 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:12:15.0912 0344 usbhub - ok
13:12:15.0927 0344 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:12:15.0943 0344 usbohci - ok
13:12:15.0959 0344 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:12:15.0990 0344 usbprint - ok
13:12:16.0037 0344 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:12:16.0068 0344 USBSTOR - ok
13:12:16.0083 0344 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:12:16.0115 0344 usbuhci - ok
13:12:16.0161 0344 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
13:12:16.0177 0344 usbvideo - ok
13:12:16.0193 0344 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:12:16.0255 0344 UxSms - ok
13:12:16.0271 0344 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:12:16.0286 0344 VaultSvc - ok
13:12:16.0317 0344 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:12:16.0333 0344 vdrvroot - ok
13:12:16.0364 0344 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:12:16.0411 0344 vds - ok
13:12:16.0442 0344 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:12:16.0458 0344 vga - ok
13:12:16.0489 0344 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:12:16.0567 0344 VgaSave - ok
13:12:16.0614 0344 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:12:16.0629 0344 vhdmp - ok
13:12:16.0645 0344 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:12:16.0661 0344 viaide - ok
13:12:16.0676 0344 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:12:16.0692 0344 volmgr - ok
13:12:16.0739 0344 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:12:16.0754 0344 volmgrx - ok
13:12:16.0801 0344 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:12:16.0817 0344 volsnap - ok
13:12:16.0879 0344 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:12:16.0879 0344 vsmraid - ok
13:12:16.0941 0344 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:12:17.0019 0344 VSS - ok
13:12:17.0066 0344 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:12:17.0097 0344 vwifibus - ok
13:12:17.0144 0344 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:12:17.0175 0344 vwififlt - ok
13:12:17.0238 0344 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:12:17.0285 0344 W32Time - ok
13:12:17.0316 0344 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:12:17.0347 0344 WacomPen - ok
13:12:17.0409 0344 [ 356AFD78A6ED4457169241AC3965230C ] WANARP  C:\Windows\system32\DRIVERS\wanarp.sys
13:12:17.0472 0344 WANARP - ok
13:12:17.0487 0344 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:12:17.0519 0344 Wanarpv6 - ok
13:12:17.0612 0344 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:12:17.0675 0344 WatAdminSvc - ok
13:12:17.0721 0344 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:12:17.0815 0344 wbengine - ok
13:12:17.0831 0344 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:12:17.0862 0344 WbioSrvc - ok
13:12:17.0893 0344 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:12:17.0940 0344 wcncsvc - ok
13:12:17.0971 0344 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:12:17.0987 0344 WcsPlugInService - ok
13:12:18.0002 0344 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:12:18.0002 0344 Wd - ok
13:12:18.0033 0344 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:12:18.0080 0344 Wdf01000 - ok
13:12:18.0080 0344 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:12:18.0189 0344 WdiServiceHost - ok
13:12:18.0205 0344 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:12:18.0221 0344 WdiSystemHost - ok
13:12:18.0252 0344 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:12:18.0299 0344 WebClient - ok
13:12:18.0330 0344 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:12:18.0392 0344 Wecsvc - ok
13:12:18.0423 0344 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:12:18.0486 0344 wercplsupport - ok
13:12:18.0517 0344 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:12:18.0564 0344 WerSvc - ok
13:12:18.0813 0344 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:12:18.0845 0344 WfpLwf - ok
13:12:18.0876 0344 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:12:18.0876 0344 WIMMount - ok
13:12:18.0891 0344 WinDefend - ok
13:12:18.0907 0344 WinHttpAutoProxySvc - ok
13:12:18.0969 0344 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:12:19.0032 0344 Winmgmt - ok
13:12:19.0110 0344 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:12:19.0219 0344 WinRM - ok
13:12:19.0281 0344 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
13:12:19.0297 0344 WinUsb - ok
13:12:19.0328 0344 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:12:19.0406 0344 Wlansvc - ok
13:12:19.0437 0344 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:12:19.0469 0344 WmiAcpi - ok
13:12:19.0515 0344 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:12:19.0547 0344 wmiApSrv - ok
13:12:19.0593 0344 WMPNetworkSvc - ok
13:12:19.0625 0344 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:12:19.0640 0344 WPCSvc - ok
13:12:19.0671 0344 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:12:19.0796 0344 WPDBusEnum - ok
13:12:19.0827 0344 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:12:19.0890 0344 ws2ifsl - ok
13:12:19.0905 0344 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:12:19.0952 0344 wscsvc - ok
13:12:19.0999 0344 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
13:12:20.0030 0344 WSDPrintDevice - ok
13:12:20.0061 0344 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
13:12:20.0077 0344 WSDScan - ok
13:12:20.0077 0344 WSearch - ok
13:12:20.0171 0344 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:12:20.0280 0344 wuauserv - ok
13:12:20.0311 0344 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:12:20.0358 0344 WudfPf - ok
13:12:20.0389 0344 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:12:20.0436 0344 WUDFRd - ok
13:12:20.0483 0344 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:12:20.0514 0344 wudfsvc - ok
13:12:20.0561 0344 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:12:20.0607 0344 WwanSvc - ok
13:12:20.0670 0344 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
13:12:20.0717 0344 yukonw7 - ok
13:12:20.0779 0344 ================ Scan global ===============================
13:12:20.0826 0344 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:12:20.0857 0344 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
13:12:20.0857 0344 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
13:12:20.0888 0344 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:12:20.0904 0344 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:12:20.0904 0344 [Global] - ok
13:12:20.0904 0344 ================ Scan MBR ==================================
13:12:20.0919 0344 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:12:20.0919 0344 Suspicious mbr (Forged): \Device\Harddisk0\DR0
13:12:20.0982 0344 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
13:12:20.0997 0344 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
13:12:21.0559 0344 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:12:21.0559 0344 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:12:21.0559 0344 ================ Scan VBR ==================================
13:12:21.0559 0344 [ 22DD9776BBBCE3ACA8CE6E6ABE32B66F ] \Device\Harddisk0\DR0\Partition1
13:12:21.0559 0344 \Device\Harddisk0\DR0\Partition1 - ok
13:12:21.0590 0344 [ 2DD336662FEAF8DFCB7D6393A56BD338 ] \Device\Harddisk0\DR0\Partition2
13:12:21.0590 0344 \Device\Harddisk0\DR0\Partition2 - ok
13:12:21.0637 0344 [ 9A38CA6698648C1C930FDE0569DC7C92 ] \Device\Harddisk0\DR0\Partition3
13:12:21.0637 0344 \Device\Harddisk0\DR0\Partition3 - ok
13:12:21.0637 0344 ============================================================
13:12:21.0637 0344 Scan finished
13:12:21.0637 0344 ============================================================
13:12:21.0653 3736 Detected object count: 6
13:12:21.0653 3736 Actual detected object count: 6
13:13:02.0197 3736 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
13:13:02.0197 3736 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:13:02.0197 3736 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:13:02.0197 3736 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:13:02.0197 3736 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - skipped by user
13:13:02.0197 3736 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:13:02.0197 3736 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
13:13:02.0197 3736 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:13:03.0273 3736 \Device\Harddisk0\DR0\# - copied to quarantine
13:13:03.0273 3736 \Device\Harddisk0\DR0 - copied to quarantine
13:13:03.0367 3736 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
13:13:03.0367 3736 \Device\Harddisk0\DR0\TDLFS\cmd32.dll - copied to quarantine
13:13:03.0367 3736 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
13:13:03.0414 3736 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
13:13:03.0429 3736 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
13:13:03.0429 3736 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
13:13:03.0429 3736 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
13:13:03.0429 3736 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
13:13:03.0429 3736 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
13:13:03.0445 3736 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
13:13:03.0445 3736 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
13:13:03.0445 3736 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
13:13:03.0445 3736 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
13:13:03.0445 3736 \Device\Harddisk0\DR0\TDLFS\ua - copied to quarantine
13:13:03.0476 3736 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
13:13:03.0492 3736 \Device\Harddisk0\DR0 - ok
13:13:03.0913 3736 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 
13:13:03.0913 3736 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:13:03.0913 3736 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
13:13:07.0205 4216 Deinitialize success


----------



## Mark1956 (May 7, 2011)

Ok, please now run TDSSKiller again and this time select Delete for this entry:

\Device\Harddisk0\DR0 ( TDSS File System )

When done please post the log and do another scan with RogueKiller and post that log also.


----------



## bdarger (May 6, 2013)

Sorry I have not replied in a while. I was out of town. 
TDSSKiller log is below.

10:45:49.0193 3356 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:45:49.0599 3356 ============================================================
10:45:49.0599 3356 Current date / time: 2013/05/25 10:45:49.0599
10:45:49.0599 3356 SystemInfo:
10:45:49.0599 3356 
10:45:49.0599 3356 OS Version: 6.1.7601 ServicePack: 1.0
10:45:49.0599 3356 Product type: Workstation
10:45:49.0599 3356 ComputerName: BRANDON-HP
10:45:49.0599 3356 UserName: brandon
10:45:49.0599 3356 Windows directory: C:\Windows
10:45:49.0599 3356 System windows directory: C:\Windows
10:45:49.0599 3356 Running under WOW64
10:45:49.0599 3356 Processor architecture: Intel x64
10:45:49.0599 3356 Number of processors: 4
10:45:49.0599 3356 Page size: 0x1000
10:45:49.0599 3356 Boot type: Normal boot
10:45:49.0599 3356 ============================================================
10:45:50.0239 3356 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:45:50.0254 3356 ============================================================
10:45:50.0254 3356 \Device\Harddisk0\DR0:
10:45:50.0254 3356 MBR partitions:
10:45:50.0254 3356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
10:45:50.0254 3356 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x486BB000
10:45:50.0254 3356 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4871F000, BlocksNum 0x2105000
10:45:50.0254 3356 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
10:45:50.0254 3356 ============================================================
10:45:50.0285 3356 C: <-> \Device\Harddisk0\DR0\Partition2
10:45:50.0348 3356 D: <-> \Device\Harddisk0\DR0\Partition3
10:45:50.0348 3356 ============================================================
10:45:50.0348 3356 Initialize success
10:45:50.0348 3356 ============================================================
10:45:52.0345 9020 ============================================================
10:45:52.0345 9020 Scan started
10:45:52.0345 9020 Mode: Manual; 
10:45:52.0345 9020 ============================================================
10:45:53.0405 9020 ================ Scan system memory ========================
10:45:53.0405 9020 System memory - ok
10:45:53.0405 9020 ================ Scan services =============================
10:45:53.0593 9020 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:45:53.0608 9020 1394ohci - ok
10:45:53.0639 9020 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
10:45:53.0639 9020 Accelerometer - ok
10:45:53.0671 9020 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:45:53.0686 9020 ACPI - ok
10:45:53.0702 9020 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:45:53.0702 9020 AcpiPmi - ok
10:45:53.0858 9020 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:45:53.0873 9020 AdobeARMservice - ok
10:45:54.0185 9020 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:45:54.0185 9020 AdobeFlashPlayerUpdateSvc - ok
10:45:54.0263 9020 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:45:54.0279 9020 adp94xx - ok
10:45:54.0310 9020 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:45:54.0310 9020 adpahci - ok
10:45:54.0326 9020 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:45:54.0326 9020 adpu320 - ok
10:45:54.0388 9020 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:45:54.0388 9020 AeLookupSvc - ok
10:45:54.0466 9020 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
10:45:54.0482 9020 AESTFilters - ok
10:45:54.0529 9020 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:45:54.0544 9020 AFD - ok
10:45:54.0591 9020 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:45:54.0591 9020 agp440 - ok
10:45:54.0607 9020 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:45:54.0622 9020 ALG - ok
10:45:54.0653 9020 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:45:54.0653 9020 aliide - ok
10:45:54.0685 9020 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:45:54.0685 9020 amdide - ok
10:45:54.0700 9020 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:45:54.0716 9020 AmdK8 - ok
10:45:54.0716 9020 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:45:54.0716 9020 AmdPPM - ok
10:45:54.0763 9020 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:45:54.0763 9020 amdsata - ok
10:45:54.0778 9020 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:45:54.0794 9020 amdsbs - ok
10:45:54.0809 9020 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:45:54.0825 9020 amdxata - ok
10:45:54.0856 9020 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:45:54.0856 9020 AppID - ok
10:45:54.0887 9020 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:45:54.0903 9020 AppIDSvc - ok
10:45:54.0934 9020 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:45:54.0934 9020 Appinfo - ok
10:45:55.0028 9020 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:45:55.0028 9020 Apple Mobile Device - ok
10:45:55.0075 9020 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:45:55.0075 9020 arc - ok
10:45:55.0090 9020 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:45:55.0090 9020 arcsas - ok
10:45:55.0121 9020 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:45:55.0121 9020 AsyncMac - ok
10:45:55.0153 9020 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:45:55.0153 9020 atapi - ok
10:45:55.0215 9020 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:45:55.0246 9020 AudioEndpointBuilder - ok
10:45:55.0277 9020 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:45:55.0293 9020 AudioSrv - ok
10:45:55.0340 9020 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:45:55.0355 9020 AxInstSV - ok
10:45:55.0387 9020 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:45:55.0418 9020 b06bdrv - ok
10:45:55.0449 9020 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:45:55.0449 9020 b57nd60a - ok
10:45:55.0496 9020 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:45:55.0496 9020 BDESVC - ok
10:45:55.0511 9020 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:45:55.0511 9020 Beep - ok
10:45:55.0589 9020 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:45:55.0621 9020 BFE - ok
10:45:55.0792 9020 [ 6C64FA457C200874FAA87D74152E0D84 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
10:45:55.0839 9020 BHDrvx64 - ok
10:45:55.0886 9020 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:45:55.0917 9020 BITS - ok
10:45:55.0948 9020 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:45:55.0948 9020 blbdrive - ok
10:45:56.0089 9020 [ E7062088161C56BF42E7DBA53664E584 ] Bluetooth Device Manager C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
10:45:56.0213 9020 Bluetooth Device Manager - ok
10:45:56.0260 9020 [ 21B1CB06C0254BBC08B8C30D8F282E69 ] Bluetooth Media Service C:\Program Files\Motorola\Bluetooth\audiosrv.exe
10:45:56.0307 9020 Bluetooth Media Service - ok
10:45:56.0338 9020 [ 0BC0DC720F22A9D6D721FD5B7D15E84F ] Bluetooth OBEX Service C:\Program Files\Motorola\Bluetooth\obexsrv.exe
10:45:56.0369 9020 Bluetooth OBEX Service - ok
10:45:56.0432 9020 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:45:56.0463 9020 Bonjour Service - ok
10:45:56.0494 9020 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:45:56.0494 9020 bowser - ok
10:45:56.0541 9020 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:45:56.0541 9020 BrFiltLo - ok
10:45:56.0541 9020 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:45:56.0541 9020 BrFiltUp - ok
10:45:56.0588 9020 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:45:56.0588 9020 Browser - ok
10:45:56.0619 9020 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:45:56.0635 9020 Brserid - ok
10:45:56.0650 9020 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:45:56.0650 9020 BrSerWdm - ok
10:45:56.0666 9020 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:45:56.0666 9020 BrUsbMdm - ok
10:45:56.0666 9020 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:45:56.0666 9020 BrUsbSer - ok
10:45:56.0713 9020 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:45:56.0713 9020 BthEnum - ok
10:45:56.0728 9020 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:45:56.0728 9020 BTHMODEM - ok
10:45:56.0775 9020 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:45:56.0775 9020 BthPan - ok
10:45:56.0822 9020 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
10:45:56.0837 9020 BTHPORT - ok
10:45:56.0900 9020 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:45:56.0900 9020 bthserv - ok
10:45:56.0915 9020 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
10:45:56.0915 9020 BTHUSB - ok
10:45:56.0962 9020 [ 6D3FF2B480F7AB8DA103CBC7FBEACD48 ] BTMCOM C:\Windows\system32\Drivers\btmcom.sys
10:45:56.0962 9020 BTMCOM - ok
10:45:56.0993 9020 [ 8AEF214DD4816AF9AFB5D425F7302DAE ] BTMNET C:\Windows\system32\DRIVERS\btmnet.sys
10:45:56.0993 9020 BTMNET - ok
10:45:57.0056 9020 [ 8515AA7DC5ECEBDFCC480D2001398BD7 ] BTMUSB C:\Windows\system32\Drivers\btmusb.sys
10:45:57.0071 9020 BTMUSB - ok
10:45:57.0134 9020 [ 37B50B3A19CD1F3BB751FCD9C33ACDAF ] cag C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys
10:45:57.0134 9020 cag - ok
10:45:57.0181 9020 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:45:57.0181 9020 cdfs - ok
10:45:57.0212 9020 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:45:57.0212 9020 cdrom - ok
10:45:57.0259 9020 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:45:57.0259 9020 CertPropSvc - ok
10:45:57.0290 9020 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:45:57.0290 9020 circlass - ok
10:45:57.0321 9020 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:45:57.0337 9020 CLFS - ok
10:45:57.0399 9020 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:45:57.0415 9020 clr_optimization_v2.0.50727_32 - ok
10:45:57.0446 9020 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:45:57.0461 9020 clr_optimization_v2.0.50727_64 - ok
10:45:57.0524 9020 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:45:57.0539 9020 clr_optimization_v4.0.30319_32 - ok
10:45:57.0571 9020 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:45:57.0571 9020 clr_optimization_v4.0.30319_64 - ok
10:45:57.0602 9020 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
10:45:57.0617 9020 clwvd - ok
10:45:57.0649 9020 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:45:57.0649 9020 CmBatt - ok
10:45:57.0664 9020 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:45:57.0664 9020 cmdide - ok
10:45:57.0727 9020 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:45:57.0742 9020 CNG - ok
10:45:57.0773 9020 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:45:57.0773 9020 Compbatt - ok
10:45:57.0820 9020 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:45:57.0820 9020 CompositeBus - ok
10:45:57.0836 9020 COMSysApp - ok
10:45:57.0851 9020 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:45:57.0851 9020 crcdisk - ok
10:45:57.0898 9020 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:45:57.0914 9020 CryptSvc - ok
10:45:57.0992 9020 [ F02D7FD231AF76C69A8F09C619DEE384 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
10:45:57.0992 9020 ctxusbm - ok
10:45:58.0039 9020 [ 5C5EECDD72C392F05328356FFCDF19AB ] ctxva51 C:\Windows\system32\DRIVERS\ctxva51.sys
10:45:58.0039 9020 ctxva51 - ok
10:45:58.0085 9020 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:45:58.0117 9020 DcomLaunch - ok
10:45:58.0148 9020 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:45:58.0163 9020 defragsvc - ok
10:45:58.0195 9020 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:45:58.0195 9020 DfsC - ok
10:45:58.0241 9020 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:45:58.0257 9020 Dhcp - ok
10:45:58.0273 9020 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:45:58.0288 9020 discache - ok
10:45:58.0319 9020 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:45:58.0319 9020 Disk - ok
10:45:58.0366 9020 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
10:45:58.0366 9020 DNE - ok
10:45:58.0397 9020 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:45:58.0397 9020 Dnscache - ok
10:45:58.0460 9020 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:45:58.0475 9020 dot3svc - ok
10:45:58.0491 9020 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:45:58.0491 9020 DPS - ok
10:45:58.0538 9020 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:45:58.0538 9020 drmkaud - ok
10:45:58.0600 9020 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:45:58.0631 9020 DXGKrnl - ok
10:45:58.0678 9020 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:45:58.0678 9020 EapHost - ok
10:45:58.0787 9020 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:45:58.0897 9020 ebdrv - ok
10:45:58.0943 9020 [ 0C3F9EFF8DDD9F9EB56D754B4620155F ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:45:58.0975 9020 eeCtrl - ok
10:45:59.0006 9020 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:45:59.0006 9020 EFS - ok
10:45:59.0115 9020 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:45:59.0146 9020 ehRecvr - ok
10:45:59.0177 9020 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:45:59.0177 9020 ehSched - ok
10:45:59.0224 9020 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:45:59.0240 9020 elxstor - ok
10:45:59.0302 9020 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
10:45:59.0302 9020 EpsonBidirectionalService - ok
10:45:59.0365 9020 [ 757305C7AD34222F4A46D86FE0BEE241 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
10:45:59.0396 9020 EpsonCustomerParticipation - ok
10:45:59.0411 9020 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:45:59.0411 9020 ErrDev - ok
10:45:59.0489 9020 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:45:59.0505 9020 EventSystem - ok
10:45:59.0521 9020 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:45:59.0536 9020 exfat - ok
10:45:59.0567 9020 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:45:59.0567 9020 fastfat - ok
10:45:59.0614 9020 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:45:59.0645 9020 Fax - ok
10:45:59.0677 9020 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:45:59.0677 9020 fdc - ok
10:45:59.0708 9020 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:45:59.0708 9020 fdPHost - ok
10:45:59.0723 9020 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:45:59.0739 9020 FDResPub - ok
10:45:59.0770 9020 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:45:59.0770 9020 FileInfo - ok
10:45:59.0786 9020 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:45:59.0786 9020 Filetrace - ok
10:45:59.0833 9020 [ 3D9B36631032FDE0FFEA0DC0260E4E35 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:45:59.0864 9020 FLEXnet Licensing Service - ok
10:45:59.0911 9020 [ 52C0312AB35EB7187015FB6A99136BB5 ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
10:45:59.0942 9020 FLEXnet Licensing Service 64 - ok
10:45:59.0957 9020 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:45:59.0973 9020 flpydisk - ok
10:46:00.0004 9020 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:46:00.0020 9020 FltMgr - ok
10:46:00.0067 9020 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:46:00.0113 9020 FontCache - ok
10:46:00.0176 9020 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:46:00.0176 9020 FontCache3.0.0.0 - ok
10:46:00.0238 9020 [ CDC54DB949D1E2BBF86B0C7AB86B912E ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
10:46:00.0254 9020 FPLService - ok
10:46:00.0347 9020 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:46:00.0347 9020 FsDepends - ok
10:46:00.0379 9020 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:46:00.0379 9020 Fs_Rec - ok
10:46:00.0425 9020 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:46:00.0441 9020 fvevol - ok
10:46:00.0488 9020 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:46:00.0488 9020 gagp30kx - ok
10:46:00.0566 9020 [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
10:46:00.0581 9020 GameConsoleService - ok
10:46:00.0628 9020 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:46:00.0628 9020 GEARAspiWDM - ok
10:46:00.0691 9020 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:46:00.0722 9020 gpsvc - ok
10:46:00.0738 9020 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:46:00.0753 9020 hcw85cir - ok
10:46:00.0800 9020 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:46:00.0831 9020 HdAudAddService - ok
10:46:00.0847 9020 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:46:00.0862 9020 HDAudBus - ok
10:46:00.0878 9020 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:46:00.0878 9020 HidBatt - ok
10:46:00.0909 9020 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:46:00.0909 9020 HidBth - ok
10:46:00.0925 9020 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:46:00.0925 9020 HidIr - ok
10:46:00.0956 9020 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:46:00.0956 9020 hidserv - ok
10:46:00.0987 9020 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:46:00.0987 9020 HidUsb - ok
10:46:01.0003 9020 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:46:01.0018 9020 hkmsvc - ok
10:46:01.0065 9020 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:46:01.0065 9020 HomeGroupListener - ok
10:46:01.0096 9020 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:46:01.0112 9020 HomeGroupProvider - ok
10:46:01.0174 9020 [ 7A24AD37416B91E4B5E5B46BD25C075F ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
10:46:01.0190 9020 HP Health Check Service - ok
10:46:01.0237 9020 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
10:46:01.0237 9020 HP Wireless Assistant Service - ok
10:46:01.0268 9020 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
10:46:01.0268 9020 HPClientSvc - ok
10:46:01.0330 9020 [ 2A047E7E0F1018E3134A4065636F2025 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:46:01.0330 9020 HPDrvMntSvc.exe - ok
10:46:01.0362 9020 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
10:46:01.0362 9020 hpdskflt - ok
10:46:01.0393 9020 [ 59CB6A1CA093EDC2881598A45518857D ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
10:46:01.0440 9020 hpqwmiex - ok
10:46:01.0471 9020 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:46:01.0471 9020 HpSAMD - ok
10:46:01.0502 9020 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
10:46:01.0502 9020 hpsrv - ok
10:46:01.0564 9020 [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
10:46:01.0564 9020 HPWMISVC - ok
10:46:01.0611 9020 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:46:01.0642 9020 HTTP - ok
10:46:01.0674 9020 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:46:01.0674 9020 hwpolicy - ok
10:46:01.0705 9020 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:46:01.0720 9020 i8042prt - ok
10:46:01.0767 9020 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:46:01.0783 9020 iaStor - ok
10:46:01.0861 9020 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:46:01.0861 9020 IAStorDataMgrSvc - ok
10:46:01.0923 9020 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:46:01.0939 9020 iaStorV - ok
10:46:02.0064 9020 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:46:02.0095 9020 idsvc - ok
10:46:02.0188 9020 [ 18C40C3F368323B203ACE403CB430DB1 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120406.002\IDSvia64.sys
10:46:02.0204 9020 IDSVia64 - ok
10:46:02.0578 9020 [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:46:02.0890 9020 igfx - ok
10:46:02.0984 9020 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:46:02.0984 9020 iirsp - ok
10:46:03.0031 9020 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:46:03.0046 9020 IKEEXT - ok
10:46:03.0093 9020 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
10:46:03.0093 9020 IntcDAud - ok
10:46:03.0124 9020 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:46:03.0124 9020 intelide - ok
10:46:03.0156 9020 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:46:03.0156 9020 intelppm - ok
10:46:03.0234 9020 [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
10:46:03.0234 9020 IntuitUpdateServiceV4 - ok
10:46:03.0265 9020 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:46:03.0265 9020 IPBusEnum - ok
10:46:03.0312 9020 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:46:03.0312 9020 IpFilterDriver - ok
10:46:03.0358 9020 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:46:03.0390 9020 iphlpsvc - ok
10:46:03.0405 9020 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:46:03.0421 9020 IPMIDRV - ok
10:46:03.0436 9020 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:46:03.0452 9020 IPNAT - ok
10:46:03.0530 9020 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:46:03.0561 9020 iPod Service - ok
10:46:03.0577 9020 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:46:03.0577 9020 IRENUM - ok
10:46:03.0608 9020 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:46:03.0608 9020 isapnp - ok
10:46:03.0639 9020 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:46:03.0655 9020 iScsiPrt - ok
10:46:03.0670 9020 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:46:03.0670 9020 kbdclass - ok
10:46:03.0717 9020 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:46:03.0717 9020 kbdhid - ok
10:46:03.0733 9020 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:46:03.0748 9020 KeyIso - ok
10:46:03.0780 9020 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:46:03.0780 9020 KSecDD - ok
10:46:03.0826 9020 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:46:03.0826 9020 KSecPkg - ok
10:46:03.0858 9020 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:46:03.0858 9020 ksthunk - ok
10:46:03.0889 9020 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:46:03.0904 9020 KtmRm - ok
10:46:03.0967 9020 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:46:03.0967 9020 LanmanServer - ok
10:46:03.0998 9020 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:46:04.0014 9020 LanmanWorkstation - ok
10:46:04.0060 9020 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:46:04.0060 9020 LightScribeService - ok
10:46:04.0092 9020 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:46:04.0092 9020 lltdio - ok
10:46:04.0138 9020 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:46:04.0138 9020 lltdsvc - ok
10:46:04.0170 9020 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:46:04.0170 9020 lmhosts - ok
10:46:04.0216 9020 [ C463A25F01C6237295917417C5E9E344 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:46:04.0232 9020 LMS - ok
10:46:04.0294 9020 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:46:04.0294 9020 LSI_FC - ok
10:46:04.0310 9020 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:46:04.0310 9020 LSI_SAS - ok
10:46:04.0326 9020 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:46:04.0326 9020 LSI_SAS2 - ok
10:46:04.0341 9020 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:46:04.0341 9020 LSI_SCSI - ok
10:46:04.0372 9020 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:46:04.0372 9020 luafv - ok
10:46:04.0404 9020 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:46:04.0404 9020 Mcx2Svc - ok
10:46:04.0419 9020 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:46:04.0419 9020 megasas - ok
10:46:04.0435 9020 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:46:04.0450 9020 MegaSR - ok
10:46:04.0482 9020 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:46:04.0482 9020 MEIx64 - ok
10:46:04.0497 9020 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:46:04.0497 9020 MMCSS - ok
10:46:04.0513 9020 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:46:04.0513 9020 Modem - ok
10:46:04.0528 9020 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:46:04.0528 9020 monitor - ok
10:46:04.0560 9020 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:46:04.0560 9020 mouclass - ok
10:46:04.0591 9020 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:46:04.0591 9020 mouhid - ok
10:46:04.0638 9020 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:46:04.0653 9020 mountmgr - ok
10:46:04.0700 9020 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:46:04.0700 9020 MozillaMaintenance - ok
10:46:04.0731 9020 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:46:04.0731 9020 mpio - ok
10:46:04.0778 9020 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:46:04.0778 9020 mpsdrv - ok
10:46:04.0840 9020 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:46:04.0872 9020 MpsSvc - ok
10:46:04.0903 9020 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:46:04.0903 9020 MRxDAV - ok
10:46:04.0918 9020 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:46:04.0918 9020 mrxsmb - ok
10:46:04.0950 9020 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:46:04.0950 9020 mrxsmb10 - ok
10:46:04.0981 9020 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:46:04.0981 9020 mrxsmb20 - ok
10:46:04.0996 9020 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:46:05.0012 9020 msahci - ok
10:46:05.0043 9020 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:46:05.0043 9020 msdsm - ok
10:46:05.0059 9020 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:46:05.0074 9020 MSDTC - ok
10:46:05.0090 9020 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:46:05.0090 9020 Msfs - ok
10:46:05.0106 9020 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:46:05.0106 9020 mshidkmdf - ok
10:46:05.0121 9020 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:46:05.0121 9020 msisadrv - ok
10:46:05.0168 9020 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:46:05.0168 9020 MSiSCSI - ok
10:46:05.0168 9020 msiserver - ok
10:46:05.0199 9020 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:46:05.0199 9020 MSKSSRV - ok
10:46:05.0215 9020 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:46:05.0215 9020 MSPCLOCK - ok
10:46:05.0230 9020 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:46:05.0230 9020 MSPQM - ok
10:46:05.0262 9020 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:46:05.0262 9020 MsRPC - ok
10:46:05.0293 9020 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:46:05.0293 9020 mssmbios - ok
10:46:05.0308 9020 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:46:05.0308 9020 MSTEE - ok
10:46:05.0308 9020 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:46:05.0308 9020 MTConfig - ok
10:46:05.0324 9020 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:46:05.0324 9020 Mup - ok
10:46:05.0371 9020 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:46:05.0371 9020 napagent - ok
10:46:05.0418 9020 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:46:05.0418 9020 NativeWifiP - ok
10:46:05.0496 9020 [ 2DBE90210DE76BE6E1653BB20EC70EC2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120406.034\ENG64.SYS
10:46:05.0496 9020 NAVENG - ok
10:46:05.0589 9020 [ 346DA70E203B8E2C850277713DE8F71B ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120406.034\EX64.SYS
10:46:05.0683 9020 NAVEX15 - ok
10:46:05.0745 9020 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:46:05.0776 9020 NDIS - ok
10:46:05.0808 9020 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:46:05.0808 9020 NdisCap - ok
10:46:05.0839 9020 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:46:05.0839 9020 NdisTapi - ok
10:46:05.0870 9020 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:46:05.0870 9020 Ndisuio - ok
10:46:05.0917 9020 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:46:05.0917 9020 NdisWan - ok
10:46:05.0964 9020 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:46:05.0964 9020 NDProxy - ok
10:46:05.0995 9020 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:46:05.0995 9020 NetBIOS - ok
10:46:06.0042 9020 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:46:06.0057 9020 NetBT - ok
10:46:06.0073 9020 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:46:06.0073 9020 Netlogon - ok
10:46:06.0104 9020 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:46:06.0135 9020 Netman - ok
10:46:06.0151 9020 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:46:06.0182 9020 netprofm - ok
10:46:06.0229 9020 [ 24CF1304D899124336F67F88F3C15E21 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
10:46:06.0260 9020 netr28x - ok
10:46:06.0276 9020 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:46:06.0291 9020 NetTcpPortSharing - ok
10:46:06.0447 9020 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
10:46:06.0603 9020 netw5v64 - ok
10:46:06.0619 9020 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:46:06.0619 9020 nfrd960 - ok
10:46:06.0681 9020 [ E78A365CC3E0FBFC018A33DCE01909F8 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
10:46:06.0681 9020 NIS - ok
10:46:06.0712 9020 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:46:06.0728 9020 NlaSvc - ok
10:46:06.0744 9020 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:46:06.0759 9020 Npfs - ok
10:46:06.0790 9020 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:46:06.0790 9020 nsi - ok
10:46:06.0806 9020 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:46:06.0806 9020 nsiproxy - ok
10:46:06.0868 9020 [ 08849429CE646B4D10892D239F9D6A7A ] nsverctl C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
10:46:06.0868 9020 nsverctl - ok
10:46:06.0946 9020 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:46:06.0993 9020 Ntfs - ok
10:46:07.0024 9020 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:46:07.0024 9020 Null - ok
10:46:07.0071 9020 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
10:46:07.0087 9020 nusb3hub - ok
10:46:07.0149 9020 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:46:07.0165 9020 nusb3xhc - ok
10:46:07.0180 9020 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:46:07.0196 9020 nvraid - ok
10:46:07.0212 9020 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:46:07.0227 9020 nvstor - ok
10:46:07.0243 9020 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:46:07.0243 9020 nv_agp - ok
10:46:07.0461 9020 [ 19CC46ACD6B17CE92336B33A2018765D ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
10:46:07.0492 9020 OfficeSvc - ok
10:46:07.0524 9020 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:46:07.0524 9020 ohci1394 - ok
10:46:07.0602 9020 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:46:07.0602 9020 ose - ok
10:46:07.0789 9020 [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:46:07.0914 9020 osppsvc - ok
10:46:07.0960 9020 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:46:07.0976 9020 p2pimsvc - ok
10:46:07.0992 9020 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:46:08.0007 9020 p2psvc - ok
10:46:08.0038 9020 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:46:08.0038 9020 Parport - ok
10:46:08.0054 9020 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:46:08.0054 9020 partmgr - ok
10:46:08.0070 9020 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:46:08.0070 9020 PcaSvc - ok
10:46:08.0101 9020 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:46:08.0101 9020 pci - ok
10:46:08.0116 9020 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:46:08.0132 9020 pciide - ok
10:46:08.0132 9020 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:46:08.0148 9020 pcmcia - ok
10:46:08.0148 9020 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:46:08.0163 9020 pcw - ok
10:46:08.0179 9020 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:46:08.0194 9020 PEAUTH - ok
10:46:08.0319 9020 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:46:08.0319 9020 PerfHost - ok
10:46:08.0397 9020 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:46:08.0428 9020 pla - ok
10:46:08.0475 9020 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:46:08.0491 9020 PlugPlay - ok
10:46:08.0522 9020 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:46:08.0522 9020 PNRPAutoReg - ok
10:46:08.0553 9020 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:46:08.0569 9020 PNRPsvc - ok
10:46:08.0600 9020 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:46:08.0616 9020 PolicyAgent - ok
10:46:08.0662 9020 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:46:08.0662 9020 Power - ok
10:46:08.0709 9020 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:46:08.0709 9020 PptpMiniport - ok
10:46:08.0740 9020 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:46:08.0740 9020 Processor - ok
10:46:08.0772 9020 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:46:08.0787 9020 ProfSvc - ok
10:46:08.0803 9020 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:46:08.0803 9020 ProtectedStorage - ok
10:46:08.0834 9020 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:46:08.0834 9020 Psched - ok
10:46:08.0896 9020 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:46:08.0943 9020 ql2300 - ok
10:46:08.0959 9020 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:46:08.0959 9020 ql40xx - ok
10:46:09.0006 9020 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:46:09.0006 9020 QWAVE - ok
10:46:09.0021 9020 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:46:09.0021 9020 QWAVEdrv - ok
10:46:09.0037 9020 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:46:09.0037 9020 RasAcd - ok
10:46:09.0068 9020 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:46:09.0068 9020 RasAgileVpn - ok
10:46:09.0099 9020 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:46:09.0115 9020 RasAuto - ok
10:46:09.0130 9020 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:46:09.0146 9020 Rasl2tp - ok
10:46:09.0177 9020 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:46:09.0193 9020 RasMan - ok
10:46:09.0224 9020 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:46:09.0240 9020 RasPppoe - ok
10:46:09.0255 9020 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:46:09.0271 9020 RasSstp - ok
10:46:09.0302 9020 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:46:09.0302 9020 rdbss - ok
10:46:09.0333 9020 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:46:09.0333 9020 rdpbus - ok
10:46:09.0364 9020 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:46:09.0364 9020 RDPCDD - ok
10:46:09.0380 9020 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:46:09.0380 9020 RDPENCDD - ok
10:46:09.0411 9020 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:46:09.0411 9020 RDPREFMP - ok
10:46:09.0442 9020 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:46:09.0442 9020 RDPWD - ok
10:46:09.0505 9020 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:46:09.0505 9020 rdyboost - ok
10:46:09.0536 9020 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:46:09.0552 9020 RemoteAccess - ok
10:46:09.0583 9020 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:46:09.0583 9020 RemoteRegistry - ok
10:46:09.0630 9020 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:46:09.0630 9020 RFCOMM - ok
10:46:09.0708 9020 [ C1568E17039B2EC2B73A4F880DDD51E5 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
10:46:09.0723 9020 RoxioNow Service - ok
10:46:09.0754 9020 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:46:09.0754 9020 RpcEptMapper - ok
10:46:09.0786 9020 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:46:09.0801 9020 RpcLocator - ok
10:46:09.0832 9020 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:46:09.0848 9020 RpcSs - ok
10:46:09.0895 9020 [ D5C3E1629A3F7F0857D27949252B94CE ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
10:46:09.0910 9020 RSPCIESTOR - ok
10:46:09.0942 9020 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:46:09.0942 9020 rspndr - ok
10:46:09.0988 9020 [ 5D6A444BD37B52FF846387C87DCDF98A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:46:09.0988 9020 RTL8167 - ok
10:46:10.0004 9020 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:46:10.0004 9020 SamSs - ok
10:46:10.0051 9020 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:46:10.0051 9020 sbp2port - ok
10:46:10.0082 9020 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:46:10.0082 9020 SCardSvr - ok
10:46:10.0113 9020 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:46:10.0113 9020 scfilter - ok
10:46:10.0176 9020 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:46:10.0222 9020 Schedule - ok
10:46:10.0254 9020 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:46:10.0254 9020 SCPolicySvc - ok
10:46:10.0300 9020 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
10:46:10.0300 9020 sdbus - ok
10:46:10.0332 9020 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:46:10.0347 9020 SDRSVC - ok
10:46:10.0378 9020 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:46:10.0378 9020 secdrv - ok
10:46:10.0394 9020 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:46:10.0394 9020 seclogon - ok
10:46:10.0425 9020 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:46:10.0441 9020 SENS - ok
10:46:10.0456 9020 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:46:10.0472 9020 SensrSvc - ok
10:46:10.0488 9020 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:46:10.0488 9020 Serenum - ok
10:46:10.0503 9020 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:46:10.0519 9020 Serial - ok
10:46:10.0550 9020 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:46:10.0550 9020 sermouse - ok
10:46:10.0597 9020 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:46:10.0612 9020 SessionEnv - ok
10:46:10.0644 9020 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:46:10.0644 9020 sffdisk - ok
10:46:10.0659 9020 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:46:10.0659 9020 sffp_mmc - ok
10:46:10.0675 9020 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:46:10.0690 9020 sffp_sd - ok
10:46:10.0722 9020 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:46:10.0722 9020 sfloppy - ok
10:46:10.0753 9020 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:46:10.0784 9020 SharedAccess - ok
10:46:10.0831 9020 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:46:10.0846 9020 ShellHWDetection - ok
10:46:10.0878 9020 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:46:10.0893 9020 SiSRaid2 - ok
10:46:10.0893 9020 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:46:10.0893 9020 SiSRaid4 - ok
10:46:10.0987 9020 [ 3467821FD04A66C9786DF0C8C0219A73 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:46:10.0987 9020 SkypeUpdate - ok
10:46:11.0018 9020 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:46:11.0018 9020 Smb - ok
10:46:11.0065 9020 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:46:11.0065 9020 SNMPTRAP - ok
10:46:11.0080 9020 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:46:11.0080 9020 spldr - ok
10:46:11.0127 9020 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:46:11.0205 9020 Spooler - ok
10:46:11.0314 9020 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:46:11.0424 9020 sppsvc - ok
10:46:11.0470 9020 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:46:11.0470 9020 sppuinotify - ok
10:46:11.0548 9020 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
10:46:11.0580 9020 SRTSP - ok
10:46:11.0611 9020 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
10:46:11.0611 9020 SRTSPX - ok
10:46:11.0658 9020 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:46:11.0673 9020 srv - ok
10:46:11.0704 9020 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:46:11.0720 9020 srv2 - ok
10:46:11.0751 9020 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:46:11.0767 9020 SrvHsfHDA - ok
10:46:11.0814 9020 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:46:11.0876 9020 SrvHsfV92 - ok
10:46:11.0923 9020 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:46:11.0954 9020 SrvHsfWinac - ok
10:46:11.0970 9020 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:46:11.0985 9020 srvnet - ok
10:46:12.0032 9020 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:46:12.0032 9020 SSDPSRV - ok
10:46:12.0048 9020 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:46:12.0048 9020 SstpSvc - ok
10:46:12.0126 9020 [ 7C49A5E1943AFDA4672D80726AF3BAE4 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
10:46:12.0126 9020 STacSV - ok
10:46:12.0157 9020 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:46:12.0157 9020 stexstor - ok
10:46:12.0204 9020 [ 0AAD250A31A7EE96E0945AB9E1F3BAA7 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
10:46:12.0219 9020 STHDA - ok
10:46:12.0282 9020 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:46:12.0313 9020 stisvc - ok
10:46:12.0328 9020 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:46:12.0344 9020 swenum - ok
10:46:12.0391 9020 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:46:12.0406 9020 swprv - ok
10:46:12.0453 9020 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
10:46:12.0469 9020 SymDS - ok
10:46:12.0516 9020 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
10:46:12.0547 9020 SymEFA - ok
10:46:12.0578 9020 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:46:12.0594 9020 SymEvent - ok
10:46:12.0609 9020 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
10:46:12.0625 9020 SymIRON - ok
10:46:12.0656 9020 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
10:46:12.0672 9020 SymNetS - ok
10:46:12.0750 9020 [ 33E6A285DAA5134D8EA2247914C86C09 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:46:12.0812 9020 SynTP - ok
10:46:12.0890 9020 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:46:12.0937 9020 SysMain - ok
10:46:12.0968 9020 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:46:12.0968 9020 TabletInputService - ok
10:46:13.0015 9020 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:46:13.0030 9020 TapiSrv - ok
10:46:13.0062 9020 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:46:13.0062 9020 TBS - ok
10:46:13.0140 9020 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:46:13.0202 9020 Tcpip - ok
10:46:13.0280 9020 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:46:13.0311 9020 TCPIP6 - ok
10:46:13.0327 9020 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:46:13.0327 9020 tcpipreg - ok
10:46:13.0358 9020 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:46:13.0358 9020 TDPIPE - ok
10:46:13.0374 9020 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:46:13.0389 9020 TDTCP - ok
10:46:13.0420 9020 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:46:13.0420 9020 tdx - ok
10:46:13.0452 9020 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:46:13.0452 9020 TermDD - ok
10:46:13.0483 9020 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:46:13.0498 9020 TermService - ok
10:46:13.0514 9020 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:46:13.0514 9020 Themes - ok
10:46:13.0545 9020 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:46:13.0545 9020 THREADORDER - ok
10:46:13.0561 9020 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:46:13.0561 9020 TrkWks - ok
10:46:13.0623 9020 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:46:13.0623 9020 TrustedInstaller - ok
10:46:13.0670 9020 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:46:13.0670 9020 tssecsrv - ok
10:46:13.0732 9020 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:46:13.0732 9020 TsUsbFlt - ok
10:46:13.0779 9020 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:46:13.0779 9020 tunnel - ok
10:46:13.0810 9020 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:46:13.0810 9020 uagp35 - ok
10:46:13.0857 9020 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:46:13.0857 9020 udfs - ok
10:46:13.0935 9020 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:46:13.0935 9020 UI0Detect - ok
10:46:13.0982 9020 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:46:13.0982 9020 uliagpkx - ok
10:46:13.0998 9020 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:46:14.0013 9020 umbus - ok
10:46:14.0029 9020 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:46:14.0029 9020 UmPass - ok
10:46:14.0185 9020 [ 3A1ECEF8D49FC1A786A6CCD5A86A8878 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:46:14.0278 9020 UNS - ok
10:46:14.0310 9020 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:46:14.0325 9020 upnphost - ok
10:46:14.0372 9020 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:46:14.0372 9020 USBAAPL64 - ok
10:46:14.0403 9020 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:46:14.0403 9020 usbccgp - ok
10:46:14.0434 9020 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:46:14.0434 9020 usbcir - ok
10:46:14.0466 9020 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:46:14.0466 9020 usbehci - ok
10:46:14.0497 9020 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:46:14.0512 9020 usbhub - ok
10:46:14.0528 9020 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:46:14.0528 9020 usbohci - ok
10:46:14.0559 9020 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:46:14.0559 9020 usbprint - ok
10:46:14.0622 9020 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:46:14.0622 9020 USBSTOR - ok
10:46:14.0653 9020 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:46:14.0653 9020 usbuhci - ok
10:46:14.0700 9020 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:46:14.0700 9020 usbvideo - ok
10:46:14.0731 9020 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:46:14.0731 9020 UxSms - ok
10:46:14.0746 9020 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:46:14.0746 9020 VaultSvc - ok
10:46:14.0778 9020 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:46:14.0778 9020 vdrvroot - ok
10:46:14.0824 9020 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:46:14.0856 9020 vds - ok
10:46:14.0871 9020 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:46:14.0887 9020 vga - ok
10:46:14.0902 9020 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:46:14.0918 9020 VgaSave - ok
10:46:14.0934 9020 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:46:14.0949 9020 vhdmp - ok
10:46:14.0980 9020 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:46:14.0980 9020 viaide - ok
10:46:14.0996 9020 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:46:15.0012 9020 volmgr - ok
10:46:15.0043 9020 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:46:15.0058 9020 volmgrx - ok
10:46:15.0090 9020 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:46:15.0105 9020 volsnap - ok
10:46:15.0121 9020 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:46:15.0136 9020 vsmraid - ok
10:46:15.0199 9020 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:46:15.0292 9020 VSS - ok
10:46:15.0324 9020 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:46:15.0324 9020 vwifibus - ok
10:46:15.0355 9020 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:46:15.0355 9020 vwififlt - ok
10:46:15.0402 9020 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:46:15.0417 9020 W32Time - ok
10:46:15.0448 9020 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:46:15.0448 9020 WacomPen - ok
10:46:15.0511 9020 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:46:15.0511 9020 WANARP - ok
10:46:15.0526 9020 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:46:15.0526 9020 Wanarpv6 - ok
10:46:15.0604 9020 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:46:15.0651 9020 WatAdminSvc - ok
10:46:15.0714 9020 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:46:15.0792 9020 wbengine - ok
10:46:15.0823 9020 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:46:15.0838 9020 WbioSrvc - ok
10:46:15.0870 9020 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:46:15.0901 9020 wcncsvc - ok
10:46:15.0916 9020 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:46:15.0916 9020 WcsPlugInService - ok
10:46:15.0948 9020 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:46:15.0948 9020 Wd - ok
10:46:15.0994 9020 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:46:16.0026 9020 Wdf01000 - ok
10:46:16.0041 9020 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:46:16.0041 9020 WdiServiceHost - ok
10:46:16.0057 9020 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:46:16.0057 9020 WdiSystemHost - ok
10:46:16.0104 9020 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:46:16.0119 9020 WebClient - ok
10:46:16.0150 9020 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:46:16.0182 9020 Wecsvc - ok
10:46:16.0197 9020 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:46:16.0197 9020 wercplsupport - ok
10:46:16.0213 9020 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:46:16.0228 9020 WerSvc - ok
10:46:16.0275 9020 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:46:16.0275 9020 WfpLwf - ok
10:46:16.0291 9020 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:46:16.0291 9020 WIMMount - ok
10:46:16.0306 9020 WinDefend - ok
10:46:16.0322 9020 WinHttpAutoProxySvc - ok
10:46:16.0369 9020 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:46:16.0384 9020 Winmgmt - ok
10:46:16.0447 9020 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:46:16.0540 9020 WinRM - ok
10:46:16.0587 9020 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
10:46:16.0587 9020 WinUsb - ok
10:46:16.0634 9020 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:46:16.0665 9020 Wlansvc - ok
10:46:16.0681 9020 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:46:16.0696 9020 WmiAcpi - ok
10:46:16.0728 9020 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:46:16.0728 9020 wmiApSrv - ok
10:46:16.0774 9020 WMPNetworkSvc - ok
10:46:16.0806 9020 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:46:16.0821 9020 WPCSvc - ok
10:46:16.0837 9020 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:46:16.0852 9020 WPDBusEnum - ok
10:46:16.0868 9020 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:46:16.0884 9020 ws2ifsl - ok
10:46:16.0899 9020 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
10:46:16.0899 9020 wscsvc - ok
10:46:16.0930 9020 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
10:46:16.0930 9020 WSDPrintDevice - ok
10:46:16.0962 9020 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
10:46:16.0962 9020 WSDScan - ok
10:46:16.0962 9020 WSearch - ok
10:46:17.0102 9020 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:46:17.0180 9020 wuauserv - ok
10:46:17.0211 9020 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:46:17.0211 9020 WudfPf - ok
10:46:17.0227 9020 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:46:17.0242 9020 WUDFRd - ok
10:46:17.0242 9020 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:46:17.0258 9020 wudfsvc - ok
10:46:17.0289 9020 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:46:17.0289 9020 WwanSvc - ok
10:46:17.0352 9020 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
10:46:17.0352 9020 yukonw7 - ok
10:46:17.0398 9020 ================ Scan global ===============================
10:46:17.0430 9020 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:46:17.0461 9020 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
10:46:17.0476 9020 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
10:46:17.0508 9020 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:46:17.0523 9020 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:46:17.0539 9020 [Global] - ok
10:46:17.0539 9020 ================ Scan MBR ==================================
10:46:17.0554 9020 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:46:17.0866 9020 \Device\Harddisk0\DR0 - ok
10:46:17.0866 9020 ================ Scan VBR ==================================
10:46:17.0882 9020 [ 22DD9776BBBCE3ACA8CE6E6ABE32B66F ] \Device\Harddisk0\DR0\Partition1
10:46:17.0882 9020 \Device\Harddisk0\DR0\Partition1 - ok
10:46:17.0898 9020 [ 2DD336662FEAF8DFCB7D6393A56BD338 ] \Device\Harddisk0\DR0\Partition2
10:46:17.0898 9020 \Device\Harddisk0\DR0\Partition2 - ok
10:46:17.0944 9020 [ 9A38CA6698648C1C930FDE0569DC7C92 ] \Device\Harddisk0\DR0\Partition3
10:46:17.0960 9020 \Device\Harddisk0\DR0\Partition3 - ok
10:46:18.0007 9020 [ E538711485DBF7D37B15663ED2DFF791 ] \Device\Harddisk0\DR0\Partition4
10:46:18.0022 9020 \Device\Harddisk0\DR0\Partition4 - ok
10:46:18.0022 9020 ============================================================
10:46:18.0022 9020 Scan finished
10:46:18.0022 9020 ============================================================
10:46:18.0038 6288 Detected object count: 0
10:46:18.0038 6288 Actual detected object count: 0
10:46:35.0058 9100 ============================================================
10:46:35.0058 9100 Scan started
10:46:35.0058 9100 Mode: Manual; SigCheck; TDLFS; 
10:46:35.0058 9100 ============================================================
10:46:35.0276 9100 ================ Scan system memory ========================
10:46:35.0276 9100 System memory - ok
10:46:35.0276 9100 ================ Scan services =============================
10:46:35.0463 9100 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:46:35.0650 9100 1394ohci - ok
10:46:35.0682 9100 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
10:46:35.0713 9100 Accelerometer - ok
10:46:35.0760 9100 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:46:35.0791 9100 ACPI - ok
10:46:35.0806 9100 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:46:35.0916 9100 AcpiPmi - ok
10:46:36.0009 9100 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:46:36.0040 9100 AdobeARMservice - ok
10:46:36.0165 9100 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:46:36.0181 9100 AdobeFlashPlayerUpdateSvc - ok
10:46:36.0243 9100 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:46:36.0274 9100 adp94xx - ok
10:46:36.0290 9100 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:46:36.0321 9100 adpahci - ok
10:46:36.0321 9100 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:46:36.0337 9100 adpu320 - ok
10:46:36.0368 9100 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:46:36.0555 9100 AeLookupSvc - ok
10:46:36.0618 9100 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
10:46:36.0711 9100 AESTFilters - ok
10:46:36.0758 9100 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:46:36.0836 9100 AFD - ok
10:46:36.0867 9100 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:46:36.0898 9100 agp440 - ok
10:46:36.0930 9100 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:46:37.0023 9100 ALG - ok
10:46:37.0054 9100 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:46:37.0070 9100 aliide - ok
10:46:37.0086 9100 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:46:37.0117 9100 amdide - ok
10:46:37.0148 9100 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:46:37.0226 9100 AmdK8 - ok
10:46:37.0226 9100 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:46:37.0288 9100 AmdPPM - ok
10:46:37.0320 9100 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:46:37.0351 9100 amdsata - ok
10:46:37.0366 9100 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:46:37.0398 9100 amdsbs - ok
10:46:37.0398 9100 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:46:37.0413 9100 amdxata - ok
10:46:37.0444 9100 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:46:37.0663 9100 AppID - ok
10:46:37.0694 9100 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:46:37.0803 9100 AppIDSvc - ok
10:46:37.0819 9100 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:46:37.0928 9100 Appinfo - ok
10:46:37.0990 9100 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:46:38.0022 9100 Apple Mobile Device - ok
10:46:38.0053 9100 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:46:38.0068 9100 arc - ok
10:46:38.0084 9100 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:46:38.0115 9100 arcsas - ok
10:46:38.0131 9100 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:46:38.0209 9100 AsyncMac - ok
10:46:38.0240 9100 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:46:38.0271 9100 atapi - ok
10:46:38.0334 9100 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:46:38.0443 9100 AudioEndpointBuilder - ok
10:46:38.0474 9100 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:46:38.0552 9100 AudioSrv - ok
10:46:38.0568 9100 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:46:38.0692 9100 AxInstSV - ok
10:46:38.0739 9100 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:46:38.0817 9100 b06bdrv - ok
10:46:38.0833 9100 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:46:38.0895 9100 b57nd60a - ok
10:46:38.0926 9100 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:46:39.0004 9100 BDESVC - ok
10:46:39.0020 9100 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:46:39.0129 9100 Beep - ok
10:46:39.0176 9100 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:46:39.0301 9100 BFE - ok
10:46:39.0457 9100 [ 6C64FA457C200874FAA87D74152E0D84 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
10:46:39.0519 9100 BHDrvx64 - ok
10:46:39.0550 9100 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:46:39.0644 9100 BITS - ok
10:46:39.0675 9100 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:46:39.0722 9100 blbdrive - ok
10:46:39.0894 9100 [ E7062088161C56BF42E7DBA53664E584 ] Bluetooth Device Manager C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
10:46:39.0956 9100 Bluetooth Device Manager - ok
10:46:39.0987 9100 [ 21B1CB06C0254BBC08B8C30D8F282E69 ] Bluetooth Media Service C:\Program Files\Motorola\Bluetooth\audiosrv.exe
10:46:40.0003 9100 Bluetooth Media Service - ok
10:46:40.0034 9100 [ 0BC0DC720F22A9D6D721FD5B7D15E84F ] Bluetooth OBEX Service C:\Program Files\Motorola\Bluetooth\obexsrv.exe
10:46:40.0050 9100 Bluetooth OBEX Service - ok
10:46:40.0081 9100 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:46:40.0112 9100 Bonjour Service - ok
10:46:40.0143 9100 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:46:40.0221 9100 bowser - ok
10:46:40.0252 9100 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:46:40.0346 9100 BrFiltLo - ok
10:46:40.0362 9100 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:46:40.0393 9100 BrFiltUp - ok
10:46:40.0424 9100 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:46:40.0486 9100 Browser - ok
10:46:40.0518 9100 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:46:40.0596 9100 Brserid - ok
10:46:40.0596 9100 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:46:40.0642 9100 BrSerWdm - ok
10:46:40.0642 9100 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:46:40.0674 9100 BrUsbMdm - ok
10:46:40.0674 9100 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:46:40.0705 9100 BrUsbSer - ok
10:46:40.0736 9100 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:46:40.0830 9100 BthEnum - ok
10:46:40.0861 9100 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:46:40.0908 9100 BTHMODEM - ok
10:46:40.0954 9100 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:46:41.0017 9100 BthPan - ok
10:46:41.0064 9100 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
10:46:41.0173 9100 BTHPORT - ok
10:46:41.0204 9100 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:46:41.0298 9100 bthserv - ok
10:46:41.0344 9100 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
10:46:41.0391 9100 BTHUSB - ok
10:46:41.0438 9100 [ 6D3FF2B480F7AB8DA103CBC7FBEACD48 ] BTMCOM C:\Windows\system32\Drivers\btmcom.sys
10:46:41.0500 9100  BTMCOM - ok
10:46:41.0532 9100 [ 8AEF214DD4816AF9AFB5D425F7302DAE ] BTMNET C:\Windows\system32\DRIVERS\btmnet.sys
10:46:41.0766 9100 BTMNET - ok
10:46:41.0797 9100 [ 8515AA7DC5ECEBDFCC480D2001398BD7 ] BTMUSB C:\Windows\system32\Drivers\btmusb.sys
10:46:41.0875 9100 BTMUSB - ok
10:46:41.0937 9100 [ 37B50B3A19CD1F3BB751FCD9C33ACDAF ] cag C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys
10:46:41.0968 9100 cag - ok
10:46:41.0984 9100 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:46:42.0093 9100 cdfs - ok
10:46:42.0124 9100 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:46:42.0187 9100 cdrom - ok
10:46:42.0218 9100 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:46:42.0327 9100 CertPropSvc - ok
10:46:42.0358 9100 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:46:42.0436 9100 circlass - ok
10:46:42.0483 9100 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:46:42.0530 9100 CLFS - ok
10:46:42.0592 9100 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:46:42.0624 9100 clr_optimization_v2.0.50727_32 - ok
10:46:42.0655 9100 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:46:42.0686 9100 clr_optimization_v2.0.50727_64 - ok
10:46:42.0733 9100 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:46:42.0764 9100 clr_optimization_v4.0.30319_32 - ok
10:46:42.0795 9100 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:46:42.0811 9100 clr_optimization_v4.0.30319_64 - ok
10:46:42.0842 9100 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
10:46:42.0858 9100 clwvd - ok
10:46:42.0873 9100 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:46:42.0920 9100 CmBatt - ok
10:46:42.0967 9100 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:46:42.0998 9100 cmdide - ok
10:46:43.0029 9100 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:46:43.0092 9100 CNG - ok
10:46:43.0123 9100 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:46:43.0138 9100 Compbatt - ok
10:46:43.0154 9100 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:46:43.0201 9100 CompositeBus - ok
10:46:43.0216 9100 COMSysApp - ok
10:46:43.0232 9100 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:46:43.0263 9100 crcdisk - ok
10:46:43.0294 9100 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:46:43.0372 9100 CryptSvc - ok
10:46:43.0419 9100 [ F02D7FD231AF76C69A8F09C619DEE384 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
10:46:43.0450 9100 ctxusbm - ok
10:46:43.0482 9100 [ 5C5EECDD72C392F05328356FFCDF19AB ] ctxva51 C:\Windows\system32\DRIVERS\ctxva51.sys
10:46:43.0497 9100 ctxva51 - ok
10:46:43.0528 9100 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:46:43.0653 9100 DcomLaunch - ok
10:46:43.0684 9100 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:46:43.0794 9100 defragsvc - ok
10:46:43.0840 9100 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:46:43.0934 9100 DfsC - ok
10:46:43.0981 9100 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:46:44.0059 9100 Dhcp - ok
10:46:44.0090 9100 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:46:44.0199 9100 discache - ok
10:46:44.0230 9100 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:46:44.0246 9100 Disk - ok
10:46:44.0277 9100 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
10:46:44.0293 9100 DNE - ok
10:46:44.0324 9100 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:46:44.0402 9100 Dnscache - ok
10:46:44.0449 9100 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:46:44.0542 9100 dot3svc - ok
10:46:44.0589 9100 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:46:44.0667 9100 DPS - ok
10:46:44.0698 9100 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:46:44.0761 9100 drmkaud - ok
10:46:44.0808 9100 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:46:44.0854 9100 DXGKrnl - ok
10:46:44.0886 9100 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:46:44.0995 9100 EapHost - ok
10:46:45.0104 9100 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:46:45.0198 9100 ebdrv - ok
10:46:45.0244 9100 [ 0C3F9EFF8DDD9F9EB56D754B4620155F ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:46:45.0276 9100 eeCtrl - ok
10:46:45.0307 9100 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:46:45.0369 9100 EFS - ok
10:46:45.0432 9100 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:46:45.0510 9100 ehRecvr - ok
10:46:45.0541 9100 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:46:45.0619 9100 ehSched - ok
10:46:45.0650 9100 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:46:45.0697 9100 elxstor - ok
10:46:45.0759 9100 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
10:46:45.0790 9100 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
10:46:45.0790 9100 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
10:46:45.0837 9100 [ 757305C7AD34222F4A46D86FE0BEE241 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
10:46:45.0868 9100 EpsonCustomerParticipation - ok
10:46:45.0900 9100 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:46:45.0946 9100 ErrDev - ok
10:46:46.0009 9100 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:46:46.0134 9100 EventSystem - ok
10:46:46.0165 9100 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:46:46.0258 9100 exfat - ok
10:46:46.0274 9100 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:46:46.0352 9100 fastfat - ok
10:46:46.0414 9100 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:46:46.0508 9100 Fax - ok
10:46:46.0524 9100 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:46:46.0570 9100 fdc - ok
10:46:46.0617 9100 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:46:46.0695 9100 fdPHost - ok
10:46:46.0695 9100 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:46:46.0789 9100 FDResPub - ok
10:46:46.0820 9100 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:46:46.0836 9100 FileInfo - ok
10:46:46.0851 9100 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:46:46.0945 9100 Filetrace - ok
10:46:46.0992 9100 [ 3D9B36631032FDE0FFEA0DC0260E4E35 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:46:47.0007 9100 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:46:47.0007 9100 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
10:46:47.0054 9100 [ 52C0312AB35EB7187015FB6A99136BB5 ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
10:46:47.0085 9100 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - warning
10:46:47.0085 9100 FLEXnet Licensing Service 64 - detected UnsignedFile.Multi.Generic (1)
10:46:47.0101 9100 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:46:47.0132 9100 flpydisk - ok
10:46:47.0163 9100 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:46:47.0194 9100 FltMgr - ok
10:46:47.0241 9100 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:46:47.0335 9100 FontCache - ok
10:46:47.0382 9100 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:46:47.0413 9100 FontCache3.0.0.0 - ok
10:46:47.0460 9100 [ CDC54DB949D1E2BBF86B0C7AB86B912E ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
10:46:47.0491 9100 FPLService - ok
10:46:47.0522 9100 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:46:47.0538 9100 FsDepends - ok
10:46:47.0569 9100 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:46:47.0584 9100 Fs_Rec - ok
10:46:47.0631 9100 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:46:47.0662 9100 fvevol - ok
10:46:47.0678 9100 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:46:47.0694 9100 gagp30kx - ok
10:46:47.0756 9100 [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
10:46:47.0787 9100 GameConsoleService - ok
10:46:47.0818 9100 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:46:47.0834 9100 GEARAspiWDM - ok
10:46:47.0881 9100 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:46:47.0974 9100 gpsvc - ok
10:46:48.0006 9100 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:46:48.0068 9100 hcw85cir - ok
10:46:48.0099 9100 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:46:48.0146 9100 HdAudAddService - ok
10:46:48.0177 9100 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:46:48.0224 9100 HDAudBus - ok
10:46:48.0255 9100 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:46:48.0302 9100 HidBatt - ok
10:46:48.0318 9100 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:46:48.0349 9100 HidBth - ok
10:46:48.0364 9100 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:46:48.0411 9100 HidIr - ok
10:46:48.0442 9100 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:46:48.0552 9100 hidserv - ok
10:46:48.0567 9100 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:46:48.0583 9100 HidUsb - ok
10:46:48.0598 9100 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:46:48.0676 9100 hkmsvc - ok
10:46:48.0708 9100 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:46:48.0739 9100 HomeGroupListener - ok
10:46:48.0770 9100 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:46:48.0817 9100 HomeGroupProvider - ok
10:46:48.0879 9100 [ 7A24AD37416B91E4B5E5B46BD25C075F ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
10:46:48.0910 9100 HP Health Check Service - ok
10:46:48.0957 9100 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
10:46:48.0988 9100 HP Wireless Assistant Service - ok
10:46:49.0020 9100 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
10:46:49.0051 9100 HPClientSvc - ok
10:46:49.0098 9100 [ 2A047E7E0F1018E3134A4065636F2025 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:46:49.0129 9100 HPDrvMntSvc.exe - ok
10:46:49.0160 9100 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
10:46:49.0176 9100 hpdskflt - ok
10:46:49.0207 9100 [ 59CB6A1CA093EDC2881598A45518857D ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
10:46:49.0254 9100 hpqwmiex - ok
10:46:49.0285 9100 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:46:49.0300 9100 HpSAMD - ok
10:46:49.0316 9100 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
10:46:49.0332 9100 hpsrv - ok
10:46:49.0363 9100 [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
10:46:49.0363 9100 HPWMISVC - ok
10:46:49.0410 9100 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:46:49.0503 9100 HTTP - ok
10:46:49.0519 9100 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:46:49.0534 9100 hwpolicy - ok
10:46:49.0566 9100 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:46:49.0597 9100 i8042prt - ok
10:46:49.0644 9100 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:46:49.0675 9100 iaStor - ok
10:46:49.0722 9100 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:46:49.0737 9100 IAStorDataMgrSvc - ok
10:46:49.0768 9100 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:46:49.0800 9100 iaStorV - ok
10:46:49.0862 9100 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:46:49.0909 9100 idsvc - ok
10:46:50.0002 9100 [ 18C40C3F368323B203ACE403CB430DB1 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120406.002\IDSvia64.sys
10:46:50.0034 9100 IDSVia64 - ok
10:46:50.0299 9100 [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:46:50.0486 9100 igfx - ok
10:46:50.0533 9100 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:46:50.0548 9100 iirsp - ok
10:46:50.0595 9100 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:46:50.0642 9100 IKEEXT - ok
10:46:50.0673 9100 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
10:46:50.0736 9100 IntcDAud - ok
10:46:50.0767 9100 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:46:50.0782 9100 intelide - ok
10:46:50.0829 9100 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:46:50.0860 9100 intelppm - ok
10:46:50.0923 9100 [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
10:46:50.0938 9100 IntuitUpdateServiceV4 - ok
10:46:50.0970 9100 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:46:51.0048 9100 IPBusEnum - ok
10:46:51.0094 9100 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:46:51.0172 9100 IpFilterDriver - ok
10:46:51.0219 9100 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:46:51.0282 9100 iphlpsvc - ok
10:46:51.0313 9100 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:46:51.0375 9100 IPMIDRV - ok
10:46:51.0406 9100 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:46:51.0516 9100 IPNAT - ok
10:46:51.0562 9100 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:46:51.0609 9100 iPod Service - ok
10:46:51.0609 9100 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:46:51.0718 9100 IRENUM - ok
10:46:51.0750 9100 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:46:51.0781 9100 isapnp - ok
10:46:51.0828 9100 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:46:51.0859 9100 iScsiPrt - ok
10:46:51.0874 9100 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:46:51.0890 9100 kbdclass - ok
10:46:51.0921 9100 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:46:51.0937 9100 kbdhid - ok
10:46:51.0968 9100 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:46:51.0984 9100 KeyIso - ok
10:46:52.0015 9100 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:46:52.0030 9100 KSecDD - ok
10:46:52.0077 9100 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:46:52.0108 9100 KSecPkg - ok
10:46:52.0124 9100 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:46:52.0233 9100 ksthunk - ok
10:46:52.0264 9100 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:46:52.0405 9100 KtmRm - ok
10:46:52.0452 9100 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:46:52.0545 9100 LanmanServer - ok
10:46:52.0576 9100 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:46:52.0623 9100 LanmanWorkstation - ok
10:46:52.0686 9100 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:46:52.0701 9100 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
10:46:52.0701 9100 LightScribeService - detected UnsignedFile.Multi.Generic (1)
10:46:52.0717 9100 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:46:52.0810 9100 lltdio - ok
10:46:52.0857 9100 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:46:52.0951 9100 lltdsvc - ok
10:46:52.0982 9100 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:46:53.0029 9100 lmhosts - ok
10:46:53.0044 9100 [ C463A25F01C6237295917417C5E9E344 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:46:53.0060 9100 LMS - ok
10:46:53.0091 9100 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:46:53.0107 9100 LSI_FC - ok
10:46:53.0122 9100 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:46:53.0122 9100 LSI_SAS - ok
10:46:53.0138 9100 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:46:53.0154 9100 LSI_SAS2 - ok
10:46:53.0154 9100 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:46:53.0154 9100 LSI_SCSI - ok
10:46:53.0169 9100 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:46:53.0278 9100 luafv - ok
10:46:53.0310 9100 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:46:53.0341 9100 Mcx2Svc - ok
10:46:53.0388 9100 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:46:53.0403 9100 megasas - ok
10:46:53.0419 9100 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:46:53.0450 9100 MegaSR - ok
10:46:53.0481 9100 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:46:53.0497 9100 MEIx64 - ok
10:46:53.0528 9100 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:46:53.0622 9100 MMCSS - ok
10:46:53.0653 9100 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:46:53.0731 9100 Modem - ok
10:46:53.0762 9100 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:46:53.0793 9100 monitor - ok
10:46:53.0824 9100 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:46:53.0840 9100 mouclass - ok
10:46:53.0856 9100 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:46:53.0856 9100 mouhid - ok
10:46:53.0887 9100 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:46:53.0918 9100 mountmgr - ok
10:46:53.0965 9100 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:46:53.0980 9100 MozillaMaintenance - ok
10:46:54.0012 9100 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:46:54.0043 9100 mpio - ok
10:46:54.0074 9100 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:46:54.0136 9100 mpsdrv - ok
10:46:54.0168 9100 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:46:54.0246 9100 MpsSvc - ok
10:46:54.0277 9100 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:46:54.0324 9100 MRxDAV - ok
10:46:54.0370 9100 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:46:54.0433 9100 mrxsmb - ok
10:46:54.0464 9100 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:46:54.0511 9100 mrxsmb10 - ok
10:46:54.0542 9100 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:46:54.0573 9100 mrxsmb20 - ok
10:46:54.0589 9100 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:46:54.0620 9100 msahci - ok
10:46:54.0651 9100 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:46:54.0682 9100 msdsm - ok
10:46:54.0698 9100 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:46:54.0760 9100 MSDTC - ok
10:46:54.0807 9100 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:46:54.0885 9100 Msfs - ok
10:46:54.0885 9100 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:46:54.0916 9100 mshidkmdf - ok
10:46:54.0948 9100 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:46:54.0948 9100 msisadrv - ok
10:46:54.0979 9100 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:46:55.0057 9100 MSiSCSI - ok
10:46:55.0072 9100 msiserver - ok
10:46:55.0104 9100 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:46:55.0213 9100 MSKSSRV - ok
10:46:55.0213 9100 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:46:55.0275 9100 MSPCLOCK - ok
10:46:55.0291 9100 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:46:55.0384 9100 MSPQM - ok
10:46:55.0416 9100 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:46:55.0462 9100 MsRPC - ok
10:46:55.0478 9100 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:46:55.0494 9100 mssmbios - ok
10:46:55.0525 9100 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:46:55.0603 9100 MSTEE - ok
10:46:55.0603 9100 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:46:55.0618 9100 MTConfig - ok
10:46:55.0650 9100 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:46:55.0665 9100 Mup - ok
10:46:55.0712 9100 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:46:55.0806 9100 napagent - ok
10:46:55.0837 9100 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:46:55.0915 9100 NativeWifiP - ok
10:46:55.0993 9100 [ 2DBE90210DE76BE6E1653BB20EC70EC2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120406.034\ENG64.SYS
10:46:56.0024 9100 NAVENG - ok
10:46:56.0086 9100 [ 346DA70E203B8E2C850277713DE8F71B ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120406.034\EX64.SYS
10:46:56.0149 9100 NAVEX15 - ok
10:46:56.0180 9100 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:46:56.0196 9100 NDIS - ok
10:46:56.0227 9100 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:46:56.0320 9100 NdisCap - ok
10:46:56.0336 9100 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:46:56.0383 9100 NdisTapi - ok
10:46:56.0414 9100 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:46:56.0476 9100 Ndisuio - ok
10:46:56.0492 9100 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:46:56.0586 9100 NdisWan - ok
10:46:56.0632 9100 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:46:56.0710 9100 NDProxy - ok
10:46:56.0742 9100 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:46:56.0851 9100 NetBIOS - ok
10:46:56.0898 9100 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:46:56.0991 9100 NetBT - ok
10:46:57.0022 9100 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:46:57.0038 9100 Netlogon - ok
10:46:57.0069 9100 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:46:57.0147 9100 Netman - ok
10:46:57.0178 9100 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:46:57.0241 9100 netprofm - ok
10:46:57.0303 9100 [ 24CF1304D899124336F67F88F3C15E21 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
10:46:57.0350 9100 netr28x - ok
10:46:57.0381 9100 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:46:57.0412 9100 NetTcpPortSharing - ok
10:46:57.0568 9100 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
10:46:57.0631 9100 netw5v64 - ok
10:46:57.0646 9100 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:46:57.0646 9100 nfrd960 - ok
10:46:57.0709 9100 [ E78A365CC3E0FBFC018A33DCE01909F8 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
10:46:57.0740 9100 NIS - ok
10:46:57.0756 9100 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:46:57.0802 9100 NlaSvc - ok
10:46:57.0849 9100 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:46:57.0912 9100 Npfs - ok
10:46:57.0943 9100 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:46:58.0021 9100 nsi - ok
10:46:58.0052 9100 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:46:58.0114 9100 nsiproxy - ok
10:46:58.0161 9100 [ 08849429CE646B4D10892D239F9D6A7A ] nsverctl C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
10:46:58.0177 9100 nsverctl - ok
10:46:58.0239 9100 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:46:58.0317 9100 Ntfs - ok
10:46:58.0348 9100 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:46:58.0458 9100 Null - ok
10:46:58.0489 9100 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
10:46:58.0520 9100 nusb3hub - ok
10:46:58.0551 9100 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:46:58.0582 9100 nusb3xhc - ok
10:46:58.0614 9100 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:46:58.0645 9100 nvraid - ok
10:46:58.0676 9100 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:46:58.0707 9100 nvstor - ok
10:46:58.0723 9100 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:46:58.0754 9100 nv_agp - ok
10:46:58.0941 9100 [ 19CC46ACD6B17CE92336B33A2018765D ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
10:46:59.0035 9100 OfficeSvc - ok
10:46:59.0082 9100 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:46:59.0113 9100 ohci1394 - ok
10:46:59.0175 9100 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:46:59.0206 9100 ose - ok
10:46:59.0362 9100 [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:46:59.0440 9100 osppsvc - ok
10:46:59.0487 9100 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:46:59.0565 9100 p2pimsvc - ok
10:46:59.0565 9100 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:46:59.0596 9100 p2psvc - ok
10:46:59.0612 9100 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:46:59.0628 9100 Parport - ok
10:46:59.0659 9100 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:46:59.0674 9100 partmgr - ok
10:46:59.0706 9100 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:46:59.0752 9100 PcaSvc - ok
10:46:59.0784 9100 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:46:59.0799 9100 pci - ok
10:46:59.0815 9100 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:46:59.0830 9100 pciide - ok
10:46:59.0862 9100 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:46:59.0877 9100 pcmcia - ok
10:46:59.0893 9100 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:46:59.0908 9100 pcw - ok
10:46:59.0940 9100 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:47:00.0002 9100 PEAUTH - ok
10:47:00.0080 9100 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:47:00.0127 9100 PerfHost - ok
10:47:00.0205 9100 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:47:00.0283 9100 pla - ok
10:47:00.0314 9100 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:47:00.0408 9100 PlugPlay - ok
10:47:00.0439 9100 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:47:00.0454 9100 PNRPAutoReg - ok
10:47:00.0486 9100 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:47:00.0532 9100 PNRPsvc - ok
10:47:00.0579 9100 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:47:00.0704 9100 PolicyAgent - ok
10:47:00.0751 9100 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:47:00.0844 9100 Power - ok
10:47:00.0876 9100 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:47:00.0969 9100 PptpMiniport - ok
10:47:01.0000 9100 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:47:01.0063 9100 Processor - ok
10:47:01.0110 9100 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:47:01.0188 9100 ProfSvc - ok
10:47:01.0203 9100 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:47:01.0234 9100 ProtectedStorage - ok
10:47:01.0250 9100 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:47:01.0359 9100 Psched - ok
10:47:01.0422 9100 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:47:01.0468 9100 ql2300 - ok
10:47:01.0468 9100 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:47:01.0484 9100 ql40xx - ok
10:47:01.0515 9100 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:47:01.0578 9100 QWAVE - ok
10:47:01.0609 9100 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:47:01.0671 9100 QWAVEdrv - ok
10:47:01.0702 9100 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:47:01.0812 9100 RasAcd - ok
10:47:01.0858 9100 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:47:01.0921 9100 RasAgileVpn - ok
10:47:01.0952 9100 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:47:02.0046 9100 RasAuto - ok
10:47:02.0077 9100 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:47:02.0155 9100 Rasl2tp - ok
10:47:02.0202 9100 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:47:02.0248 9100 RasMan - ok
10:47:02.0280 9100 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:47:02.0373 9100 RasPppoe - ok
10:47:02.0389 9100 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:47:02.0498 9100 RasSstp - ok
10:47:02.0529 9100 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:47:02.0607 9100 rdbss - ok
10:47:02.0638 9100 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:47:02.0685 9100 rdpbus - ok
10:47:02.0716 9100 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:47:02.0794 9100 RDPCDD - ok
10:47:02.0810 9100 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:47:02.0841 9100 RDPENCDD - ok
10:47:02.0872 9100 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:47:02.0904 9100 RDPREFMP - ok
10:47:02.0935 9100 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:47:03.0013 9100 RDPWD - ok
10:47:03.0060 9100 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:47:03.0075 9100 rdyboost - ok
10:47:03.0106 9100 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:47:03.0216 9100 RemoteAccess - ok
10:47:03.0262 9100 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:47:03.0356 9100 RemoteRegistry - ok
10:47:03.0403 9100 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:47:03.0450 9100 RFCOMM - ok
10:47:03.0512 9100 [ C1568E17039B2EC2B73A4F880DDD51E5 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
10:47:03.0559 9100 RoxioNow Service - ok
10:47:03.0574 9100 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:47:03.0668 9100 RpcEptMapper - ok
10:47:03.0699 9100 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:47:03.0730 9100 RpcLocator - ok
10:47:03.0777 9100 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:47:03.0840 9100 RpcSs - ok
10:47:03.0855 9100 [ D5C3E1629A3F7F0857D27949252B94CE ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
10:47:03.0871 9100 RSPCIESTOR - ok
10:47:03.0886 9100 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:47:03.0918 9100 rspndr - ok
10:47:03.0949 9100 [ 5D6A444BD37B52FF846387C87DCDF98A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:47:03.0949 9100 RTL8167 - ok
10:47:03.0964 9100 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:47:03.0980 9100 SamSs - ok
10:47:03.0996 9100 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:47:04.0011 9100 sbp2port - ok
10:47:04.0027 9100 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:47:04.0074 9100 SCardSvr - ok
10:47:04.0120 9100 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:47:04.0214 9100 scfilter - ok
10:47:04.0276 9100 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:47:04.0401 9100 Schedule - ok
10:47:04.0448 9100 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:47:04.0495 9100 SCPolicySvc - ok
10:47:04.0526 9100 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
10:47:04.0573 9100 sdbus - ok
10:47:04.0620 9100 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:47:04.0666 9100 SDRSVC - ok
10:47:04.0698 9100 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:47:04.0807 9100 secdrv - ok
10:47:04.0838 9100 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:47:04.0916 9100 seclogon - ok
10:47:04.0932 9100 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:47:04.0978 9100 SENS - ok
10:47:04.0994 9100 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:47:05.0072 9100 SensrSvc - ok
10:47:05.0088 9100 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:47:05.0134 9100 Serenum - ok
10:47:05.0150 9100 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:47:05.0181 9100 Serial - ok
10:47:05.0197 9100 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:47:05.0244 9100 sermouse - ok
10:47:05.0275 9100 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:47:05.0384 9100 SessionEnv - ok
10:47:05.0431 9100 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:47:05.0509 9100 sffdisk - ok
10:47:05.0524 9100 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:47:05.0571 9100 sffp_mmc - ok
10:47:05.0602 9100 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:47:05.0665 9100 sffp_sd - ok
10:47:05.0696 9100 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:47:05.0758 9100 sfloppy - ok
10:47:05.0790 9100 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:47:05.0899 9100 SharedAccess - ok
10:47:05.0930 9100 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:47:06.0008 9100 ShellHWDetection - ok
10:47:06.0055 9100 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:47:06.0070 9100 SiSRaid2 - ok
10:47:06.0086 9100 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:47:06.0102 9100 SiSRaid4 - ok
10:47:06.0164 9100 [ 3467821FD04A66C9786DF0C8C0219A73 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:47:06.0180 9100 SkypeUpdate - ok
10:47:06.0180 9100 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:47:06.0273 9100 Smb - ok
10:47:06.0320 9100 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:47:06.0367 9100 SNMPTRAP - ok
10:47:06.0382 9100 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:47:06.0398 9100 spldr - ok
10:47:06.0460 9100 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:47:06.0507 9100 Spooler - ok
10:47:06.0616 9100 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:47:06.0741 9100 sppsvc - ok
10:47:06.0772 9100 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:47:06.0882 9100 sppuinotify - ok
10:47:06.0975 9100 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
10:47:07.0006 9100 SRTSP - ok
10:47:07.0022 9100 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
10:47:07.0022 9100 SRTSPX - ok
10:47:07.0053 9100 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:47:07.0131 9100 srv - ok
10:47:07.0162 9100 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:47:07.0209 9100 srv2 - ok
10:47:07.0256 9100 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:47:07.0287 9100 SrvHsfHDA - ok
10:47:07.0334 9100 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:47:07.0412 9100 SrvHsfV92 - ok
10:47:07.0443 9100 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:47:07.0474 9100 SrvHsfWinac - ok
10:47:07.0506 9100 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:47:07.0552 9100 srvnet - ok
10:47:07.0599 9100 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:47:07.0708 9100 SSDPSRV - ok
10:47:07.0724 9100 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:47:07.0786 9100 SstpSvc - ok
10:47:07.0833 9100 [ 7C49A5E1943AFDA4672D80726AF3BAE4 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
10:47:07.0880 9100 STacSV - ok
10:47:07.0911 9100 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:47:07.0942 9100 stexstor - ok
10:47:07.0958 9100 [ 0AAD250A31A7EE96E0945AB9E1F3BAA7 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
10:47:08.0036 9100 STHDA - ok
10:47:08.0083 9100 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:47:08.0176 9100 stisvc - ok
10:47:08.0208 9100 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:47:08.0223 9100 swenum - ok
10:47:08.0270 9100 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:47:08.0395 9100 swprv - ok
10:47:08.0442 9100 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
10:47:08.0473 9100 SymDS - ok
10:47:08.0504 9100 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
10:47:08.0535 9100 SymEFA - ok
10:47:08.0566 9100 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:47:08.0566 9100 SymEvent - ok
10:47:08.0598 9100 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
10:47:08.0598 9100 SymIRON - ok
10:47:08.0629 9100 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
10:47:08.0644 9100 SymNetS - ok
10:47:08.0691 9100 [ 33E6A285DAA5134D8EA2247914C86C09 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:47:08.0738 9100 SynTP - ok
10:47:08.0816 9100 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:47:08.0894 9100 SysMain - ok
10:47:08.0925 9100 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:47:08.0941 9100 TabletInputService - ok
10:47:08.0956 9100 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:47:09.0034 9100 TapiSrv - ok
10:47:09.0050 9100 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:47:09.0097 9100 TBS - ok
10:47:09.0175 9100 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:47:09.0237 9100 Tcpip - ok
10:47:09.0284 9100 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:47:09.0315 9100 TCPIP6 - ok
10:47:09.0331 9100 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:47:09.0362 9100 tcpipreg - ok
10:47:09.0393 9100 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:47:09.0471 9100 TDPIPE - ok
10:47:09.0487 9100 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:47:09.0534 9100 TDTCP - ok
10:47:09.0580 9100 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:47:09.0658 9100 tdx - ok
10:47:09.0705 9100 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:47:09.0721 9100 TermDD - ok
10:47:09.0752 9100 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:47:09.0799 9100 TermService - ok
10:47:09.0830 9100 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:47:09.0892 9100 Themes - ok
10:47:09.0908 9100 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:47:09.0986 9100 THREADORDER - ok
10:47:09.0986 9100 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:47:10.0095 9100 TrkWks - ok
10:47:10.0158 9100 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:47:10.0251 9100 TrustedInstaller - ok
10:47:10.0298 9100 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:47:10.0392 9100 tssecsrv - ok
10:47:10.0423 9100 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:47:10.0485 9100 TsUsbFlt - ok
10:47:10.0516 9100 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:47:10.0626 9100 tunnel - ok
10:47:10.0657 9100 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:47:10.0688 9100 uagp35 - ok
10:47:10.0719 9100 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:47:10.0828 9100 udfs - ok
10:47:10.0875 9100 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:47:10.0906 9100 UI0Detect - ok
10:47:10.0938 9100 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:47:10.0953 9100 uliagpkx - ok
10:47:10.0969 9100 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:47:11.0016 9100 umbus - ok
10:47:11.0062 9100 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:47:11.0109 9100 UmPass - ok
10:47:11.0312 9100 [ 3A1ECEF8D49FC1A786A6CCD5A86A8878 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:47:11.0374 9100 UNS - ok
10:47:11.0390 9100 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:47:11.0484 9100 upnphost - ok
10:47:11.0515 9100 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:47:11.0577 9100 USBAAPL64 - ok
10:47:11.0608 9100 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:47:11.0655 9100 usbccgp - ok
10:47:11.0686 9100 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:47:11.0718 9100 usbcir - ok
10:47:11.0749 9100 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:47:11.0764 9100 usbehci - ok
10:47:11.0780 9100 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:47:11.0796 9100 usbhub - ok
10:47:11.0811 9100 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:47:11.0858 9100 usbohci - ok
10:47:11.0905 9100 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:47:11.0967 9100 usbprint - ok
10:47:12.0014 9100 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:47:12.0061 9100 USBSTOR - ok
10:47:12.0092 9100 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:47:12.0139 9100 usbuhci - ok
10:47:12.0170 9100 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:47:12.0201 9100 usbvideo - ok
10:47:12.0232 9100 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:47:12.0326 9100 UxSms - ok
10:47:12.0357 9100 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:47:12.0373 9100 VaultSvc - ok
10:47:12.0404 9100 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:47:12.0420 9100 vdrvroot - ok
10:47:12.0466 9100 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:47:12.0560 9100 vds - ok
10:47:12.0576 9100 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:47:12.0591 9100 vga - ok
10:47:12.0607 9100 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:47:12.0685 9100 VgaSave - ok
10:47:12.0732 9100 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:47:12.0747 9100 vhdmp - ok
10:47:12.0778 9100 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:47:12.0810 9100 viaide - ok
10:47:12.0825 9100 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:47:12.0841 9100 volmgr - ok
10:47:12.0872 9100 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:47:12.0919 9100 volmgrx - ok
10:47:12.0934 9100 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:47:12.0966 9100 volsnap - ok
10:47:12.0966 9100 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:47:12.0997 9100 vsmraid - ok
10:47:13.0059 9100 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:47:13.0184 9100 VSS - ok
10:47:13.0231 9100 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:47:13.0278 9100 vwifibus - ok
10:47:13.0309 9100 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:47:13.0356 9100 vwififlt - ok
10:47:13.0402 9100 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:47:13.0465 9100 W32Time - ok
10:47:13.0496 9100 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:47:13.0543 9100 WacomPen - ok
10:47:13.0590 9100 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:47:13.0683 9100 WANARP - ok
10:47:13.0699 9100 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:47:13.0761 9100 Wanarpv6 - ok
10:47:13.0808 9100 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:47:13.0855 9100 WatAdminSvc - ok
10:47:13.0948 9100 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:47:14.0011 9100 wbengine - ok
10:47:14.0026 9100 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:47:14.0042 9100 WbioSrvc - ok
10:47:14.0073 9100 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:47:14.0151 9100 wcncsvc - ok
10:47:14.0182 9100 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:47:14.0260 9100 WcsPlugInService - ok
10:47:14.0292 9100 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:47:14.0323 9100 Wd - ok
10:47:14.0370 9100 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:47:14.0416 9100 Wdf01000 - ok
10:47:14.0432 9100 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:47:14.0572 9100 WdiServiceHost - ok
10:47:14.0572 9100 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:47:14.0619 9100 WdiSystemHost - ok
10:47:14.0650 9100 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:47:14.0728 9100 WebClient - ok
10:47:14.0775 9100 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:47:14.0884 9100 Wecsvc - ok
10:47:14.0931 9100 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:47:15.0040 9100 wercplsupport - ok
10:47:15.0056 9100 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:47:15.0118 9100 WerSvc - ok
10:47:15.0134 9100 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:47:15.0165 9100 WfpLwf - ok
10:47:15.0181 9100 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:47:15.0181 9100 WIMMount - ok
10:47:15.0212 9100 WinDefend - ok
10:47:15.0212 9100 WinHttpAutoProxySvc - ok
10:47:15.0259 9100 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:47:15.0368 9100 Winmgmt - ok
10:47:15.0446 9100 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:47:15.0571 9100 WinRM - ok
10:47:15.0618 9100 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
10:47:15.0649 9100 WinUsb - ok
10:47:15.0696 9100 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:47:15.0774 9100 Wlansvc - ok
10:47:15.0805 9100 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:47:15.0852 9100 WmiAcpi - ok
10:47:15.0898 9100 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:47:15.0961 9100 wmiApSrv - ok
10:47:15.0992 9100 WMPNetworkSvc - ok
10:47:16.0023 9100 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:47:16.0070 9100 WPCSvc - ok
10:47:16.0086 9100 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:47:16.0132 9100 WPDBusEnum - ok
10:47:16.0148 9100 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:47:16.0242 9100 ws2ifsl - ok
10:47:16.0288 9100 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
10:47:16.0351 9100 wscsvc - ok
10:47:16.0382 9100 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
10:47:16.0429 9100 WSDPrintDevice - ok
10:47:16.0460 9100 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
10:47:16.0491 9100 WSDScan - ok
10:47:16.0507 9100 WSearch - ok
10:47:16.0600 9100 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:47:16.0663 9100 wuauserv - ok
10:47:16.0694 9100 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:47:16.0756 9100 WudfPf - ok
10:47:16.0772 9100 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:47:16.0819 9100 WUDFRd - ok
10:47:16.0850 9100 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:47:16.0912 9100 wudfsvc - ok
10:47:16.0959 9100 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:47:17.0022 9100 WwanSvc - ok
10:47:17.0084 9100 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
10:47:17.0131 9100 yukonw7 - ok
10:47:17.0162 9100 ================ Scan global ===============================
10:47:17.0193 9100 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:47:17.0224 9100 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
10:47:17.0240 9100 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
10:47:17.0271 9100 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:47:17.0302 9100 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:47:17.0302 9100 [Global] - ok
10:47:17.0302 9100 ================ Scan MBR ==================================
10:47:17.0318 9100 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:47:17.0677 9100 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:47:17.0677 9100 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:47:17.0677 9100 ================ Scan VBR ==================================
10:47:17.0692 9100 [ 22DD9776BBBCE3ACA8CE6E6ABE32B66F ] \Device\Harddisk0\DR0\Partition1
10:47:17.0692 9100 \Device\Harddisk0\DR0\Partition1 - ok
10:47:17.0739 9100 [ 2DD336662FEAF8DFCB7D6393A56BD338 ] \Device\Harddisk0\DR0\Partition2
10:47:17.0739 9100 \Device\Harddisk0\DR0\Partition2 - ok
10:47:17.0786 9100 [ 9A38CA6698648C1C930FDE0569DC7C92 ] \Device\Harddisk0\DR0\Partition3
10:47:17.0802 9100 \Device\Harddisk0\DR0\Partition3 - ok
10:47:17.0880 9100 [ E538711485DBF7D37B15663ED2DFF791 ] \Device\Harddisk0\DR0\Partition4
10:47:17.0880 9100 \Device\Harddisk0\DR0\Partition4 - ok
10:47:17.0880 9100 ============================================================
10:47:17.0880 9100 Scan finished
10:47:17.0880 9100 ============================================================
10:47:17.0895 8784 Detected object count: 5
10:47:17.0895 8784 Actual detected object count: 5
10:47:32.0793 8784 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
10:47:32.0793 8784 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:47:32.0793 8784 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:47:32.0793 8784 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:47:32.0793 8784 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - skipped by user
10:47:32.0793 8784 FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:47:32.0809 8784 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
10:47:32.0809 8784 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:47:32.0840 8784 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
10:47:32.0840 8784 \Device\Harddisk0\DR0\TDLFS\cmd32.dll - copied to quarantine
10:47:32.0840 8784 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
10:47:32.0871 8784 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:47:32.0887 8784 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:47:32.0887 8784 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
10:47:32.0902 8784 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
10:47:32.0902 8784 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
10:47:32.0902 8784 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:47:32.0902 8784 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:47:32.0902 8784 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
10:47:32.0918 8784 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
10:47:32.0918 8784 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
10:47:32.0918 8784 \Device\Harddisk0\DR0\TDLFS\ua - copied to quarantine
10:47:32.0918 8784 \Device\Harddisk0\DR0\TDLFS - deleted
10:47:32.0918 8784 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

I will run Rough Killer


----------



## bdarger (May 6, 2013)

Rouge Killer log is below...
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : brandon [Admin rights]
Mode : Scan -- Date : 05/25/2013 10:52:30
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : dshic ("C:\Windows\System32\rundll32.exe" "C:\Users\brandon\AppData\Roaming\dshic.dll",Method_Type) [7] -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : scogf ("C:\Windows\System32\rundll32.exe" "C:\Users\brandon\AppData\Roaming\scogf.dll",destroy_info_struct) [7] -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9640320AS +++++
--- User ---
[MBR] 597da898a491cb466223cfd2bd97ac05
[BSP] cb3e273f3efe7253fd0d9aafe1a5a1da : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 593270 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1215426560 | Size: 16906 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_S_05252013_02d1052.txt >>
RKreport[1]_S_05092013_02d1139.txt ; RKreport[2]_S_05252013_02d1052.txt


----------



## Mark1956 (May 7, 2011)

Welcome back. Please now run RogueKiller again following these instructions below and run Rkill again and post that log also.

Please also tell me how well the system is running now.


Quit all running programs. 
Start RogueKiller.exe by double clicking on the icon. 
Wait until Prescan has finished. 
Ensure all boxes are ticked under "Report" tab. 
Click on Scan. 
Click on Delete when complete.
Click on Report when the Deletion completes. Copy/paste the contents of the report into your next reply.


----------



## bdarger (May 6, 2013)

Rouge Killer below. It seems to be running normally.

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : brandon [Admin rights]
Mode : Remove -- Date : 05/26/2013 13:51:38
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : dshic ("C:\Windows\System32\rundll32.exe" "C:\Users\brandon\AppData\Roaming\dshic.dll",Method_Type) [7] -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : scogf ("C:\Windows\System32\rundll32.exe" "C:\Users\brandon\AppData\Roaming\scogf.dll",destroy_info_struct) [7] -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9640320AS +++++
--- User ---
[MBR] 597da898a491cb466223cfd2bd97ac05
[BSP] cb3e273f3efe7253fd0d9aafe1a5a1da : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 593270 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1215426560 | Size: 16906 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4]_D_05262013_02d1351.txt >>
RKreport[1]_S_05092013_02d1139.txt ; RKreport[2]_S_05252013_02d1052.txt ; RKreport[3]_S_05262013_02d1349.txt ; RKreport[4]_D_05262013_02d1351.txt


----------



## bdarger (May 6, 2013)

Rkill log below

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/26/2013 01:53:31 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Disabled

* Security Center (wscsvc) is not Running.
Startup Type set to: Disabled

* Windows Update (wuauserv) is not Running.
Startup Type set to: Disabled

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 05/26/2013 01:53:45 PM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)


----------



## Mark1956 (May 7, 2011)

RKill still shows a couple of important service that are disabled.

Please run this tool to reset anything that may have been changed by the infection, after a reboot follow that with another scan with RKill and post the log.

Download this and save it to the desktop: Windows Repair NOTE: DO NOT use the green buttons at the top of the page as this is dubious software that could infect your system with Adware.

Close your browser and any running programs, double click on the Tweaking icon to run the tool. When the program opens click on the *Step 4* tab. Under System Restore click on *Create* and wait for the confirmation to appear just below the button.

When complete click on the tab *Start Repairs*, click on the *Start* button. Then click on *Unselect All* and tick the boxes next to the following items only.

When done click on the *Start* button and leave it undisturbed until complete.


Reset Registry Permissions
Reset File Permissions
Register System Files
Remove Policies Set By Infections
Remove Temp Files
Unhide Non System Files
Repair Windows Updates
Set Windows Services To Default Startup
Repair MSI (Windows Installer)
Repair File Associations
Restore Important Windows Services

==================================================================================

Please also run this scan which should pick up any remnants of the Rootkit infection.

*STEP 1*
*NOTE:* If you have already used Combofix please delete the icon from your desktop.


Please download DeFogger and save it to your desktop.
Once downloaded, double-click on the *DeFogger* icon to start the tool.
The application window will appear.
You should now click on the *Disable* button to disable your CD Emulation drivers.
When it prompts you whether or not you want to continue, please click on the *Yes* button to continue.
When the program has completed you will see a *Finished!* message. Click on the *OK* button to exit the program.
If CD Emulation programs are present and have been disabled, *DeFogger* will now ask you to reboot the machine. Please allow it to do so by clicking on the *OK* button.

*STEP 2*
Please download *ComboFix*







from one of the locations below and *save it to your Desktop. <-Important!!!*


Download Mirror #1
Download Mirror #2

Be sure to print out and follow these instructions: *A guide and tutorial on using ComboFix*

*Vista*/*Windows 7* users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. *XP* users need to install the Recovery Console first, just follow the prompts when you run it.


Temporarily *disable* your *anti-virus*, script blocking and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results"_. Click this link to see a list of such programs and how to disable them.
If ComboFix detects an older version of itself, you will be asked to update the program.
ComboFix will begin by showing a Disclaimer. Read it and click *I Agree* if you want to continue.
Follow the prompts and click on *Yes* to continue scanning for malware.
If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the *Continue* button.
When finished, please copy and paste the contents of C:\*ComboFix.txt* (_which will open after reboot_) in your next reply.
Be sure to *re-enable* your anti-virus and other security programs.

_-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security._

If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "_How to Guide_" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

*NOTE:* if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.



> *Do NOT use ComboFix* unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, *NOT for general public or personal use*. *Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again.* This site, sUBs and myself *will not* be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read *ComboFix's Disclaimer*.


----------



## bdarger (May 6, 2013)

Rkill...

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/27/2013 07:25:37 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 05/27/2013 07:25:51 PM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)


----------



## bdarger (May 6, 2013)

ComboFix...
ComboFix 13-05-27.02 - brandon 05/27/2013 19:09:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3773 [GMT -5:00]
Running from: c:\users\brandon\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\STHQ2Go7.exe.b
c:\programdata\STHQ2Go7.exe_.b
c:\users\brandon\AppData\Local\DownloadTerms\teMP.dat
c:\users\brandon\AppData\Local\Temp\VPNABB9.tmp
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-28 )))))))))))))))))))))))))))))))
.
.
2013-05-28 00:13 . 2013-05-28 00:13 -------- d-----w- c:\users\sexy kate\AppData\Local\temp
2013-05-28 00:13 . 2013-05-28 00:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-27 23:23 . 2013-05-27 23:29 -------- d-----w- c:\windows\system32\catroot2
2013-05-27 20:55 . 2013-05-27 21:12 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-05-27 20:50 . 2013-05-27 20:50 -------- d-----w- c:\program files (x86)\Tweaking.com
2013-05-26 20:05 . 2013-05-26 20:05 -------- d-----w- c:\program files\Uninstaller
2013-05-26 19:53 . 2013-05-26 23:17 -------- d-----w- c:\users\brandon\AppData\Roaming\player
2013-05-26 19:50 . 2013-05-26 19:50 -------- d-----w- c:\program files (x86)\Conduit
2013-05-26 19:50 . 2013-05-26 19:50 -------- d-----w- c:\users\brandon\AppData\Local\Conduit
2013-05-26 19:50 . 2013-05-26 19:50 -------- d-----w- c:\program files (x86)\Vafmusic2
2013-05-26 19:49 . 2013-05-26 19:49 -------- d-----w- c:\program files (x86)\SearchProtect
2013-05-26 19:49 . 2013-05-26 19:49 -------- d-----w- c:\users\brandon\AppData\Local\Programs
2013-05-26 19:49 . 2013-05-26 19:49 -------- d-----w- c:\program files (x86)\SingAlong
2013-05-26 19:49 . 2013-05-28 00:13 -------- d-----w- c:\users\brandon\AppData\Local\DownloadTerms
2013-05-26 19:49 . 2013-05-26 19:55 -------- d-----w- c:\users\brandon\AppData\Roaming\SearchProtect
2013-05-23 00:49 . 2013-05-23 00:49 -------- d-----w- c:\users\brandon\AppData\Roaming\ICAClient
2013-05-21 00:14 . 2013-05-21 00:14 -------- d-----w- c:\program files (x86)\Common Files\Citrix
2013-05-09 19:11 . 2013-05-09 19:11 -------- d-----w- c:\users\brandon\AppData\Roaming\Tific
2013-05-09 18:13 . 2013-05-25 15:47 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-07 21:13 . 2013-05-07 21:13 -------- d-----w- c:\users\sexy kate\AppData\Local\Google
2013-05-07 19:58 . 2013-05-07 21:07 -------- d-----w- C:\MATS
2013-05-05 19:13 . 2013-05-05 19:13 -------- d-----w- c:\users\brandon\AppData\Roaming\Roxio Log Files
2013-05-02 03:06 . 2013-05-02 03:06 -------- d-----w- c:\users\brandon\AppData\Local\Symantec
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-25 15:53 . 2012-04-01 17:03 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-25 15:53 . 2012-02-08 17:03 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-21 00:02 . 2013-02-23 20:27 563920 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-05-08 06:10 . 2011-02-20 05:03 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-04-04 19:50 . 2012-04-27 22:30 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7f3f960e-a836-45ca-8911-0accb522246e}"= "c:\program files (x86)\Vafmusic2\prxtbVafm.dll" [2013-05-16 231712]
.
[HKEY_CLASSES_ROOT\clsid\{7f3f960e-a836-45ca-8911-0accb522246e}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7f3f960e-a836-45ca-8911-0accb522246e}]
2013-05-16 12:13 231712 ----a-w- c:\program files (x86)\Vafmusic2\prxtbVafm.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7f3f960e-a836-45ca-8911-0accb522246e}"= "c:\program files (x86)\Vafmusic2\prxtbVafm.dll" [2013-05-16 231712]
.
[HKEY_CLASSES_ROOT\clsid\{7f3f960e-a836-45ca-8911-0accb522246e}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-23 20:42 220632 ----a-w- c:\users\brandon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-23 20:42 220632 ----a-w- c:\users\brandon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-23 20:42 220632 ----a-w- c:\users\brandon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]
"SearchProtect"="c:\users\brandon\AppData\Roaming\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-07-27 380088]
"SearchProtectAll"="c:\program files (x86)\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Citrix Access Gateway.lnk - c:\program files\Citrix\Secure Access Client\nsload.exe [2010-1-19 1483928]
Logitech Desktop Messenger.lnk - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2012-2-23 66864]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [2010-12-01 52736]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-08 1255736]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2012-04-25 93272]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120406.002\IDSvia64.sys [2012-02-08 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-12-01 679176]
S2 cag;Citrix cag plugin for Access Gateway;c:\program files\Common Files\Deterministic Networks\Common Files\cag.sys [2009-10-22 93720]
S2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-05-08 97056]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-07 249672]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-04 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 nsverctl;Citrix Secure Access Client Service;c:\program files\Citrix\Secure Access Client\nsverctl.exe [2010-01-19 154264]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-04-20 1872568]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-12-01 4150864]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-12-01 1188616]
S3 BTMNET;Motorola Bluetooth Network Adapter Service;c:\windows\system32\DRIVERS\btmnet.sys [2010-12-01 30208]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2010-12-01 484224]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-11 31088]
S3 ctxva51;Citrix Virtual Adapter;c:\windows\system32\DRIVERS\ctxva51.sys [2010-01-19 45720]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-07 1028096]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-11-05 1041760]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-12 333928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-19 406632]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 22:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 15:53]
.
2013-05-21 c:\windows\Tasks\HPCeeScheduleForBRANDON-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-05-28 c:\windows\Tasks\HPCeeScheduleForbrandon.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-05-27 c:\windows\Tasks\HPCeeScheduleForsexy kate.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-05-27 c:\windows\Tasks\Sing Along Update.job
- c:\program files (x86)\SingAlong\SingalngUpdater.exe [2013-05-10 08:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-23 20:42 244696 ----a-w- c:\users\brandon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-23 20:42 244696 ----a-w- c:\users\brandon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-23 20:42 244696 ----a-w- c:\users\brandon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-05-21 00:03 2328760 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-05-21 00:03 2328760 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-05-21 00:03 2328760 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-02 524800]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-12-01 21705296]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-16 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-16 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-16 416024]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3294791&octid=CT3294791&SearchSource=61&CUI=UN27967944641767224&UM=2&UP=SP34874E83-B81F-4881-B6DB-67890FB0855D
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\4ifshhpy.default\
FF - prefs.js: browser.search.selectedEngine - Vafmusic2 Customized Web Search
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3294791&SearchSource=2&CUI=UN31223290161326512&UM=2&q=
FF - ExtSQL: 2013-04-27 09:26; {bac3eb53-a317-11e2-8274-b8ac6f996f26}; c:\users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\4ifshhpy.default\extensions\{bac3eb53-a317-11e2-8274-b8ac6f996f26}.xpi
FF - ExtSQL: 2013-05-09 09:21; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2
FF - ExtSQL: 2013-05-25 23:00; [email protected]; c:\users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\4ifshhpy.default\extensions\[email protected]
FF - ExtSQL: 2013-05-26 14:49; [email protected]; c:\program files (x86)\SingAlong\FF
FF - user.js: extensions.autoDisableScopes - 0 
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
BHO-{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - c:\users\brandon\AppData\Local\DownloadTerms\temp.dat
Wow6432Node-HKLM-Run-CitrixReceiver - c:\programdata\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk
SafeBoot-92105180.sys
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4} - c:\program files (x86)\InstallShield Installation Information\{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-05-27 19:16:16
ComboFix-quarantined-files.txt 2013-05-28 00:16
.
Pre-Run: 545,939,783,680 bytes free
Post-Run: 545,826,414,592 bytes free
.
- - End Of File - - E60B1A6A8566E0C9194BD81496205295


----------



## Mark1956 (May 7, 2011)

The RKill log is still showing the Security Center and Windows Update are not running and the Combofix log still shows some Adware.

Please reboot the system and run both ADWCleaner and RKill again and post both the logs.


----------



## bdarger (May 6, 2013)

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/28/2013 10:52:15 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 05/28/2013 10:52:20 PM
Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)


----------



## bdarger (May 6, 2013)

# AdwCleaner v2.301 - Logfile created 05/28/2013 at 22:45:54
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : brandon - BRANDON-HP
# Boot Mode : Normal
# Running from : C:\Users\brandon\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : CltMngSvc

***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\SingAlong
Folder Deleted : C:\Program Files (x86)\Vafmusic2
Folder Deleted : C:\Users\brandon\AppData\Local\Conduit
Folder Deleted : C:\Users\brandon\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\brandon\AppData\LocalLow\Vafmusic2
Folder Deleted : C:\Users\brandon\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\sexy kate\AppData\Roaming\SearchProtect

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vafmusic2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F3F960E-A836-45CA-8911-0ACCB522246E}
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3294791
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AACF7D0F-FF0C-4849-A7CE-33374F35BFD8}
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Vafmusic2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6492E171-2427-4932-B414-33574A089F5E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F3F960E-A836-45CA-8911-0ACCB522246E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AACF7D0F-FF0C-4849-A7CE-33374F35BFD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2601AA52-9395-4B77-816A-A84D8892B015}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2FAFA02-7F09-4FE0-A3D3-2436B26B13D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6492E171-2427-4932-B414-33574A089F5E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F3F960E-A836-45CA-8911-0ACCB522246E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vafmusic2 Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7F3F960E-A836-45CA-8911-0ACCB522246E}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7F3F960E-A836-45CA-8911-0ACCB522246E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7F3F960E-A836-45CA-8911-0ACCB522246E}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3294791&octid=CT3294791&SearchSource=61&CUI=UN27967944641767224&UM=2&UP=SP34874E83-B81F-4881-B6DB-67890FB0855D --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\4ifshhpy.default\prefs.js

C:\Users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\4ifshhpy.default\user.js ... Deleted !

Deleted : user_pref("CT3294791_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3294791&octid=CT329479[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Vafmusic2 Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3294791[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3294791");
Deleted : user_pref("browser.search.selectedEngine", "Vafmusic2 Customized Web Search");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3294791&SearchSource=2&CU[...]

File : C:\Users\sexy kate\AppData\Roaming\Mozilla\Firefox\Profiles\qk70dgxy.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5095 octets] - [28/05/2013 22:45:01]
AdwCleaner[R2].txt - [5155 octets] - [28/05/2013 22:45:47]
AdwCleaner[S1].txt - [17813 octets] - [09/05/2013 10:41:19]
AdwCleaner[S2].txt - [1003 octets] - [09/05/2013 12:48:54]
AdwCleaner[S3].txt - [1063 octets] - [09/05/2013 12:55:45]
AdwCleaner[S4].txt - [1124 octets] - [09/05/2013 13:00:12]
AdwCleaner[S5].txt - [1166 octets] - [09/05/2013 20:03:42]
AdwCleaner[S6].txt - [5327 octets] - [28/05/2013 22:45:54]

########## EOF - C:\AdwCleaner[S6].txt - [5387 octets] ##########


----------



## Mark1956 (May 7, 2011)

There is still Adware present, sometimes ADWCleaner has to be run many times to kill it all off, but before we use it again I'd like you to update RKill. A new version has been released, please delete the RKill program and then download a fresh copy, run it again and post the log.

Please also run this scan:

Please download Farbar Recovery Scan Tool and save it to your desktop.

*Note*: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click *Yes* to disclaimer.
Press *Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (*Addition.txt*). Please attach it to your reply.


----------



## bdarger (May 6, 2013)

Rkill

Rkill 2.5.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/29/2013 08:24:20 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 05/29/2013 08:25:02 PM
Execution time: 0 hours(s), 0 minute(s), and 42 seconds(s)


----------



## bdarger (May 6, 2013)

ADWCleaner

# AdwCleaner v2.301 - Logfile created 05/29/2013 at 20:18:05
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : brandon - BRANDON-HP
# Boot Mode : Normal
# Running from : C:\Users\brandon\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\sexy kate\AppData\Roaming\SearchProtect

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\4ifshhpy.default\prefs.js

[OK] File is clean.

File : C:\Users\sexy kate\AppData\Roaming\Mozilla\Firefox\Profiles\qk70dgxy.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5095 octets] - [28/05/2013 22:45:01]
AdwCleaner[R2].txt - [5155 octets] - [28/05/2013 22:45:47]
AdwCleaner[R3].txt - [1469 octets] - [29/05/2013 20:17:35]
AdwCleaner[S1].txt - [17813 octets] - [09/05/2013 10:41:19]
AdwCleaner[S2].txt - [1003 octets] - [09/05/2013 12:48:54]
AdwCleaner[S3].txt - [1063 octets] - [09/05/2013 12:55:45]
AdwCleaner[S4].txt - [1124 octets] - [09/05/2013 13:00:12]
AdwCleaner[S5].txt - [1166 octets] - [09/05/2013 20:03:42]
AdwCleaner[S6].txt - [5456 octets] - [28/05/2013 22:45:54]
AdwCleaner[S7].txt - [1403 octets] - [29/05/2013 20:18:05]

########## EOF - C:\AdwCleaner[S7].txt - [1463 octets] ##########


----------



## bdarger (May 6, 2013)

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-05-2013
Ran by brandon at 2013-05-29 20:27:53 Run:
Running from C:\Users\brandon\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

ActiveCheck component for HP Active Support Library (Version: 3.0.0.3)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Agatha Christie - Peril at End House (Version: 2.2.0.95)
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
AVS Update Manager 1.0
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Blackhawk Striker 2 (Version: 2.2.0.95)
Blasterball 3 (Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Bounce Symphony (Version: 2.2.0.95)
Build-a-lot 2 (Version: 2.2.0.95)
Cake Mania (Version: 2.2.0.95)
CCleaner (Version: 3.25)
Chuzzle Deluxe (Version: 2.2.0.95)
Citrix Access Gateway Plug-in (Version: 9.1.101.5)
Citrix Authentication Manager (Version: 3.0.0.47031)
Citrix Receiver (HDX Flash Redirection) (Version: 13.3.0.55)
Citrix Receiver (Version: 13.3.0.55)
Citrix Receiver Inside (Version: 3.3.0.17208)
Citrix Receiver Updater (Version: 3.3.0.17207)
Citrix Receiver(Aero) (Version: 13.3.0.55)
Citrix Receiver(DV) (Version: 13.3.0.55)
Citrix Receiver(USB) (Version: 13.3.0.55)
Citrix XenApp Web Plugin (Version: 11.0.150.5357)
CyberLink DVD Suite (Version: 7.0.3525)
CyberLink YouCam (Version: 3.2.1.3609)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
DMUninstaller
Dora's World Adventure (Version: 2.2.0.95)
DownloadTerms (Version: 1.0)
Energy Star Digital Logo (Version: 1.0.1)
EPSON Artisan 830 Series Printer Uninstall
Epson Connect
Epson Customer Participation (Version: 1.0.0.0)
Epson Download Navigator (Version: 1.0.1)
Epson Easy Photo Print 2 (Version: 2.3.2.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
Epson Event Manager (Version: 2.40.0001)
Epson FAX Utility (Version: 1.20.00)
Epson PC-FAX Driver
EPSON Scan
EPSON WF-7520 Series Printer Uninstall
EpsonNet Print (Version: 2.4j)
EpsonNet Setup 3.3 (Version: 3.3b)
Escape Rosecliff Island (Version: 2.2.0.95)
ESU for Microsoft Windows 7 (Version: 1.0.0)
Farm Frenzy (Version: 2.2.0.95)
FATE (Version: 2.2.0.95)
ffdshow v1.2.4486 [2012-08-25] (Version: 1.2.4486.0)
Final Drive Nitro (Version: 2.2.0.95)
Heroes of Hellas 2 - Olympia (Version: 2.2.0.95)
HP 3D DriveGuard (Version: 4.1.1.6)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP CloudDrive
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.1.0.0)
HP Game Console
HP Games (Version: 1.0.1.5)
HP MovieStore (Version: 1.0.036)
HP MovieStore (Version: 2.0)
HP On Screen Display (Version: 1.0.7)
HP Power Manager (Version: 1.1.2)
HP Quick Launch (Version: 2.3.6)
HP Setup (Version: 8.4.4487.3576)
HP Setup Manager (Version: 1.0.12845.3522)
HP SimplePass 2011 (Version: 5.0.1.448)
HP Software Framework (Version: 4.0.80.1)
HP Support Assistant (Version: 5.1.11.1)
HP Wireless Assistant (Version: 4.0.10.0)
HPAsset component for HP Active Support Library (Version: 3.0.1.0)
IDT Audio (Version: 1.0.6315.0)
Intel(R) Control Center (Version: 1.2.1.1007)
Intel(R) Management Engine Components (Version: 7.0.0.1144)
Intel(R) Processor Graphics (Version: 8.15.10.2266)
Intel(R) Rapid Storage Technology (Version: 10.0.0.1046)
iTunes (Version: 10.7.0.21)
Java 7 Update 10 (Version: 7.0.100)
Java Auto Updater (Version: 2.1.9.0)
Java(TM) 6 Update 22 (64-bit) (Version: 6.0.220)
Java(TM) 6 Update 31 (Version: 6.0.310)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
LabelPrint (Version: 2.5.3429)
LightScribe System Software (Version: 1.18.20.1)
Logitech Desktop Messenger (Version: 2.54.11)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 365 Home Premium - en-us (Version: 15.0.4505.1006)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SkyDrive (Version: 16.4.6013.0910)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery P.I. - The London Caper (Version: 2.2.0.95)
Norton Internet Security (Version: 18.7.2.3)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4505.1006)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4505.1006)
Office 15 Click-to-Run Localization Component (Version: 15.0.4505.1006)
Online Plug-in (Version: 13.3.0.55)
ooVoo (Version: 3.0.7040)
Penguins! (Version: 2.2.0.95)
PictureMover (Version: 3.5.0.35)
Plants vs. Zombies (Version: 2.2.0.95)
PlayReady PC Runtime x86 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Power2Go (Version: 6.1.4725)
Ralink Motorola BC8 Bluetooth 3.0+HS Adapter (Version: 3.0.42.285)
Ralink RT5390 802.11b/g/n WiFi Adapter (Version: 3.1.13.1)
Realtek Ethernet Controller Driver (Version: 7.30.1019.2010)
Realtek PCIE Card Reader (Version: 6.1.7600.69)
Recovery Manager (Version: 1.0.22)
Remote Control USB Driver (Version: 2.3.2.317)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.30.0)
RoxioNow Player (Version: 1.9.5.101)
Self-service Plug-in (Version: 3.3.0.27839)
Sing Along
Synaptics Pointing Device Driver (Version: 15.2.4.4)
TurboTax 2011
TurboTax 2011 wiliper (Version: 011.000.1456)
TurboTax 2011 WinPerFedFormset (Version: 011.000.2596)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0424)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0209)
TurboTax 2011 wrapper (Version: 011.000.0120)
TurboTax 2012 (Version: 2012.0)
TurboTax 2012 wiliper (Version: 012.000.1308)
TurboTax 2012 WinPerFedFormset (Version: 012.000.1881)
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0419)
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0178)
TurboTax 2012 wrapper (Version: 012.000.0127)
Tweaking.com - Windows Repair (All in One) (Version: 1.9.14)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Validity WBF DDK (Version: 4.3.110.0)
Virtual Families (Version: 2.2.0.95)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
Wheel of Fortune 2 (Version: 2.2.0.95)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
WinZip 16.0 (Version: 16.0.9715)
XP Codec Pack
Zuma Deluxe (Version: 2.2.0.95)

==================== Restore Points =========================

09-05-2013 19:48:50 Scheduled Checkpoint
26-05-2013 19:51:25 Removed Skype™ 6.3
26-05-2013 23:16:55 Quitado VAFPlayer
26-05-2013 23:53:35 Removed Skype™ 6.3
27-05-2013 20:51:38 Tweaking.com - Windows Repair
29-05-2013 03:08:09 Windows Update
30-05-2013 00:53:36 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/29/2013 08:19:34 PM) (Source: HP Client Services) (User: )
Description: HP Client Services could not start due to configuration is not available.

Error: (05/29/2013 08:10:05 PM) (Source: HP Client Services) (User: )
Description: HP Client Services could not start due to configuration is not available.

Error: (05/29/2013 07:49:34 PM) (Source: HP Client Services) (User: )
Description: HP Client Services could not start due to configuration is not available.

Error: (05/28/2013 10:47:38 PM) (Source: HP Client Services) (User: )
Description: HP Client Services could not start due to configuration is not available.

Error: (05/28/2013 10:41:21 PM) (Source: HP Client Services) (User: )
Description: HP Client Services could not start due to configuration is not available.

Error: (05/28/2013 10:03:53 PM) (Source: HP Client Services) (User: )
Description: HP Client Services could not start due to configuration is not available.

Error: (05/27/2013 07:25:24 PM) (Source: Application Hang) (User: )
Description: The program SingalngUpdater.exe version 111.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e24

Start Time: 01ce5b39b488cc7f

Termination Time: 0

Application Path: C:\Program Files (x86)\SingAlong\SingalngUpdater.exe

Report Id: 07cf615f-c72d-11e2-a6df-c0f8daf9c608

Error: (05/27/2013 07:24:13 PM) (Source: HP Client Services) (User: )
Description: HP Client Services could not start due to configuration is not available.

Error: (05/27/2013 04:13:49 PM) (Source: HP Client Services) (User: )
Description: HP Client Services could not start due to configuration is not available.

Error: (05/26/2013 02:50:45 PM) (Source: Windows Installer 3.1) (User: )
Description: WindowsNot enough storage is available to process this command.

System errors:
=============
Error: (05/29/2013 08:20:34 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/29/2013 08:19:34 PM) (Source: Service Control Manager) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: 
%%1058

Error: (05/29/2013 08:19:34 PM) (Source: Service Control Manager) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

Error: (05/29/2013 08:19:34 PM) (Source: Service Control Manager) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Error: (05/29/2013 08:11:04 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/29/2013 08:10:04 PM) (Source: Service Control Manager) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: 
%%1058

Error: (05/29/2013 08:10:04 PM) (Source: Service Control Manager) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

Error: (05/29/2013 08:10:04 PM) (Source: Service Control Manager) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Error: (05/29/2013 08:07:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2789645).

Error: (05/29/2013 08:00:34 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================
Error: (05/29/2013 08:19:34 PM) (Source: HP Client Services)(User: )
Description: HP Client Services could not start due to configuration is not available.

Error: (05/29/2013 08:10:05 PM) (Source: HP Client Services)(User: )
Description: HP Client Services could not start due to configuration is not available.

Error: (05/29/2013 07:49:34 PM) (Source: HP Client Services)(User: )
Description: HP Client Services could not start due to configuration is not available.

Error: (05/28/2013 10:47:38 PM) (Source: HP Client Services)(User: )
Description: HP Client Services could not start due to configuration is not available.

Error: (05/28/2013 10:41:21 PM) (Source: HP Client Services)(User: )
Description: HP Client Services could not start due to configuration is not available.

Error: (05/28/2013 10:03:53 PM) (Source: HP Client Services)(User: )
Description: HP Client Services could not start due to configuration is not available.

Error: (05/27/2013 07:25:24 PM) (Source: Application Hang)(User: )
Description: SingalngUpdater.exe111.0.0.0e2401ce5b39b488cc7f0C:\Program Files (x86)\SingAlong\SingalngUpdater.exe07cf615f-c72d-11e2-a6df-c0f8daf9c608

Error: (05/27/2013 07:24:13 PM) (Source: HP Client Services)(User: )
Description: HP Client Services could not start due to configuration is not available.

Error: (05/27/2013 04:13:49 PM) (Source: HP Client Services)(User: )
Description: HP Client Services could not start due to configuration is not available.

Error: (05/26/2013 02:50:45 PM) (Source: Windows Installer 3.1)(User: )
Description: WindowsNot enough storage is available to process this command.

CodeIntegrity Errors:
===================================
Date: 2013-05-27 19:13:33.561
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-27 19:13:33.483
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 6091.86 MB
Available physical RAM: 4015.76 MB
Total Pagefile: 12181.9 MB
Available Pagefile: 10079.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:579.37 GB) (Free:509.48 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.51 GB) (Free:2.07 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 7A823392)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=579 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================


----------



## bdarger (May 6, 2013)

First

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-05-2013
Ran by brandon (administrator) on 29-05-2013 20:27:36
Running from C:\Users\brandon\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
(Citrix Systems, Inc) C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Citrix Systems, Inc) C:\Program Files\Citrix\Secure Access Client\nsload.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Farbar) C:\Users\brandon\Desktop\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-12-01] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp [21705296 2010-11-30] ()
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
HKCU\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-11-22] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2010-12-13] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-10] (Apple Inc.)
HKLM-x32\...\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [380088 2012-07-27] (Citrix Systems, Inc.)
HKU\sexy kate\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-11-22] (Hewlett-Packard Company)
HKU\sexy kate\...\Run: [Artisan 830(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE /FU "C:\Windows\TEMP\E_SA556.tmp" /EF "HKCU" [x]
HKU\sexy kate\...\Run: [WF-7520 Series(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHDA.EXE /FU "C:\Users\SEXYKA~1\AppData\Local\Temp\E_S892C.tmp" /EF "HKCU" [x]
HKU\sexy kate\...\Run: [SearchProtect] C:\Users\sexy kate\AppData\Roaming\SearchProtect\bin\cltmng.exe [x]
Startup: C:\ProgramData\Start Menu\Programs\Startup\Citrix Access Gateway.lnk
ShortcutTarget: Citrix Access Gateway.lnk -> C:\Program Files\Citrix\Secure Access Client\nsload.exe (Citrix Systems, Inc)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
ShortcutTarget: Logitech Desktop Messenger.lnk -> C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {2C481A46-BFAB-41CC-9179-6BCAE70983BE} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3294791&CUI=UN27967944641767224&UM=2
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DownloadTerms - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\brandon\AppData\Local\DownloadTerms\temp.dat No File
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
PDF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - No File
Handler-x32: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [20992] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\4ifshhpy.default
FF Homepage: yahoo.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @Citrix.com/npagee64,version=9.1.101.5 - C:\Program Files\Citrix\Secure Access Client\npagee64.dll (Citrix Systems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npagee,version=9.1.101.5 - C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DownloadTerms - C:\Users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\4ifshhpy.default\Extensions\[email protected]
FF Extension: Ghostery - C:\Users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\4ifshhpy.default\Extensions\[email protected]
FF Extension: No Name - C:\Users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\4ifshhpy.default\Extensions\{197573FA-9BF9-11DF-9D68-A441DFD72085}.xpi
FF Extension: No Name - C:\Users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\4ifshhpy.default\Extensions\{bac3eb53-a317-11e2-8274-b8ac6f996f26}.xpi

==================== Services (Whitelisted) =================

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll [262584 2011-03-31] (Symantec Corporation)
R2 nsverctl; C:\Program Files\Citrix\Secure Access Client\nsverctl.exe [154264 2010-01-19] (Citrix Systems, Inc)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1872568 2013-04-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [1157240 2012-03-02] (Symantec Corporation)
R3 BTMNET; C:\Windows\System32\DRIVERS\btmnet.sys [30208 2010-11-30] (Motorola, Inc.)
R2 cag; C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [93720 2009-10-22] (Citrix Systems, Inc.)
R3 ctxva51; C:\Windows\System32\DRIVERS\ctxva51.sys [45720 2010-01-19] (Citrix Systems, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-08] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120406.002\IDSvia64.sys [488568 2012-02-07] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120406.034\ENG64.SYS [117880 2012-02-08] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120406.034\EX64.SYS [2048632 2012-02-08] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-02-08] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 SRTSP; \SystemRoot\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [x]
R1 SRTSPX; \SystemRoot\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [x]
R0 SymDS; system32\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
R0 SymEFA; system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
R1 SymIRON; \SystemRoot\system32\drivers\NISx64\1207020.003\Ironx64.SYS [x]
R1 SymNetS; \SystemRoot\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-29 20:26 - 2013-05-29 20:27 - 00019180 ____A C:\Users\brandon\Desktop\Addition.txt
2013-05-29 20:25 - 2013-05-29 20:25 - 00000000 ____D C:\FRST
2013-05-29 20:23 - 2013-05-29 20:23 - 01915774 ____A (Farbar) C:\Users\brandon\Desktop\FRST64.exe
2013-05-29 20:20 - 2013-05-29 20:20 - 00001532 ____A C:\Users\brandon\Desktop\AdwCleaner[S7].txt
2013-05-29 20:18 - 2013-05-29 20:18 - 00001532 ____A C:\AdwCleaner[S7].txt
2013-05-29 20:17 - 2013-05-29 20:17 - 00001469 ____A C:\AdwCleaner[R3].txt
2013-05-29 19:59 - 2013-05-29 20:25 - 00002442 ____A C:\Users\brandon\Desktop\Rkill.txt
2013-05-29 19:59 - 2013-05-29 20:23 - 00983680 ____A (Bleeping Computer, LLC) C:\Users\brandon\Desktop\rkill64.exe
2013-05-29 19:59 - 2013-05-29 19:59 - 01796736 ____A (Bleeping Computer, LLC) C:\Users\brandon\Desktop\rkill.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-29 19:58 - 2013-05-29 19:58 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-29 19:58 - 2013-05-29 19:58 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-29 19:58 - 2013-05-29 19:58 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-29 19:58 - 2013-05-29 19:58 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-05-29 19:58 - 2013-05-29 19:58 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-29 19:58 - 2013-05-29 19:58 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-29 19:58 - 2013-05-29 19:58 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-05-29 19:58 - 2013-05-29 19:58 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-29 19:58 - 2013-05-29 19:58 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-05-29 19:58 - 2013-05-29 19:58 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-05-29 19:57 - 2013-05-29 19:57 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-29 19:54 - 2013-05-29 20:02 - 00007985 ____A C:\Windows\IE10_main.log
2013-05-28 22:45 - 2013-05-28 22:46 - 00005456 ____A C:\AdwCleaner[S6].txt
2013-05-28 22:45 - 2013-05-28 22:45 - 00005155 ____A C:\AdwCleaner[R2].txt
2013-05-28 22:45 - 2013-05-28 22:45 - 00005095 ____A C:\AdwCleaner[R1].txt
2013-05-28 22:44 - 2013-05-28 22:44 - 00632031 ____A C:\Users\brandon\Desktop\AdwCleaner.exe
2013-05-28 22:13 - 2013-03-19 01:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-05-28 22:13 - 2013-03-19 00:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-05-28 22:13 - 2013-03-19 00:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-05-28 22:12 - 2013-03-19 00:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-05-28 22:12 - 2013-03-18 23:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-05-28 22:12 - 2013-03-18 22:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-05-27 21:45 - 2013-04-10 01:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-27 21:45 - 2013-04-10 01:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-27 21:45 - 2011-02-03 06:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-27 21:44 - 2013-04-12 09:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-05-27 21:44 - 2013-04-09 22:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-27 21:44 - 2013-03-19 00:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-27 21:44 - 2013-03-19 00:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-27 21:44 - 2013-02-27 01:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-27 21:44 - 2013-02-27 00:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-27 21:44 - 2013-02-27 00:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-27 21:44 - 2013-02-27 00:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-27 21:44 - 2013-02-27 00:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-27 21:44 - 2013-02-26 23:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-27 21:44 - 2013-02-26 23:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-27 21:44 - 2013-02-26 23:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-27 21:44 - 2013-02-15 01:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-05-27 21:44 - 2013-02-15 01:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-05-27 21:44 - 2013-02-15 01:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-05-27 21:44 - 2013-02-14 23:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-05-27 21:44 - 2013-02-14 23:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-05-27 21:44 - 2013-02-14 22:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-05-27 21:44 - 2013-02-11 23:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-05-27 21:44 - 2013-01-24 01:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-05-27 21:44 - 2013-01-04 00:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-05-27 21:44 - 2013-01-03 23:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-05-27 21:44 - 2013-01-03 21:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-05-27 21:44 - 2013-01-03 21:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-05-27 21:44 - 2013-01-03 21:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-05-27 21:44 - 2013-01-03 21:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-05-27 21:44 - 2013-01-03 01:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-05-27 21:44 - 2013-01-03 01:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-05-27 19:16 - 2013-05-27 19:16 - 00023926 ____A C:\ComboFix.txt
2013-05-27 19:07 - 2013-05-27 19:16 - 00000000 ____D C:\Qoobox
2013-05-27 19:07 - 2013-05-27 19:15 - 00000000 ____D C:\Windows\erdnt
2013-05-27 19:07 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-27 19:07 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-27 19:07 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-27 19:07 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-27 19:07 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-27 19:07 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-27 19:07 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-27 19:07 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-27 16:21 - 2013-05-27 16:21 - 05073915 ____R (Swearware) C:\Users\brandon\Desktop\ComboFix.exe
2013-05-27 16:21 - 2013-05-27 16:21 - 00000000 ____A C:\Users\brandon\defogger_reenable
2013-05-27 16:18 - 2013-05-27 16:18 - 00050477 ____A C:\Users\brandon\Desktop\Defogger.exe
2013-05-27 16:13 - 2013-05-29 20:19 - 00000448 ____A C:\Windows\setupact.log
2013-05-27 16:13 - 2013-05-28 22:40 - 00017660 ____A C:\Windows\PFRO.log
2013-05-27 16:13 - 2013-05-27 16:13 - 00000000 ____A C:\Windows\setuperr.log
2013-05-27 15:55 - 2013-05-27 16:12 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-05-27 15:51 - 2013-05-27 15:51 - 00002159 ____A C:\Users\brandon\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-05-27 15:50 - 2013-05-27 15:50 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2013-05-27 15:49 - 2013-05-27 15:49 - 05555190 ____A C:\Users\brandon\Desktop\tweaking.com_windows_repair_aio_setup.exe
2013-05-26 20:24 - 2013-05-26 20:31 - 00000000 ____D C:\Users\brandon\Desktop\hawaii
2013-05-26 15:54 - 2013-05-26 20:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-26 14:53 - 2013-05-26 18:17 - 00000000 ____D C:\Users\brandon\AppData\Roaming\player
2013-05-26 14:50 - 2013-05-29 20:18 - 01629422 ____A C:\Windows\WindowsUpdate.log
2013-05-26 14:50 - 2013-05-26 14:50 - 00000535 ____A C:\Windows\KB893803v2.log
2013-05-26 14:49 - 2013-05-29 20:19 - 00000396 ____A C:\Windows\Tasks\Sing Along Update.job
2013-05-26 14:49 - 2013-05-27 19:13 - 00000000 ____D C:\Users\brandon\AppData\Local\DownloadTerms
2013-05-26 13:58 - 2013-05-26 13:58 - 00000000 ____D C:\Users\brandon\AppData\Roaming\WinRAR
2013-05-26 13:58 - 2013-05-26 13:58 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-05-22 19:49 - 2013-05-22 19:49 - 00000000 ____D C:\Users\brandon\AppData\Roaming\ICAClient
2013-05-09 20:03 - 2013-05-09 20:03 - 00001166 ____A C:\AdwCleaner[S5].txt
2013-05-09 14:11 - 2013-05-09 14:11 - 00000000 ____D C:\Users\brandon\AppData\Roaming\Tific
2013-05-09 13:13 - 2013-05-25 10:47 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-05-09 13:00 - 2013-05-09 13:03 - 00001124 ____A C:\AdwCleaner[S4].txt
2013-05-09 12:55 - 2013-05-09 12:55 - 00001063 ____A C:\AdwCleaner[S3].txt
2013-05-09 12:48 - 2013-05-09 12:49 - 00001003 ____A C:\AdwCleaner[S2].txt
2013-05-09 11:36 - 2013-05-26 13:51 - 00000000 ____D C:\Users\brandon\Desktop\RK_Quarantine
2013-05-09 11:36 - 2013-05-09 11:36 - 00816128 ____A C:\Users\brandon\Desktop\RogueKiller.exe
2013-05-09 10:41 - 2013-05-09 10:41 - 00017813 ____A C:\AdwCleaner[S1].txt
2013-05-09 09:45 - 2013-05-09 09:45 - 00000000 ____D C:\Users\brandon\Desktop\rkill
2013-05-08 23:36 - 2013-05-08 23:36 - 00024736 ____A C:\Users\brandon\Desktop\attach.txt
2013-05-08 23:36 - 2013-05-08 23:36 - 00019365 ____A C:\Users\brandon\Desktop\dds.txt
2013-05-08 23:34 - 2013-05-08 23:34 - 00688992 ____R (Swearware) C:\Users\brandon\Desktop\dds.scr
2013-05-08 14:16 - 2013-05-08 14:17 - 00165376 ____A C:\Users\brandon\Desktop\SystemLook_x64.exe
2013-05-07 16:13 - 2013-05-07 16:13 - 00000000 ____D C:\Users\sexy kate\AppData\Local\Google
2013-05-07 15:02 - 2013-05-07 15:02 - 00000123 ____A C:\Users\brandon\Desktop\Microsoft Fix it.url
2013-05-07 14:58 - 2013-05-07 16:07 - 00000000 ____D C:\MATS
2013-05-05 14:17 - 2013-05-05 14:17 - 00000000 ____A C:\ProgramData\GA8d2eJR.dat
2013-05-05 14:13 - 2013-05-05 14:13 - 00000000 ____D C:\Users\brandon\AppData\Roaming\Roxio Log Files
2013-05-01 22:06 - 2013-05-01 22:06 - 00000000 ____D C:\Users\brandon\AppData\Local\Symantec

==================== One Month Modified Files and Folders =======

2013-05-29 20:27 - 2013-05-29 20:26 - 00019180 ____A C:\Users\brandon\Desktop\Addition.txt
2013-05-29 20:25 - 2013-05-29 20:25 - 00000000 ____D C:\FRST
2013-05-29 20:25 - 2013-05-29 19:59 - 00002442 ____A C:\Users\brandon\Desktop\Rkill.txt
2013-05-29 20:25 - 2009-07-14 00:13 - 00783310 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-29 20:23 - 2013-05-29 20:23 - 01915774 ____A (Farbar) C:\Users\brandon\Desktop\FRST64.exe
2013-05-29 20:23 - 2013-05-29 19:59 - 00983680 ____A (Bleeping Computer, LLC) C:\Users\brandon\Desktop\rkill64.exe
2013-05-29 20:20 - 2013-05-29 20:20 - 00001532 ____A C:\Users\brandon\Desktop\AdwCleaner[S7].txt
2013-05-29 20:19 - 2013-05-27 16:13 - 00000448 ____A C:\Windows\setupact.log
2013-05-29 20:19 - 2013-05-26 14:49 - 00000396 ____A C:\Windows\Tasks\Sing Along Update.job
2013-05-29 20:19 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-29 20:18 - 2013-05-29 20:18 - 00001532 ____A C:\AdwCleaner[S7].txt
2013-05-29 20:18 - 2013-05-26 14:50 - 01629422 ____A C:\Windows\WindowsUpdate.log
2013-05-29 20:17 - 2013-05-29 20:17 - 00001469 ____A C:\AdwCleaner[R3].txt
2013-05-29 20:15 - 2009-07-13 23:45 - 00023248 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-29 20:15 - 2009-07-13 23:45 - 00023248 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-29 20:10 - 2009-09-06 20:57 - 00000000 ____D C:\Windows\Panther
2013-05-29 20:07 - 2012-03-28 20:42 - 00777526 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-05-29 20:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-05-29 20:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-05-29 20:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-05-29 20:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-05-29 20:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-05-29 20:02 - 2013-05-29 19:54 - 00007985 ____A C:\Windows\IE10_main.log
2013-05-29 19:59 - 2013-05-29 19:59 - 01796736 ____A (Bleeping Computer, LLC) C:\Users\brandon\Desktop\rkill.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-29 19:58 - 2013-05-29 19:58 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-29 19:58 - 2013-05-29 19:58 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-29 19:58 - 2013-05-29 19:58 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-29 19:58 - 2013-05-29 19:58 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-05-29 19:58 - 2013-05-29 19:58 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-29 19:58 - 2013-05-29 19:58 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-29 19:58 - 2013-05-29 19:58 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-05-29 19:58 - 2013-05-29 19:58 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-29 19:58 - 2013-05-29 19:58 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-05-29 19:58 - 2013-05-29 19:58 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-05-29 19:58 - 2013-05-29 19:58 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-29 19:58 - 2013-05-29 19:58 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-05-29 19:57 - 2013-05-29 19:57 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-29 19:57 - 2013-05-29 19:57 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-29 19:53 - 2012-07-07 13:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-28 22:46 - 2013-05-28 22:45 - 00005456 ____A C:\AdwCleaner[S6].txt
2013-05-28 22:45 - 2013-05-28 22:45 - 00005155 ____A C:\AdwCleaner[R2].txt
2013-05-28 22:45 - 2013-05-28 22:45 - 00005095 ____A C:\AdwCleaner[R1].txt
2013-05-28 22:44 - 2013-05-28 22:44 - 00632031 ____A C:\Users\brandon\Desktop\AdwCleaner.exe
2013-05-28 22:41 - 2009-07-13 23:45 - 00446776 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-28 22:40 - 2013-05-27 16:13 - 00017660 ____A C:\Windows\PFRO.log
2013-05-28 22:40 - 2012-02-08 16:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-28 22:40 - 2012-02-08 16:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-05-28 22:38 - 2012-02-09 00:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-28 22:07 - 2012-06-03 13:33 - 00000000 ____D C:\Users\brandon\Desktop\rent
2013-05-27 21:42 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-05-27 21:39 - 2012-02-07 19:59 - 00114488 ____A C:\Users\sexy kate\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-27 21:38 - 2012-02-13 21:44 - 00000348 ____A C:\Windows\Tasks\HPCeeScheduleForsexy kate.job
2013-05-27 19:24 - 2012-02-20 21:37 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForbrandon.job
2013-05-27 19:16 - 2013-05-27 19:16 - 00023926 ____A C:\ComboFix.txt
2013-05-27 19:16 - 2013-05-27 19:07 - 00000000 ____D C:\Qoobox
2013-05-27 19:15 - 2013-05-27 19:07 - 00000000 ____D C:\Windows\erdnt
2013-05-27 19:14 - 2009-07-13 21:34 - 00000215 ____A C:\Windows\system.ini
2013-05-27 19:13 - 2013-05-26 14:49 - 00000000 ____D C:\Users\brandon\AppData\Local\DownloadTerms
2013-05-27 18:31 - 2012-02-13 21:42 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-05-27 16:21 - 2013-05-27 16:21 - 05073915 ____R (Swearware) C:\Users\brandon\Desktop\ComboFix.exe
2013-05-27 16:21 - 2013-05-27 16:21 - 00000000 ____A C:\Users\brandon\defogger_reenable
2013-05-27 16:21 - 2012-02-07 18:53 - 00000000 ____D C:\users\brandon
2013-05-27 16:18 - 2013-05-27 16:18 - 00050477 ____A C:\Users\brandon\Desktop\Defogger.exe
2013-05-27 16:14 - 2012-02-07 19:00 - 00114488 ____A C:\Users\brandon\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-27 16:13 - 2013-05-27 16:13 - 00000000 ____A C:\Windows\setuperr.log
2013-05-27 16:13 - 2012-05-05 17:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-27 16:13 - 2012-02-07 17:36 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-05-27 16:12 - 2013-05-27 15:55 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-05-27 15:51 - 2013-05-27 15:51 - 00002159 ____A C:\Users\brandon\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-05-27 15:50 - 2013-05-27 15:50 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2013-05-27 15:49 - 2013-05-27 15:49 - 05555190 ____A C:\Users\brandon\Desktop\tweaking.com_windows_repair_aio_setup.exe
2013-05-26 21:11 - 2012-02-07 18:13 - 00000000 ____D C:\ProgramData\PictureMover
2013-05-26 20:39 - 2013-05-26 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-26 20:31 - 2013-05-26 20:24 - 00000000 ____D C:\Users\brandon\Desktop\hawaii
2013-05-26 18:53 - 2013-03-24 15:52 - 00000000 ____D C:\Users\brandon\AppData\Roaming\Skype
2013-05-26 18:53 - 2012-02-13 13:32 - 00000000 ____D C:\ProgramData\Skype
2013-05-26 18:17 - 2013-05-26 14:53 - 00000000 ____D C:\Users\brandon\AppData\Roaming\player
2013-05-26 14:50 - 2013-05-26 14:50 - 00000535 ____A C:\Windows\KB893803v2.log
2013-05-26 14:20 - 2012-12-13 18:53 - 00000000 ____D C:\Windows\Minidump
2013-05-26 14:20 - 2012-02-13 13:46 - 00000000 ____D C:\Users\brandon\AppData\Local\CrashDumps
2013-05-26 13:58 - 2013-05-26 13:58 - 00000000 ____D C:\Users\brandon\AppData\Roaming\WinRAR
2013-05-26 13:58 - 2013-05-26 13:58 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-05-26 13:51 - 2013-05-09 11:36 - 00000000 ____D C:\Users\brandon\Desktop\RK_Quarantine
2013-05-25 10:53 - 2012-04-01 12:03 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-25 10:53 - 2012-02-08 12:03 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-25 10:47 - 2013-05-09 13:13 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-05-25 10:28 - 2012-11-26 22:35 - 00000000 ____D C:\Users\brandon\Desktop\New folder
2013-05-22 20:04 - 2013-02-23 15:11 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-05-22 19:49 - 2013-05-22 19:49 - 00000000 ____D C:\Users\brandon\AppData\Roaming\ICAClient
2013-05-22 19:49 - 2012-02-08 12:02 - 00000000 ____D C:\Users\brandon\AppData\Local\Citrix
2013-05-20 19:15 - 2012-02-07 20:43 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-05-20 19:15 - 2012-02-07 20:37 - 00000000 ____D C:\Users\sexy kate\AppData\Local\Citrix
2013-05-20 19:15 - 2012-02-07 20:37 - 00000000 ____D C:\ProgramData\Citrix
2013-05-20 19:10 - 2012-03-10 12:36 - 00000346 ____A C:\Windows\Tasks\HPCeeScheduleForBRANDON-HP$.job
2013-05-09 23:02 - 2013-02-23 15:05 - 03272704 ____A C:\Users\brandon\Desktop\wedding address.mdb
2013-05-09 20:03 - 2013-05-09 20:03 - 00001166 ____A C:\AdwCleaner[S5].txt
2013-05-09 20:02 - 2012-04-09 18:13 - 00001854 ____A C:\Users\brandon\AppData\Roaming\GhostObjGAFix.xml
2013-05-09 14:11 - 2013-05-09 14:11 - 00000000 ____D C:\Users\brandon\AppData\Roaming\Tific
2013-05-09 13:03 - 2013-05-09 13:00 - 00001124 ____A C:\AdwCleaner[S4].txt
2013-05-09 12:55 - 2013-05-09 12:55 - 00001063 ____A C:\AdwCleaner[S3].txt
2013-05-09 12:49 - 2013-05-09 12:48 - 00001003 ____A C:\AdwCleaner[S2].txt
2013-05-09 11:36 - 2013-05-09 11:36 - 00816128 ____A C:\Users\brandon\Desktop\RogueKiller.exe
2013-05-09 10:41 - 2013-05-09 10:41 - 00017813 ____A C:\AdwCleaner[S1].txt
2013-05-09 09:45 - 2013-05-09 09:45 - 00000000 ____D C:\Users\brandon\Desktop\rkill
2013-05-08 23:36 - 2013-05-08 23:36 - 00024736 ____A C:\Users\brandon\Desktop\attach.txt
2013-05-08 23:36 - 2013-05-08 23:36 - 00019365 ____A C:\Users\brandon\Desktop\dds.txt
2013-05-08 23:34 - 2013-05-08 23:34 - 00688992 ____R (Swearware) C:\Users\brandon\Desktop\dds.scr
2013-05-08 14:17 - 2013-05-08 14:16 - 00165376 ____A C:\Users\brandon\Desktop\SystemLook_x64.exe
2013-05-08 01:10 - 2011-02-20 00:03 - 00421200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-05-07 22:22 - 2012-10-21 19:13 - 00000000 ____D C:\Windows\SysWOW64\languages
2013-05-07 22:22 - 2012-02-07 19:59 - 00000000 ____D C:\users\sexy kate
2013-05-07 22:22 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\security
2013-05-07 22:21 - 2012-06-10 19:21 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-05-07 22:21 - 2012-02-15 18:17 - 00000000 ____D C:\Program Files\Bonjour
2013-05-07 22:21 - 2012-02-15 18:17 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-05-07 22:21 - 2012-02-07 18:14 - 00000000 ____D C:\ProgramData\Norton
2013-05-07 22:21 - 2012-02-07 18:14 - 00000000 ____D C:\Program Files (x86)\HP SimplePass 2011
2013-05-07 22:21 - 2012-02-07 18:08 - 00000000 ____D C:\ProgramData\FLEXnet
2013-05-07 22:21 - 2011-01-10 22:45 - 00000000 ____D C:\ProgramData\RoxioNow
2013-05-07 22:21 - 2011-01-10 22:39 - 00000000 ____D C:\ProgramData\WildTangent
2013-05-07 22:21 - 2011-01-10 22:39 - 00000000 ____D C:\Program Files (x86)\HP Games
2013-05-07 22:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-05-07 19:54 - 2009-09-06 19:40 - 00000000 ____D C:\SwSetup
2013-05-07 16:13 - 2013-05-07 16:13 - 00000000 ____D C:\Users\sexy kate\AppData\Local\Google
2013-05-07 16:07 - 2013-05-07 14:58 - 00000000 ____D C:\MATS
2013-05-07 15:02 - 2013-05-07 15:02 - 00000123 ____A C:\Users\brandon\Desktop\Microsoft Fix it.url
2013-05-06 15:18 - 2012-02-07 18:55 - 00000000 ____D C:\Users\brandon\AppData\Roaming\Hewlett-Packard
2013-05-05 14:17 - 2013-05-05 14:17 - 00000000 ____A C:\ProgramData\GA8d2eJR.dat
2013-05-05 14:13 - 2013-05-05 14:13 - 00000000 ____D C:\Users\brandon\AppData\Roaming\Roxio Log Files
2013-05-01 22:06 - 2013-05-01 22:06 - 00000000 ____D C:\Users\brandon\AppData\Local\Symantec
2013-05-01 21:10 - 2012-02-07 22:57 - 00000000 ____D C:\Users\sexy kate\AppData\Local\CrashDumps
2013-05-01 20:03 - 2013-04-12 05:29 - 00006490 ____A C:\Users\sexy kate\AppData\Local\bac3eb53-a317-11e2-8274-b8ac6f996f26.crx
2013-05-01 20:03 - 2013-04-11 21:21 - 00006490 ____A C:\Users\brandon\AppData\Local\bac3eb53-a317-11e2-8274-b8ac6f996f26.crx
2013-04-29 21:34 - 2012-07-30 21:24 - 00001854 ____A C:\Users\sexy kate\AppData\Roaming\GhostObjGAFix.xml

Other Malware:
===========
C:\ProgramData\GA8d2eJR.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-05-27 18:16

==================== End Of Log ============================


----------



## Mark1956 (May 7, 2011)

The logs are looking much better, just one persistent item of Adware in the ADWCleaner log.

Please tell me how well the system is running now.

Please run ADWCleaner again and post the log.


----------



## bdarger (May 6, 2013)

AdwCleaner log below

# AdwCleaner v2.301 - Logfile created 05/30/2013 at 19:40:03
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : brandon - BRANDON-HP
# Boot Mode : Normal
# Running from : C:\Users\brandon\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\4ifshhpy.default\prefs.js

[OK] File is clean.

File : C:\Users\sexy kate\AppData\Roaming\Mozilla\Firefox\Profiles\qk70dgxy.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5095 octets] - [28/05/2013 22:45:01]
AdwCleaner[R2].txt - [5155 octets] - [28/05/2013 22:45:47]
AdwCleaner[R3].txt - [1469 octets] - [29/05/2013 20:17:35]
AdwCleaner[R4].txt - [1524 octets] - [30/05/2013 19:39:49]
AdwCleaner[S1].txt - [17813 octets] - [09/05/2013 10:41:19]
AdwCleaner[S2].txt - [1003 octets] - [09/05/2013 12:48:54]
AdwCleaner[S3].txt - [1063 octets] - [09/05/2013 12:55:45]
AdwCleaner[S4].txt - [1124 octets] - [09/05/2013 13:00:12]
AdwCleaner[S5].txt - [1166 octets] - [09/05/2013 20:03:42]
AdwCleaner[S6].txt - [5456 octets] - [28/05/2013 22:45:54]
AdwCleaner[S7].txt - [1532 octets] - [29/05/2013 20:18:05]
AdwCleaner[S8].txt - [1456 octets] - [30/05/2013 19:40:03]

########## EOF - C:\AdwCleaner[S8].txt - [1516 octets] ##########


----------



## bdarger (May 6, 2013)

For some reason the computer seems to be running slowly. Also Internet Explorer will not work correctly. Mozilla works fine but if you put anything in the address bar on Internet Explorer it will not change from the home page. Not sure why it is running slowly either.....


----------



## Mark1956 (May 7, 2011)

ADWCleaner has now produced a clean log.

Please follow this:


Click on *Start* and type *cmd* in the search box. Right click on *cmd* in the popup menu and select *Run as Administrator*.
Another box will open, at the Command Prompt, type *sfc /scannow* and press Enter. (Note the gap between the c and the /) 
Let the check run to completion. *DO NOT* reboot the PC or close the *cmd* window.
Copy & Paste the following command at the Command Prompt and press Enter:

* findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt*


This will place a file on your desktop called *sfcdetails.txt* which contains the results of the scan.
Copy and Paste the contents of the file into your next post.


----------



## bdarger (May 6, 2013)

It seems to be running ok now. Internet Explorer still will not work though. Not sure why

2013-06-01 13:59:38, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 13:59:38, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2013-06-01 13:59:40, Info CSI 0000000c [SR] Verify complete
2013-06-01 13:59:40, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 13:59:40, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2013-06-01 13:59:42, Info CSI 00000010 [SR] Verify complete
2013-06-01 13:59:42, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 13:59:42, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2013-06-01 13:59:43, Info CSI 00000014 [SR] Verify complete
2013-06-01 13:59:43, Info CSI 00000015 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 13:59:43, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2013-06-01 13:59:45, Info CSI 00000018 [SR] Verify complete
2013-06-01 13:59:46, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 13:59:46, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2013-06-01 13:59:49, Info CSI 0000001c [SR] Verify complete
2013-06-01 13:59:49, Info CSI 0000001d [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 13:59:49, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2013-06-01 13:59:52, Info CSI 00000020 [SR] Verify complete
2013-06-01 13:59:52, Info CSI 00000021 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 13:59:52, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2013-06-01 13:59:54, Info CSI 00000024 [SR] Verify complete
2013-06-01 13:59:54, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 13:59:54, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2013-06-01 13:59:58, Info CSI 00000028 [SR] Verify complete
2013-06-01 13:59:58, Info CSI 00000029 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 13:59:58, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2013-06-01 14:00:00, Info CSI 0000002c [SR] Verify complete
2013-06-01 14:00:01, Info CSI 0000002d [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:00:01, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2013-06-01 14:00:03, Info CSI 00000030 [SR] Verify complete
2013-06-01 14:00:03, Info CSI 00000031 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:00:03, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2013-06-01 14:00:06, Info CSI 00000034 [SR] Verify complete
2013-06-01 14:00:06, Info CSI 00000035 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:00:06, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2013-06-01 14:00:11, Info CSI 00000039 [SR] Verify complete
2013-06-01 14:00:11, Info CSI 0000003a [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:00:11, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2013-06-01 14:00:15, Info CSI 00000040 [SR] Verify complete
2013-06-01 14:00:15, Info CSI 00000041 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:00:15, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2013-06-01 14:00:19, Info CSI 00000044 [SR] Verify complete
2013-06-01 14:00:19, Info CSI 00000045 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:00:19, Info CSI 00000046 [SR] Beginning Verify and Repair transaction
2013-06-01 14:00:23, Info CSI 00000048 [SR] Verify complete
2013-06-01 14:00:23, Info CSI 00000049 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:00:23, Info CSI 0000004a [SR] Beginning Verify and Repair transaction
2013-06-01 14:00:26, Info CSI 0000006b [SR] Verify complete
2013-06-01 14:00:26, Info CSI 0000006c [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:00:26, Info CSI 0000006d [SR] Beginning Verify and Repair transaction
2013-06-01 14:00:30, Info CSI 00000072 [SR] Verify complete
2013-06-01 14:00:30, Info CSI 00000073 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:00:30, Info CSI 00000074 [SR] Beginning Verify and Repair transaction
2013-06-01 14:00:35, Info CSI 00000076 [SR] Verify complete
2013-06-01 14:00:35, Info CSI 00000077 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:00:35, Info CSI 00000078 [SR] Beginning Verify and Repair transaction
2013-06-01 14:00:39, Info CSI 0000007a [SR] Verify complete
2013-06-01 14:00:39, Info CSI 0000007b [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:00:39, Info CSI 0000007c [SR] Beginning Verify and Repair transaction
2013-06-01 14:00:44, Info CSI 0000007e [SR] Verify complete
2013-06-01 14:00:44, Info CSI 0000007f [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:00:44, Info CSI 00000080 [SR] Beginning Verify and Repair transaction
2013-06-01 14:00:48, Info CSI 00000082 [SR] Verify complete
2013-06-01 14:00:48, Info CSI 00000083 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:00:48, Info CSI 00000084 [SR] Beginning Verify and Repair transaction
2013-06-01 14:00:54, Info CSI 00000086 [SR] Verify complete
2013-06-01 14:00:54, Info CSI 00000087 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:00:54, Info CSI 00000088 [SR] Beginning Verify and Repair transaction
2013-06-01 14:01:02, Info CSI 000000a8 [SR] Verify complete
2013-06-01 14:01:02, Info CSI 000000a9 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:01:02, Info CSI 000000aa [SR] Beginning Verify and Repair transaction
2013-06-01 14:01:09, Info CSI 000000ac [SR] Verify complete
2013-06-01 14:01:09, Info CSI 000000ad [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:01:09, Info CSI 000000ae [SR] Beginning Verify and Repair transaction
2013-06-01 14:01:24, Info CSI 000000b0 [SR] Verify complete
2013-06-01 14:01:25, Info CSI 000000b1 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:01:25, Info CSI 000000b2 [SR] Beginning Verify and Repair transaction
2013-06-01 14:01:28, Info CSI 000000b6 [SR] Verify complete
2013-06-01 14:01:28, Info CSI 000000b7 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:01:28, Info CSI 000000b8 [SR] Beginning Verify and Repair transaction
2013-06-01 14:01:30, Info CSI 000000ba [SR] Verify complete
2013-06-01 14:01:31, Info CSI 000000bb [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:01:31, Info CSI 000000bc [SR] Beginning Verify and Repair transaction
2013-06-01 14:01:32, Info CSI 000000be [SR] Verify complete
2013-06-01 14:01:32, Info CSI 000000bf [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:01:32, Info CSI 000000c0 [SR] Beginning Verify and Repair transaction
2013-06-01 14:01:37, Info CSI 000000cd [SR] Verify complete
2013-06-01 14:01:37, Info CSI 000000ce [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:01:37, Info CSI 000000cf [SR] Beginning Verify and Repair transaction
2013-06-01 14:01:40, Info CSI 000000d6 [SR] Verify complete
2013-06-01 14:01:40, Info CSI 000000d7 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:01:40, Info CSI 000000d8 [SR] Beginning Verify and Repair transaction
2013-06-01 14:01:41, Info CSI 000000da [SR] Verify complete
2013-06-01 14:01:41, Info CSI 000000db [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:01:41, Info CSI 000000dc [SR] Beginning Verify and Repair transaction
2013-06-01 14:01:45, Info CSI 000000de [SR] Verify complete
2013-06-01 14:01:45, Info CSI 000000df [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:01:45, Info CSI 000000e0 [SR] Beginning Verify and Repair transaction
2013-06-01 14:01:49, Info CSI 000000e2 [SR] Verify complete
2013-06-01 14:01:49, Info CSI 000000e3 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:01:49, Info CSI 000000e4 [SR] Beginning Verify and Repair transaction
2013-06-01 14:01:56, Info CSI 000000e8 [SR] Verify complete
2013-06-01 14:01:57, Info CSI 000000e9 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:01:57, Info CSI 000000ea [SR] Beginning Verify and Repair transaction
2013-06-01 14:02:01, Info CSI 000000ec [SR] Verify complete
2013-06-01 14:02:01, Info CSI 000000ed [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:02:01, Info CSI 000000ee [SR] Beginning Verify and Repair transaction
2013-06-01 14:02:03, Info CSI 000000f0 [SR] Verify complete
2013-06-01 14:02:03, Info CSI 000000f1 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:02:03, Info CSI 000000f2 [SR] Beginning Verify and Repair transaction
2013-06-01 14:02:08, Info CSI 000000f4 [SR] Verify complete
2013-06-01 14:02:08, Info CSI 000000f5 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:02:08, Info CSI 000000f6 [SR] Beginning Verify and Repair transaction
2013-06-01 14:02:12, Info CSI 000000f8 [SR] Verify complete
2013-06-01 14:02:12, Info CSI 000000f9 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:02:12, Info CSI 000000fa [SR] Beginning Verify and Repair transaction
2013-06-01 14:02:17, Info CSI 000000fc [SR] Verify complete
2013-06-01 14:02:17, Info CSI 000000fd [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:02:17, Info CSI 000000fe [SR] Beginning Verify and Repair transaction
2013-06-01 14:02:25, Info CSI 00000108 [SR] Verify complete
2013-06-01 14:02:25, Info CSI 00000109 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:02:25, Info CSI 0000010a [SR] Beginning Verify and Repair transaction
2013-06-01 14:02:29, Info CSI 0000011a [SR] Verify complete
2013-06-01 14:02:30, Info CSI 0000011b [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:02:30, Info CSI 0000011c [SR] Beginning Verify and Repair transaction
2013-06-01 14:02:34, Info  CSI 0000011e [SR] Verify complete
2013-06-01 14:02:35, Info CSI 0000011f [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:02:35, Info CSI 00000120 [SR] Beginning Verify and Repair transaction
2013-06-01 14:02:48, Info CSI 00000122 [SR] Verify complete
2013-06-01 14:02:48, Info CSI 00000123 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:02:48, Info CSI 00000124 [SR] Beginning Verify and Repair transaction
2013-06-01 14:02:57, Info CSI 00000127 [SR] Verify complete
2013-06-01 14:02:58, Info CSI 00000128 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:02:58, Info CSI 00000129 [SR] Beginning Verify and Repair transaction
2013-06-01 14:03:03, Info CSI 0000012b [SR] Verify complete
2013-06-01 14:03:03, Info CSI 0000012c [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:03:03, Info CSI 0000012d [SR] Beginning Verify and Repair transaction
2013-06-01 14:03:08, Info CSI 0000012f [SR] Verify complete
2013-06-01 14:03:08, Info CSI 00000130 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:03:08, Info CSI 00000131 [SR] Beginning Verify and Repair transaction
2013-06-01 14:03:12, Info CSI 00000133 [SR] Verify complete
2013-06-01 14:03:12, Info CSI 00000134 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:03:12, Info CSI 00000135 [SR] Beginning Verify and Repair transaction
2013-06-01 14:03:17, Info CSI 00000139 [SR] Verify complete
2013-06-01 14:03:17, Info CSI 0000013a [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:03:17, Info CSI 0000013b [SR] Beginning Verify and Repair transaction
2013-06-01 14:03:25, Info CSI 0000013d [SR] Verify complete
2013-06-01 14:03:25, Info CSI 0000013e [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:03:25, Info CSI 0000013f [SR] Beginning Verify and Repair transaction
2013-06-01 14:03:32, Info CSI 00000142 [SR] Verify complete
2013-06-01 14:03:32, Info CSI 00000143 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:03:32, Info CSI 00000144 [SR] Beginning Verify and Repair transaction
2013-06-01 14:03:37, Info CSI 00000146 [SR] Verify complete
2013-06-01 14:03:37, Info CSI 00000147 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:03:37, Info CSI 00000148 [SR] Beginning Verify and Repair transaction
2013-06-01 14:03:41, Info CSI 0000014b [SR] Verify complete
2013-06-01 14:03:41, Info CSI 0000014c [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:03:41, Info CSI 0000014d [SR] Beginning Verify and Repair transaction
2013-06-01 14:03:48, Info CSI 00000150 [SR] Verify complete
2013-06-01 14:03:48, Info CSI 00000151 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:03:48, Info CSI 00000152 [SR] Beginning Verify and Repair transaction
2013-06-01 14:03:54, Info CSI 00000154 [SR] Verify complete
2013-06-01 14:03:54, Info CSI 00000155 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:03:54, Info CSI 00000156 [SR] Beginning Verify and Repair transaction
2013-06-01 14:03:58, Info CSI 00000158 [SR] Verify complete
2013-06-01 14:03:58, Info CSI 00000159 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:03:58, Info CSI 0000015a [SR] Beginning Verify and Repair transaction
2013-06-01 14:04:01, Info CSI 0000015c [SR] Verify complete
2013-06-01 14:04:01, Info CSI 0000015d [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:04:01, Info CSI 0000015e [SR] Beginning Verify and Repair transaction
2013-06-01 14:04:06, Info CSI 00000161 [SR] Verify complete
2013-06-01 14:04:06, Info CSI 00000162 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:04:06, Info CSI 00000163 [SR] Beginning Verify and Repair transaction
2013-06-01 14:04:10, Info CSI 00000165 [SR] Verify complete
2013-06-01 14:04:10, Info CSI 00000166 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:04:10, Info CSI 00000167 [SR] Beginning Verify and Repair transaction
2013-06-01 14:04:14, Info CSI 00000169 [SR] Verify complete
2013-06-01 14:04:14, Info CSI 0000016a [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:04:14, Info CSI 0000016b [SR] Beginning Verify and Repair transaction
2013-06-01 14:04:19, Info CSI 0000016e [SR] Verify complete
2013-06-01 14:04:19, Info CSI 0000016f [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:04:19, Info CSI 00000170 [SR] Beginning Verify and Repair transaction
2013-06-01 14:04:24, Info CSI 00000174 [SR] Verify complete
2013-06-01 14:04:24, Info CSI 00000175 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:04:24, Info CSI 00000176 [SR] Beginning Verify and Repair transaction
2013-06-01 14:04:29, Info CSI 00000178 [SR] Verify complete
2013-06-01 14:04:29, Info CSI 00000179 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:04:29, Info CSI 0000017a [SR] Beginning Verify and Repair transaction
2013-06-01 14:04:36, Info CSI 0000017d [SR] Verify complete
2013-06-01 14:04:36, Info CSI 0000017e [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:04:36, Info CSI 0000017f [SR] Beginning Verify and Repair transaction
2013-06-01 14:04:40, Info CSI 00000181 [SR] Verify complete
2013-06-01 14:04:40, Info CSI 00000182 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:04:40, Info CSI 00000183 [SR] Beginning Verify and Repair transaction
2013-06-01 14:04:41, Info CSI 00000185 [SR] Verify complete
2013-06-01 14:04:41, Info CSI 00000186 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:04:41, Info CSI 00000187 [SR] Beginning Verify and Repair transaction
2013-06-01 14:04:45, Info CSI 00000189 [SR] Verify complete
2013-06-01 14:04:45, Info CSI 0000018a [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:04:45, Info CSI 0000018b [SR] Beginning Verify and Repair transaction
2013-06-01 14:04:48, Info CSI 0000018d [SR] Verify complete
2013-06-01 14:04:48, Info CSI 0000018e [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:04:48, Info CSI 0000018f [SR] Beginning Verify and Repair transaction
2013-06-01 14:04:53, Info CSI 00000191 [SR] Verify complete
2013-06-01 14:04:53, Info  CSI 00000192 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:04:53, Info CSI 00000193 [SR] Beginning Verify and Repair transaction
2013-06-01 14:04:57, Info CSI 00000195 [SR] Verify complete
2013-06-01 14:04:57, Info CSI 00000196 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:04:57, Info CSI 00000197 [SR] Beginning Verify and Repair transaction
2013-06-01 14:05:03, Info CSI 00000199 [SR] Verify complete
2013-06-01 14:05:03, Info CSI 0000019a [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:05:03, Info CSI 0000019b [SR] Beginning Verify and Repair transaction
2013-06-01 14:05:22, Info CSI 0000019d [SR] Verify complete
2013-06-01 14:05:22, Info CSI 0000019e [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:05:22, Info CSI 0000019f [SR] Beginning Verify and Repair transaction
2013-06-01 14:05:45, Info CSI 000001a1 [SR] Verify complete
2013-06-01 14:05:45, Info CSI 000001a2 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:05:45, Info CSI 000001a3 [SR] Beginning Verify and Repair transaction
2013-06-01 14:05:49, Info CSI 000001a5 [SR] Verify complete
2013-06-01 14:05:49, Info CSI 000001a6 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:05:49, Info CSI 000001a7 [SR] Beginning Verify and Repair transaction
2013-06-01 14:05:53, Info CSI 000001a9 [SR] Verify complete
2013-06-01 14:05:53, Info CSI 000001aa [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:05:53, Info CSI 000001ab [SR] Beginning Verify and Repair transaction
2013-06-01 14:05:54, Info CSI 000001ad [SR] Verify complete
2013-06-01 14:05:54, Info CSI 000001ae [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:05:54, Info CSI 000001af [SR] Beginning Verify and Repair transaction
2013-06-01 14:05:57, Info CSI 000001b1 [SR] Verify complete
2013-06-01 14:05:58, Info CSI 000001b2 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:05:58, Info CSI 000001b3 [SR] Beginning Verify and Repair transaction
2013-06-01 14:06:02, Info CSI 000001b5 [SR] Verify complete
2013-06-01 14:06:02, Info CSI 000001b6 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:06:02, Info CSI 000001b7 [SR] Beginning Verify and Repair transaction
2013-06-01 14:06:04, Info CSI 000001b9 [SR] Verify complete
2013-06-01 14:06:04, Info CSI 000001ba [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:06:04, Info CSI 000001bb [SR] Beginning Verify and Repair transaction
2013-06-01 14:06:05, Info CSI 000001bd [SR] Verify complete
2013-06-01 14:06:05, Info CSI 000001be [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:06:05, Info CSI 000001bf [SR] Beginning Verify and Repair transaction
2013-06-01 14:06:10, Info CSI 000001c7 [SR] Verify complete
2013-06-01 14:06:10, Info CSI 000001c8 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:06:10, Info CSI 000001c9 [SR] Beginning Verify and Repair transaction
2013-06-01 14:06:14, Info CSI 000001cb [SR] Verify complete
2013-06-01 14:06:14, Info CSI 000001cc [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:06:14, Info CSI 000001cd [SR] Beginning Verify and Repair transaction
2013-06-01 14:06:16, Info CSI 000001cf [SR] Verify complete
2013-06-01 14:06:16, Info CSI 000001d0 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:06:16, Info CSI 000001d1 [SR] Beginning Verify and Repair transaction
2013-06-01 14:06:19, Info CSI 000001d3 [SR] Verify complete
2013-06-01 14:06:19, Info CSI 000001d4 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:06:19, Info CSI 000001d5 [SR] Beginning Verify and Repair transaction
2013-06-01 14:06:23, Info CSI 000001d7 [SR] Verify complete
2013-06-01 14:06:23, Info CSI 000001d8 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:06:23, Info CSI 000001d9 [SR] Beginning Verify and Repair transaction
2013-06-01 14:06:27, Info CSI 000001dc [SR] Verify complete
2013-06-01 14:06:28, Info CSI 000001dd [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:06:28, Info CSI 000001de [SR] Beginning Verify and Repair transaction
2013-06-01 14:06:29, Info CSI 000001e0 [SR] Verify complete
2013-06-01 14:06:29, Info CSI 000001e1 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:06:29, Info CSI 000001e2 [SR] Beginning Verify and Repair transaction
2013-06-01 14:06:31, Info CSI 000001e4 [SR] Verify complete
2013-06-01 14:06:31, Info CSI 000001e5 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:06:31, Info CSI 000001e6 [SR] Beginning Verify and Repair transaction
2013-06-01 14:06:40, Info CSI 000001e8 [SR] Verify complete
2013-06-01 14:06:40, Info CSI 000001e9 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:06:40, Info CSI 000001ea [SR] Beginning Verify and Repair transaction
2013-06-01 14:06:52, Info CSI 000001ef [SR] Verify complete
2013-06-01 14:06:52, Info CSI 000001f0 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:06:52, Info CSI 000001f1 [SR] Beginning Verify and Repair transaction
2013-06-01 14:06:58, Info CSI 000001f5 [SR] Verify complete
2013-06-01 14:06:58, Info CSI 000001f6 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:06:58, Info CSI 000001f7 [SR] Beginning Verify and Repair transaction
2013-06-01 14:07:06, Info CSI 00000202 [SR] Verify complete
2013-06-01 14:07:06, Info CSI 00000203 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:07:06, Info CSI 00000204 [SR] Beginning Verify and Repair transaction
2013-06-01 14:07:14, Info CSI 0000020a [SR] Verify complete
2013-06-01 14:07:14, Info CSI 0000020b [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:07:14, Info CSI 0000020c [SR] Beginning Verify and Repair transaction
2013-06-01 14:07:20, Info CSI 0000020e [SR] Verify complete
2013-06-01 14:07:20, Info CSI 0000020f [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:07:20, Info CSI 00000210 [SR] Beginning Verify and Repair transaction
2013-06-01 14:07:23, Info CSI 00000214 [SR] Verify complete
2013-06-01 14:07:23, Info CSI 00000215 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:07:23, Info CSI 00000216 [SR] Beginning Verify and Repair transaction
2013-06-01 14:07:27, Info CSI 00000218 [SR] Verify complete
2013-06-01 14:07:27, Info CSI 00000219 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:07:27, Info CSI 0000021a [SR] Beginning Verify and Repair transaction
2013-06-01 14:07:29, Info CSI 0000023e [SR] Verify complete
2013-06-01 14:07:29, Info CSI 0000023f [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:07:29, Info CSI 00000240 [SR] Beginning Verify and Repair transaction
2013-06-01 14:07:34, Info CSI 00000242 [SR] Verify complete
2013-06-01 14:07:34, Info CSI 00000243 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:07:34, Info CSI 00000244 [SR] Beginning Verify and Repair transaction
2013-06-01 14:07:36, Info CSI 00000246 [SR] Verify complete
2013-06-01 14:07:36, Info CSI 00000247 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:07:36, Info CSI 00000248 [SR] Beginning Verify and Repair transaction
2013-06-01 14:07:40, Info CSI 0000024a [SR] Verify complete
2013-06-01 14:07:40, Info CSI 0000024b [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:07:40, Info CSI 0000024c [SR] Beginning Verify and Repair transaction
2013-06-01 14:07:44, Info CSI 00000259 [SR] Verify complete
2013-06-01 14:07:44, Info CSI 0000025a [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:07:44, Info CSI 0000025b [SR] Beginning Verify and Repair transaction
2013-06-01 14:07:52, Info CSI 0000025d [SR] Verify complete
2013-06-01 14:07:52, Info CSI 0000025e [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:07:52, Info CSI 0000025f [SR] Beginning Verify and Repair transaction
2013-06-01 14:07:57, Info CSI 0000026d [SR] Verify complete
2013-06-01 14:07:57, Info CSI 0000026e [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:07:57, Info CSI 0000026f [SR] Beginning Verify and Repair transaction
2013-06-01 14:07:59, Info CSI 00000271 [SR] Verify complete
2013-06-01 14:07:59, Info CSI 00000272 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:07:59, Info CSI 00000273 [SR] Beginning Verify and Repair transaction
2013-06-01 14:08:04, Info CSI 00000275 [SR] Verify complete
2013-06-01 14:08:04, Info CSI 00000276 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:08:04, Info CSI 00000277 [SR] Beginning Verify and Repair transaction
2013-06-01 14:08:10, Info CSI 0000027a [SR] Verify complete
2013-06-01 14:08:10, Info CSI 0000027b [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:08:10, Info CSI 0000027c [SR] Beginning Verify and Repair transaction
2013-06-01 14:08:12, Info CSI 0000027e [SR] Verify complete
2013-06-01 14:08:12, Info CSI 0000027f [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:08:12, Info CSI 00000280 [SR] Beginning Verify and Repair transaction
2013-06-01 14:08:18, Info CSI 00000282 [SR] Verify complete
2013-06-01 14:08:18, Info CSI 00000283 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:08:18, Info CSI 00000284 [SR] Beginning Verify and Repair transaction
2013-06-01 14:08:24, Info CSI 00000286 [SR] Verify complete
2013-06-01 14:08:24, Info CSI 00000287 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:08:24, Info CSI 00000288 [SR] Beginning Verify and Repair transaction
2013-06-01 14:08:35, Info CSI 00000290 [SR] Verify complete
2013-06-01 14:08:35, Info CSI 00000291 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:08:35, Info CSI 00000292 [SR] Beginning Verify and Repair transaction
2013-06-01 14:08:45, Info CSI 000002a5 [SR] Verify complete
2013-06-01 14:08:45, Info CSI 000002a6 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:08:45, Info CSI 000002a7 [SR] Beginning Verify and Repair transaction
2013-06-01 14:09:22, Info CSI 000002a9 [SR] Verify complete
2013-06-01 14:09:22, Info CSI 000002aa [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:09:22, Info CSI 000002ab [SR] Beginning Verify and Repair transaction
2013-06-01 14:09:26, Info CSI 000002ad [SR] Verify complete
2013-06-01 14:09:26, Info CSI 000002ae [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:09:26, Info CSI 000002af [SR] Beginning Verify and Repair transaction
2013-06-01 14:09:30, Info CSI 000002b1 [SR] Verify complete
2013-06-01 14:09:30, Info CSI 000002b2 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:09:30, Info CSI 000002b3 [SR] Beginning Verify and Repair transaction
2013-06-01 14:09:34, Info CSI 000002b7 [SR] Verify complete
2013-06-01 14:09:34, Info CSI 000002b8 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:09:34, Info CSI 000002b9 [SR] Beginning Verify and Repair transaction
2013-06-01 14:09:39, Info CSI 000002bb [SR] Verify complete
2013-06-01 14:09:39, Info CSI 000002bc [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:09:39, Info CSI 000002bd [SR] Beginning Verify and Repair transaction
2013-06-01 14:09:46, Info CSI 000002bf [SR] Verify complete
2013-06-01 14:09:46, Info CSI 000002c0 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:09:46, Info CSI 000002c1 [SR] Beginning Verify and Repair transaction
2013-06-01 14:09:50, Info CSI 000002c3 [SR] Verify complete
2013-06-01 14:09:51, Info CSI 000002c4 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:09:51, Info CSI 000002c5 [SR] Beginning Verify and Repair transaction
2013-06-01 14:09:55, Info CSI 000002c8 [SR] Verify complete
2013-06-01 14:09:55, Info CSI 000002c9 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:09:55, Info CSI 000002ca [SR] Beginning Verify and Repair transaction
2013-06-01 14:09:59, Info CSI 000002cc [SR] Verify complete
2013-06-01 14:10:00, Info CSI 000002cd [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:10:00, Info CSI 000002ce [SR] Beginning Verify and Repair transaction
2013-06-01 14:10:05, Info CSI 000002d0 [SR] Verify complete
2013-06-01 14:10:05, Info CSI 000002d1 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:10:05, Info CSI 000002d2 [SR] Beginning Verify and Repair transaction
2013-06-01 14:10:11, Info CSI 000002d5 [SR] Verify complete
2013-06-01 14:10:11, Info CSI 000002d6 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:10:11, Info CSI 000002d7 [SR] Beginning Verify and Repair transaction
2013-06-01 14:10:14, Info CSI 000002d9 [SR] Verify complete
2013-06-01 14:10:14, Info CSI 000002da [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:10:14, Info CSI 000002db [SR] Beginning Verify and Repair transaction
2013-06-01 14:10:19, Info CSI 000002dd [SR] Verify complete
2013-06-01 14:10:19, Info CSI 000002de [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:10:19, Info CSI 000002df [SR] Beginning Verify and Repair transaction
2013-06-01 14:10:23, Info CSI 000002e1 [SR] Verify complete
2013-06-01 14:10:24, Info CSI 000002e2 [SR] Verifying 100 (0x0000000000000064) components
2013-06-01 14:10:24, Info CSI 000002e3 [SR] Beginning Verify and Repair transaction
2013-06-01 14:10:29, Info CSI 000002e5 [SR] Verify complete
2013-06-01 14:10:29, Info CSI 000002e6 [SR] Verifying 49 (0x0000000000000031) components
2013-06-01 14:10:29, Info CSI 000002e7 [SR] Beginning Verify and Repair transaction
2013-06-01 14:10:32, Info CSI 000002e9 [SR] Verify complete
2013-06-01 14:10:32, Info CSI 000002ea [SR] Repairing 0 components
2013-06-01 14:10:32, Info CSI 000002eb [SR] Beginning Verify and Repair transaction
2013-06-01 14:10:32, Info CSI 000002ed [SR] Repair complete


----------



## Mark1956 (May 7, 2011)

This file was found in the FRST log, if you do not know what it is please delete it. 

C:\ProgramData\GA8d2eJR.dat

=====================================================

The log above is clean so there is nothing obvious to explain what the problem is with IE.

Please run Windows Repair again, follow the same instructions as before and just check the box for Repair Internet Explorer and run it. If that still doesn't fix the issue then we will have to reset it.

Open Internet Explorer, click on Tools and select Internet Options.
Under the Advanced tab click on Reset, then click Reset again.
When done, reboot the system and let me know if the problem is fixed.


----------



## bdarger (May 6, 2013)

the reset fixed it. Thanks!


----------



## Mark1956 (May 7, 2011)

Good news, we just need to run one final scan for any Malware, check your systems security and uninstall Combofix and all the tools used.

Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please Copy & Paste the contents of that document into your next reply.

===============================================================

*Eset online scan instructions.*
*IMPORTANT --->* Please make sure you follow the instruction to *uncheck* the box next to *Remove found threats*. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.


Disable your existing Anti Virus following these instructions.
Please go here to use the Eset Online Scanner.
When the web page opens click on this button








If you are not using *Internet Explorer* you will see a message box open asking you to to download the *ESET Smart Installer*, click on the link and allow it to download and then run it. Accept the *Terms of use* and click on *Start*. The required components will download.
If using Internet Explorer the *Terms of use* box will open immediately, accept it and click on *Start*.
After the download is complete the *Computer scan settings* window will open, *IMPORTANT ---->* *uncheck* the box next to *Remove found threats* and click on *Start*. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. *Do not* interrupt it, be patient and let it finish.
A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select *Paste* and the report will appear, add any comments you have and post the reply.
Back on the *Eset* window, click the *Back* button and then click on *Finish*.

==============================================================

Please wait for the instructions to uninstall Combofix.

=============================================================


----------



## bdarger (May 6, 2013)

Checkup below...

Results of screen317's Security Check version 0.99.64 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 10 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
Norton Internet Security 
WMI entry may not exist for antivirus; attempting automatic update. 
*`````````Anti-malware/Other Utilities Check:`````````* 
Malwarebytes Anti-Malware version 1.75.0.1300 
Java(TM) 6 Update 31 
Java 7 Update 10 
*Java version out of Date!* 
Adobe Flash Player 11.7.700.202 
Adobe Reader XI 
Mozilla Firefox (21.0) 
*````````Process Check: objlist.exe by Laurent````````* 
Norton ccSvcHst.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 2% 
*````````````````````End of Log``````````````````````*


----------



## bdarger (May 6, 2013)

Found threats below...

C:\TDSSKiller_Quarantine\09.05.2013_13.11.12\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\09.05.2013_13.11.12\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYZ trojan
C:\TDSSKiller_Quarantine\09.05.2013_13.11.12\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.BC trojan
C:\TDSSKiller_Quarantine\09.05.2013_13.11.12\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.UK trojan
C:\TDSSKiller_Quarantine\09.05.2013_13.11.12\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AN trojan
C:\TDSSKiller_Quarantine\09.05.2013_13.11.12\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\09.05.2013_13.11.12\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\25.05.2013_10.45.49\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\25.05.2013_10.45.49\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYZ trojan
C:\TDSSKiller_Quarantine\25.05.2013_10.45.49\tdlfs0000\tsk0002.dta Win64/Olmarik.BC trojan
C:\TDSSKiller_Quarantine\25.05.2013_10.45.49\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.UK trojan
C:\TDSSKiller_Quarantine\25.05.2013_10.45.49\tdlfs0000\tsk0004.dta Win64/Olmarik.AN trojan
C:\TDSSKiller_Quarantine\25.05.2013_10.45.49\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\25.05.2013_10.45.49\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan
C:\Users\sexy kate\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\50128a4b-7ed7b10e a variant of Win32/Kryptik.BADD trojan


----------



## Mark1956 (May 7, 2011)

Just one remnant of the infection found in that scan the majority of the detections are in Quarantine.

First we shall remove the file using Combofix and then please update Java.

We are now going to run ComboFix a different way.

Open Notepad by clicking on







and in the *Search* box type: *Notepad.exe* and hit *Enter*.
Copy and paste everything in the *code box* below into it.
_-- Note: Make sure Word Wrap is *unchecked* in Notepad by clicking on *Format* in the top menu._


```
KillAll::

Folder::
C:\Users\sexy kate\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\50128a4b-7ed7b10e

ClearJavaCache::

Reboot::
```

Save the file as *CFScript.txt* by choosing _Save As..._ in the File Menu, and save it to your Desktop where the ComboFix icon is also located.
Close your browser and* disconnect* from the Internet.
Now use your mouse to *drag*, then *drop* the CFScript.txt file on top of ComboFix.exe as seen in the image below.










This will start ComboFix again and launch the script.
ComboFix may reboot your system when it finishes. This is normal.
A log will be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of *ComboFix.txt* in your next reply.
Be sure to *re-enable* your anti-virus and other security programs *after* the scan is complete.
NOTE: if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.

=========================================================================

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. 
Please follow these steps to remove older version of Java and update.

*How to update Java:*
Be aware that the act of downloading any Java installer means that you have read and agree to abide by the end users license agreement. 
End user licence agreement

First uninstall all existing versions of Java.


Go to Start > Control Panel double-click on *Add/Remove programs *(or Programs and Features) and click on any item with *Java, Java(TM), JRE* or *J2SE* in the name.
Click the *Uninstall*, *Remove* or *Change/Remove* button and allow it to uninstall. 
If a *User Account Control* warning appears click on *Allow*.
Repeat as many times as necessary to remove each and every item. 
Reboot your computer once all Java components are removed. 

*NOTE:* If you have a 64bit version of Windows and are using the 64bit version of Internet Explorer the Java site will automatically give you the correct Java version using the instructions below, 
but it is recommended that you use only 32bit browsers and versions of Java. Please read this for further information: Which Java download should I choose for my 64bit operating system?. 
If you install Java for the 64bit version of Internet Explorer and you use any other browser you will also need to repeat the installation while using your other browser which will most likely be 32bit. If in doubt please ask.

*How to install the latest version.*


Open the browser that you normally use and click on this link: Java Download
Click on the big red button *Free Java Download*
On the next page click on the big red button *Agree and Start Free Download*
Select *Run* whenever the option appears. If no *Run* option appears click on *Save* and then when the download completes click on *Run*. If a *User Account Control* warning appears click on *Continue*.
When the *Welcome to Java* window appears click on* Install*.
It may takes several minutes to download the installer depending on the speed of your connection, allow it to complete.
If any error messages appear click on OK and then click on the *Agree and start free download* button again.
Please wait for the *Java Setup* window to appear. Uncheck the box to install the *Ask Toolbar* and then click on *Next*.
*NOTE: *The Ask Toolbar option may change without notice to something different, please make sure you uncheck the box for anything else that is offered. On some systems this offer may not appear, in which case, continue with the next instruction.
You will then see the *Java Setup Progress* window and another will appear for *JavaFX* (on some systems the JavaFX will not appear or be installed). Finally the *Java Setup Complete* window will appear, click on *Close*.
If a Java page then appears with a button to *Verify Java Version* click on it and it will verify the installation.
The Installation is now complete, please reboot the system.
*NOTE:* The JavaFX component is not required unless you are developing Java applications. It is perfectly safe to keep on your system, but if you wish to uninstall it please do so.


----------



## bdarger (May 6, 2013)

Log is below

ComboFix 13-06-08.02 - brandon 06/09/2013 11:21:59.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4216 [GMT -5:00]
Running from: c:\users\brandon\Desktop\ComboFix.exe
Command switches used :: c:\users\brandon\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\brandon\AppData\Local\Temp\VPND9C2.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-05-09 to 2013-06-09 )))))))))))))))))))))))))))))))
.
.
2013-06-09 16:26 . 2013-06-09 16:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-06 01:41 . 2013-06-06 01:41 -------- d-----w- c:\program files (x86)\ESET
2013-05-30 01:25 . 2013-05-30 01:25 -------- d-----w- C:\FRST
2013-05-30 00:57 . 2013-05-30 00:57 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-29 03:13 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-29 03:13 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-05-29 03:13 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-05-29 03:12 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-05-29 03:12 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-05-29 03:12 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-05-28 02:45 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-28 02:45 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-28 02:45 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-28 00:16 . 2013-06-09 16:26 -------- d-----w- c:\users\sexy kate\AppData\Local\temp
2013-05-27 23:23 . 2013-05-30 00:58 -------- d-----w- c:\windows\system32\catroot2
2013-05-27 20:55 . 2013-06-02 22:02 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-05-27 20:50 . 2013-05-27 20:50 -------- d-----w- c:\program files (x86)\Tweaking.com
2013-05-26 20:05 . 2013-05-26 20:05 -------- d-----w- c:\program files\Uninstaller
2013-05-26 19:53 . 2013-05-26 23:17 -------- d-----w- c:\users\brandon\AppData\Roaming\player
2013-05-26 19:49 . 2013-05-26 19:49 -------- d-----w- c:\users\brandon\AppData\Local\Programs
2013-05-26 19:49 . 2013-05-28 00:13 -------- d-----w- c:\users\brandon\AppData\Local\DownloadTerms
2013-05-23 00:49 . 2013-05-23 00:49 -------- d-----w- c:\users\brandon\AppData\Roaming\ICAClient
2013-05-21 00:14 . 2013-05-21 00:14 -------- d-----w- c:\program files (x86)\Common Files\Citrix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-25 15:53 . 2012-04-01 17:03 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-25 15:53 . 2012-02-08 17:03 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-21 00:02 . 2013-02-23 20:27 563920 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-05-08 06:10 . 2011-02-20 05:03 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-04-13 05:49 . 2013-05-28 02:44 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-28 02:44 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-28 02:44 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-28 02:44 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-28 02:44 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-28 02:44 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-04 19:50 . 2012-04-27 22:30 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}]
c:\users\brandon\AppData\Local\DownloadTerms\temp.dat [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-23 20:42 220632 ----a-w- c:\users\brandon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-23 20:42 220632 ----a-w- c:\users\brandon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-23 20:42 220632 ----a-w- c:\users\brandon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-07-27 380088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Citrix Access Gateway.lnk - c:\program files\Citrix\Secure Access Client\nsload.exe [2010-1-19 1483928]
Logitech Desktop Messenger.lnk - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2012-2-23 66864]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe;c:\program files\Motorola\Bluetooth\audiosrv.exe [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys;c:\windows\SYSNATIVE\Drivers\btmcom.sys [x]
R3 BTMNET;Motorola Bluetooth Network Adapter Service;c:\windows\system32\DRIVERS\btmnet.sys;c:\windows\SYSNATIVE\DRIVERS\btmnet.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys;c:\windows\SYSNATIVE\Drivers\btmusb.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120317.002\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120406.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120406.002\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe;c:\program files\Motorola\Bluetooth\obexsrv.exe [x]
S2 cag;Citrix cag plugin for Access Gateway;c:\program files\Common Files\Deterministic Networks\Common Files\cag.sys;c:\program files\Common Files\Deterministic Networks\Common Files\cag.sys [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
S2 nsverctl;Citrix Secure Access Client Service;c:\program files\Citrix\Secure Access Client\nsverctl.exe;c:\program files\Citrix\Secure Access Client\nsverctl.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ctxva51;Citrix Virtual Adapter;c:\windows\system32\DRIVERS\ctxva51.sys;c:\windows\SYSNATIVE\DRIVERS\ctxva51.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 22:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 15:53]
.
2013-05-21 c:\windows\Tasks\HPCeeScheduleForBRANDON-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-05-28 c:\windows\Tasks\HPCeeScheduleForbrandon.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-06-09 c:\windows\Tasks\HPCeeScheduleForsexy kate.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-23 20:42 244696 ----a-w- c:\users\brandon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-23 20:42 244696 ----a-w- c:\users\brandon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-23 20:42 244696 ----a-w- c:\users\brandon\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-05-21 00:03 2328760 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-05-21 00:03 2328760 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-05-21 00:03 2328760 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-02 524800]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-12-01 21705296]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-16 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-16 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-16 416024]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\4ifshhpy.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - ExtSQL: 2013-04-27 09:26; {bac3eb53-a317-11e2-8274-b8ac6f996f26}; c:\users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\4ifshhpy.default\extensions\{bac3eb53-a317-11e2-8274-b8ac6f996f26}.xpi
FF - ExtSQL: 2013-05-09 09:21; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2
FF - ExtSQL: 2013-05-25 23:00; [email protected]; c:\users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\4ifshhpy.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
[email protected] - c:\program files (x86)\SingAlong\uninstall.exe
AddRemove-{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4} - c:\program files (x86)\InstallShield Installation Information\{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-06-09 11:33:13 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-09 16:33
ComboFix2.txt 2013-05-28 00:16
.
Pre-Run: 544,485,490,688 bytes free
Post-Run: 544,361,017,344 bytes free
.
- - End Of File - - F4E5C58A203C20FC8301AA380F5249C6
D41D8CD98F00B204E9800998ECF8427E


----------



## Mark1956 (May 7, 2011)

Ok, we are in the clear to uninstall all the tools used.

Your system is now clean, as long as you have no further problems there are just a couple of things to do and we are finished.

To re-enable your CD Emulation drivers if you disabled them, double click *DeFogger.exe* to run the tool again.


The application window will appear.
Click the *Re-enable* button to re-enable your CD Emulation drivers.
Click *Yes* to continue.
A *'Finished!*' message will appear.
Click *OK*.
DeFogger will now ask to reboot the machine...click *OK*.

To uninstall ComboFix, press the *WINKEY + R* keys on your keyboard or click on Start







and type *Run* into the search box and hit *Enter*.
In the *Run* box type: *ComboFix /Uninstall* (Be sure to leave a space before the forward slash).











Click on *OK*.
If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to *Uninstall.exe*, then double-click on it to remove.
This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and *create a new Restore point.*
When it has finished you will see a dialog box stating that _"ComboFix has been uninstalled". _
After that, you can delete the ComboFix.exe program from your computer (Desktop).

*Next*


Download *OTC* by OldTimer and save it to your *desktop.*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose *Run as Administrator*
Then Click the big







button.
You will get a prompt saying "_Begin Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.

-- Doing this will *remove* any specialized tools downloaded and used. If OTC does not delete itself, then delete the file manually when done.
-- Any leftover folders/files related to ComboFix or other tools which OTC did not remove can be deleted manually (right-click on it and choose delete).

*Please post back when this is complete and let me know if you have had any problems.*


----------



## bdarger (May 6, 2013)

ok all steps are complete. Thank you! what steps can i take to keep my computer clean and free of problems?


----------



## Mark1956 (May 7, 2011)

You're most welcome. I shall now mark this thread as Solved and leave you with some security advice, but please feel free to post back if you have any remaining issues or concerns.

There are many places where you will find security advice, but most are biased towards a particular item of software that they are trying to promote. I have given some unbiased advice below that should help keep you better protected. Unfortunately there is no "best protection", new Malware is being produced every minute of the day so it is a cat & mouse game for all security software vendors to keep up with the latest infections.

It has always been the case that what one Anti Virus program will detect another one will miss and vice versa. That being said, never be tempted to install more than one Anti Virus program thinking that will give you better protection as in fact the reverse is true. Two or more AV programs will (in most cases) conflict with each other, slow your system down and actually reduce your security level. Don't assume that your present Anti Virus is no good on the grounds that you got infected, if I have seen you are using a poor Anti Virus I will have advised you earlier in the thread. There are a lot of nasty infections out there waiting to jump onto a PC and with some of the newest infections there is very little that will block them. Fortunately there are those who dedicate their spare time, for little reward, in making the tools we use here to remove these infections. It is those people that we have to thank as without them a reinstall would often be the only way out.

*Some additional security measures.*
If your present security software does not include a third party Firewall or AntiSpyware.

Go Here for a selection of third party Firewalls.

Go Here or Here for Anti Spyware.

Malwarebytes free version (which you may have used during this thread) is worth having for regular scans of your system, always check for updates before using it. If you can afford the Malwarebytes Pro version it will provide even better protection with a full time active scanner. Never have more than one active anti virus, anti spyware or firewall running on your system as it can cause conflicts and slow down the PC. You can safely run the Pro version of *Malwarebytes* with any Anti Virus software.

WOT (Web OF Trust) Will warn you (in most cases) about dangerous web sites. (This is only available for use with Internet Explorer).

Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly "popular"among criminals.

WinPatrol is a useful facility to have. *WinPatrol* takes snapshots of your critical system resources and alerts you to any changes that may occur without your knowledge. It can also be used to control all your *start up* programs.

Finally, make sure that Windows Update is turned on as many updates are to fix newly discovered security holes in the Windows Operating System. You should also make sure that any Java or Adobe products are kept up to date and any old versions are uninstalled. Never use Registry Cleaners as they can and do damage the systems registry and stay well clear of P2P file sharing sites as these are one of the best places to get your PC infected.


----------

