TechSpot

Trojan.ZeroAccess!inf

Solved
By GeoffQ
Aug 4, 2012
  1. My computer is infected with the Trojan.ZeroAccess!inf virus. I've done everything I can to remove it, but it is very persistent. It has infected my microsoft "service.exe" for certain. I read a previous post that you had with someone else about this same virus and was impressed with how you resolved it. Would you be able to help me as well?

    I have Norton AntiVirus and have tried their manual removal tool. I tried starting windows from the boot disc and running startup repair - it didn't find any issues. I just tried running MalwareBytes - it detected some items (see log below) and removed them, but zeroaccess!inf is still persistant (I ran a Norton scan directly on "service.exe" after restarting from malwarebytes which indicated it was still infected). In addition, malwarebytes is still blocking outgoing information from "services.exe"

    See logs below.

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.04.09

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 8.0.7601.17514
    Geoff :: OMNICRONPERSEI8 [administrator]

    Protection: Enabled

    8/4/2012 4:46:27 PM
    mbam-log-2012-08-04 (16-46-27).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 218232
    Time elapsed: 5 minute(s), 59 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 7
    HKCR\CLSID\{1959DF3E-D670-4C34-8B5A-6C89E3235E28} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1959DF3E-D670-4C34-8B5A-6C89E3235E28} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1959DF3E-D670-4C34-8B5A-6C89E3235E28} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1959DF3E-D670-4C34-8B5A-6C89E3235E28} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\Geoff\AppData\Local\{51f2c320-465a-b82c-db4c-992d1544e03c}\n. -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\ProgramData\CodecC\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    C:\Users\rmjowbthhk.cra (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{51f2c320-465a-b82c-db4c-992d1544e03c}\n (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{51f2c320-465a-b82c-db4c-992d1544e03c}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

    (end)
     
  2. GeoffQ

    GeoffQ TS Rookie Topic Starter Posts: 30

    I've just run GMER and here is the log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-08-04 20:47:34
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST95005620AS rev.SD24
    Running: hdkj80hq.exe; Driver: C:\Users\Geoff\AppData\Local\Temp\fggcyaoc.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  3. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================.

    I still need DDS logs.
     
  4. GeoffQ

    GeoffQ TS Rookie Topic Starter Posts: 30

    Hi Broni,

    The logs are listed below:

    Attach:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/13/2011 6:40:49 PM
    System Uptime: 8/4/2012 9:55:43 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 309F
    Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | U10 | 2000/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 135.323 GiB free.
    D: is CDROM ()
    E: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart Prem C310 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart Prem C310 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet 7500 E910
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer: HP
    Name: Officejet 7500 E910
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: HP LaserJet CP1525nw
    Device ID: ROOT\MULTIFUNCTION\0002
    Manufacturer: Hewlett-Packard
    Name: HP LaserJet CP1525nw
    PNP Device ID: ROOT\MULTIFUNCTION\0002
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet Pro 8600
    Device ID: ROOT\MULTIFUNCTION\0003
    Manufacturer: HP
    Name: Officejet Pro 8600
    PNP Device ID: ROOT\MULTIFUNCTION\0003
    Service:
    .
    ==== System Restore Points ===================
    .
    RP165: 8/3/2012 1:34:15 PM - Norton_Power_Eraser_20120803133411922
    .
    ==== Installed Programs ======================
    .
    .
    µTorrent
    32 Bit HP CIO Components Installer
    8600_Help
    8600_Readme
    AC3Filter 1.63b
    Adobe Acrobat X Standard - English, Français, Deutsch
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Akamai NetSession Interface
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcGIS 10.1 for Desktop
    ArcGIS 10.1 License Manager
    ATI Catalyst Install Manager
    ATI Catalyst Registration
    AuthenTec Fingerprint Sensor Minimum Install
    Bastion
    BlackBerry Desktop Software 6.1
    BlackBerry Device Software Updater
    Bonjour
    BPDSoftware
    BPDSoftware_Ini
    Broadcom 802.11 Wireless LAN Adapter
    Broadcom NetXtreme Ethernet Controller
    Brother MFL-Pro Suite MFC-9840CDW
    BufferChm
    Business-in-a-Box
    C310
    CA PC Tune-Up 3.0.0.2
    calibre
    Canon MOV Decoder
    Canon MOV Encoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon MP Navigator EX 4.1
    Canon Speed Dial Utility
    Canon Utilities Digital Photo Professional 3.10
    Canon Utilities EOS Utility
    Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
    Canon Utilities PhotoStitch
    Canon Utilities Picture Style Editor
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center HydraVision Full
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chinese Simplified Fonts Support For Adobe Reader X
    CodecC
    CutePDF Writer 2.8
    DAEMON Tools Lite
    DC Universe Online
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Destinations
    DeviceDiscovery
    DH Mobility Modder.NET
    Diablo III
    DivX Setup
    DNRGarmin
    Download Accelerator Plus (DAP)
    Driver Sweeper version 3.2.0
    Dropbox
    Dungeon Defenders
    eReg
    Fire Client v2.14
    FirebirdSQL
    Garmin MapSource
    Garmin Trip and Waypoint Manager v5
    Garmin USB Drivers
    Geosoft Oasis montaj Viewer
    Geosoft Plugin for ArcGIS
    GeoView
    Google Cloud Connect for Microsoft Office
    Google Desktop
    Google Drive
    Google Earth
    Google SketchUp 8
    Google Talk Plugin
    Google Update Helper
    GPBaseService2
    HDAUDIO Soft Data Fax Modem with SmartCP
    HP Customer Participation Program 14.0
    HP Imaging Device Functions 14.0
    HP Integrated Module with Bluetooth wireless technology 6.0.1.3100
    HP LaserJet Professional CP1520 Series
    HP MULTIPLE MODEM INSTALLER for VISTA
    HP Officejet 7500 E910 Basic Device Software
    HP Officejet 7500 E910 Help
    HP Officejet Pro K8600
    HP Photo Creations
    HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7
    HP Quick Launch Buttons
    HP Smart Web Printing 4.60
    HP Solution Center 14.0
    HP Update
    HP Wireless Assistant
    HPAppStudio
    HPDiagnosticCoreDll
    HPLaserJetHelp_LearnCenter
    HPLJUT
    hppCP1520LaserJetService
    HPPhotoGadget
    hppLaserJetService
    HPProductAssistant
    hppTLBXFXCP1520
    HPSSupply
    hpzTLBXFX
    IBM SPSS Statistics 19
    Ida
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 30
    K8600_Basic
    League of Legends
    Logitech SetPoint 6.32
    Magic: The Gathering — Duels of the Planeswalkers 2012
    Malwarebytes Anti-Malware version 1.62.0.1300
    MarketResearch
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Default Manager
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access database engine 2007 (English)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird (5.0)
    MSN Toolbar
    MSN Toolbar Platform
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Mumble 1.2.3
    NDT 7.1.2
    Neat
    Neat ADF Scanner 2008 Driver
    Neat ADF Scanner Driver
    Neat Core Files
    Neat Mobile Scanner (Silver) Driver
    Neat Mobile Scanner 2008 Driver
    Neat Mobile Scanner Driver
    Network
    Norton Internet Security
    NVIDIA Drivers
    OLYMPUS Master 2
    Pando Media Booster
    Picasa 3
    PS_AIO_07_C310_SW_Min
    Python 2.7.2
    QLBCASL
    QuickTime
    QuickTransfer
    RidNacs 2.0.3
    Scan
    Scan to PDF
    ScanWiz
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Send To Neat
    Shop for HP Supplies
    Skins
    Skype Click to Call
    Skype™ 5.10
    SmartWebPrinting
    SolutionCenter
    SoundMAX
    Status
    Steam
    Surfer 10 (32-bit)
    Synaptics Pointing Device Driver
    Team Fortress 2
    Terraria
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Toolbox
    Total Defense Internet Security Suite
    TrayApp
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    VC80CRTRedist - 8.0.50727.6195
    VLC media player 1.1.11
    WebReg
    Winamp
    Winamp Detector Plug-in
    Windows Driver Package - Broadcom (b57nd60x) Net (05/10/2011 14.8.0.5)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Driver Package - Intel USB (08/05/2009 9.1.1.1016)
    Windows Live ID Sign-in Assistant
    WinRAR 4.01 (32-bit)
    World of Warcraft FREE Trial
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/4/2012 9:58:13 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    8/4/2012 9:57:14 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 1 time(s).
    8/4/2012 9:56:14 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x874237e8, 0x87423954, 0x83237df0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080412-30310-01.
    8/4/2012 9:56:11 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    8/4/2012 9:56:10 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    8/4/2012 9:09:02 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 15 time(s).
    8/4/2012 8:01:43 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 14 time(s).
    8/4/2012 10:02:09 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 13 time(s).
    8/4/2012 10:01:54 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 12 time(s).
    8/4/2012 10:01:42 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 11 time(s).
    8/4/2012 10:01:30 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 10 time(s).
    8/4/2012 10:01:19 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 9 time(s).
    8/4/2012 10:01:07 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 8 time(s).
    8/4/2012 10:00:55 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 7 time(s).
    8/4/2012 10:00:44 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 6 time(s).
    8/4/2012 10:00:32 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 5 time(s).
    8/4/2012 10:00:20 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 4 time(s).
    8/4/2012 10:00:09 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 3 time(s).
    8/4/2012 10:00:06 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 2 time(s).
    8/3/2012 3:03:27 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 18 time(s).
    8/3/2012 3:03:15 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 17 time(s).
    8/3/2012 3:03:03 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 16 time(s).
    8/3/2012 2:39:46 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.
    8/3/2012 2:38:04 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
    8/3/2012 2:38:04 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
    8/3/2012 2:27:08 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    8/3/2012 2:27:08 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    8/3/2012 12:05:54 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 151 time(s).
    8/3/2012 12:05:43 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 150 time(s).
    8/3/2012 12:05:31 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 149 time(s).
    8/3/2012 12:05:19 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 148 time(s).
    8/3/2012 12:05:07 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 147 time(s).
    8/3/2012 12:04:56 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 146 time(s).
    8/3/2012 12:04:44 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 145 time(s).
    8/3/2012 12:04:32 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 144 time(s).
    8/3/2012 12:04:20 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 143 time(s).
    8/3/2012 12:04:08 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 142 time(s).
    8/3/2012 12:03:56 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 141 time(s).
    8/3/2012 12:03:44 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 140 time(s).
    8/3/2012 12:03:32 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 139 time(s).
    8/3/2012 12:03:20 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 138 time(s).
    8/3/2012 12:03:08 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 137 time(s).
    8/3/2012 12:02:56 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 136 time(s).
    8/3/2012 12:02:45 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 135 time(s).
    8/3/2012 12:02:33 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 134 time(s).
    8/3/2012 12:02:21 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 133 time(s).
    8/3/2012 12:02:09 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 132 time(s).
    8/3/2012 12:01:57 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 131 time(s).
    8/3/2012 12:01:46 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 130 time(s).
    8/3/2012 12:01:34 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 129 time(s).
    8/3/2012 12:01:22 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 128 time(s).
    8/3/2012 12:01:10 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 127 time(s).
    8/3/2012 12:00:58 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 126 time(s).
    8/3/2012 12:00:46 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 125 time(s).
    8/3/2012 12:00:35 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 124 time(s).
    8/3/2012 12:00:23 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 123 time(s).
    8/3/2012 12:00:11 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 122 time(s).
    8/3/2012 12:00:09 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 121 time(s).
    8/3/2012 11:00:08 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 120 time(s).
    8/3/2012 10:00:12 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 119 time(s).
    8/3/2012 1:00:15 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 152 time(s).
    8/2/2012 9:02:16 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 118 time(s).
    8/2/2012 9:02:00 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 117 time(s).
    8/2/2012 9:01:48 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 116 time(s).
    8/2/2012 9:01:37 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 115 time(s).
    8/2/2012 9:01:25 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 114 time(s).
    8/2/2012 9:01:14 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 113 time(s).
    8/2/2012 9:01:02 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 112 time(s).
    8/2/2012 9:00:51 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 111 time(s).
    8/2/2012 9:00:39 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 110 time(s).
    8/2/2012 9:00:28 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 109 time(s).
    8/2/2012 9:00:16 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 108 time(s).
    8/2/2012 9:00:06 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 54 time(s).
    8/2/2012 9:00:05 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 107 time(s).
    8/2/2012 9:00:03 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 106 time(s).
    8/2/2012 8:05:48 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 53 time(s).
    8/2/2012 8:05:36 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 52 time(s).
    8/2/2012 8:05:25 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 51 time(s).
    8/2/2012 8:05:13 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 50 time(s).
    8/2/2012 8:05:01 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 49 time(s).
    8/2/2012 8:04:49 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 48 time(s).
    8/2/2012 8:04:37 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 47 time(s).
    8/2/2012 8:04:26 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 46 time(s).
    8/2/2012 8:04:14 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 45 time(s).
    8/2/2012 8:04:02 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 44 time(s).
    8/2/2012 8:03:50 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 43 time(s).
    8/2/2012 8:03:38 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 42 time(s).
    8/2/2012 8:03:27 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 41 time(s).
    8/2/2012 8:03:13 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 40 time(s).
    8/2/2012 8:03:01 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 39 time(s).
    8/2/2012 8:02:49 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 38 time(s).
    8/2/2012 8:02:37 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 37 time(s).
    8/2/2012 8:02:26 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 36 time(s).
    8/2/2012 8:02:14 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 35 time(s).
    8/2/2012 8:02:02 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 34 time(s).
    8/2/2012 8:01:50 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 33 time(s).
    8/2/2012 8:01:38 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 32 time(s).
    8/2/2012 8:01:27 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 31 time(s).
    8/2/2012 8:01:15 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 30 time(s).
    8/2/2012 8:01:04 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 29 time(s).
    8/2/2012 8:00:52 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 28 time(s).
    8/2/2012 8:00:41 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 27 time(s).
    8/2/2012 8:00:29 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 26 time(s).
    8/2/2012 8:00:18 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 25 time(s).
    8/2/2012 8:00:06 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 24 time(s).
    8/2/2012 8:00:05 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 105 time(s).
    8/2/2012 8:00:05 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 23 time(s).
    8/2/2012 7:51:40 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 22 time(s).
    8/2/2012 7:05:45 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 104 time(s).
    8/2/2012 7:05:33 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 103 time(s).
    8/2/2012 7:05:22 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 102 time(s).
    8/2/2012 7:05:10 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 101 time(s).
    8/2/2012 7:04:59 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 100 time(s).
    8/2/2012 7:04:47 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 99 time(s).
    8/2/2012 7:04:35 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 98 time(s).
    8/2/2012 7:04:24 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 97 time(s).
    8/2/2012 7:04:12 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 96 time(s).
    8/2/2012 7:04:01 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 95 time(s).
    8/2/2012 7:03:49 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 94 time(s).
    8/2/2012 7:03:38 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 93 time(s).
    8/2/2012 7:03:26 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 92 time(s).
    8/2/2012 7:03:14 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 91 time(s).
    8/2/2012 7:03:03 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 90 time(s).
    8/2/2012 7:02:51 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 89 time(s).
    8/2/2012 7:02:40 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 88 time(s).
    8/2/2012 7:02:28 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 87 time(s).
    8/2/2012 7:02:17 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 86 time(s).
    8/2/2012 7:02:05 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 85 time(s).
    8/2/2012 7:01:53 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 84 time(s).
    8/2/2012 7:01:42 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 83 time(s).
    8/2/2012 7:01:30 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 82 time(s).
    8/2/2012 7:01:18 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 81 time(s).
    8/2/2012 7:01:07 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 80 time(s).
    8/2/2012 7:00:55 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 79 time(s).
    8/2/2012 7:00:44 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 78 time(s).
    8/2/2012 7:00:32 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 77 time(s).
    8/2/2012 7:00:20 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 76 time(s).
    8/2/2012 7:00:09 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 75 time(s).
    8/2/2012 7:00:07 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 74 time(s).
    8/2/2012 6:00:09 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 73 time(s).
    8/2/2012 5:00:09 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 72 time(s).
    8/2/2012 4:00:14 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 71 time(s).
    8/2/2012 3:00:09 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 70 time(s).
    8/2/2012 2:00:06 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 69 time(s).
    8/2/2012 12:02:01 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 67 time(s).
    8/2/2012 12:01:43 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 66 time(s).
    8/2/2012 12:01:31 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 65 time(s).
    8/2/2012 12:01:19 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 64 time(s).
    8/2/2012 12:01:05 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 63 time(s).
    8/2/2012 12:00:53 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 62 time(s).
    8/2/2012 12:00:41 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 61 time(s).
    8/2/2012 12:00:29 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 60 time(s).
    8/2/2012 12:00:18 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 59 time(s).
    8/2/2012 12:00:06 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 58 time(s).
    8/2/2012 12:00:04 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 57 time(s).
    8/2/2012 11:00:06 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 56 time(s).
    8/2/2012 10:00:08 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 55 time(s).
    8/2/2012 1:00:06 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 68 time(s).
    8/1/2012 9:45:01 PM, Error: Service Control Manager [7030] - The CA Common Scheduler Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    8/1/2012 9:13:41 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 20 time(s).
    8/1/2012 7:32:38 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 19 time(s).
    8/1/2012 10:00:08 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 21 time(s).
    7/31/2012 12:59:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000ea (0x88eb8538, 0x00000000, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073112-19936-01.
    7/30/2012 8:24:44 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
    7/30/2012 8:24:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x883657a0, 0x8836590c, 0x83263df0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073012-15147-01.
    7/30/2012 8:04:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xa8685510, 0x94024e16, 0xc0000001, 0x00000003). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073012-19952-01.
    7/29/2012 5:48:09 PM, Error: Service Control Manager [7030] - The CAISafe service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    .
    ==== End Of File ===========================
     
  5. GeoffQ

    GeoffQ TS Rookie Topic Starter Posts: 30

    DDS:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
    Run by Geoff at 22:01:55 on 2012-08-04
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1848 [GMT -7:00]
    .
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Users\Geoff\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\taskeng.exe
    C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.7.1.5\ips\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll
    TB: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [<NO NAME>]
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\users\geoff\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\geoff\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files\dap\dapextie.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{485C8E1E-D60C-4D24-9C13-8962D932E283} : DhcpNameServer = 209.121.225.11 209.91.107.11
    TCP: Interfaces\{62FE6EA5-669C-4D98-B6C5-B1C5349FAC28} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{62FE6EA5-669C-4D98-B6C5-B1C5349FAC28}\15579637470234F6E6E656364796F6E6 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{62FE6EA5-669C-4D98-B6C5-B1C5349FAC28}\3516E646D616E60215575637E656C6 : DhcpNameServer = 10.128.128.128
    TCP: Interfaces\{62FE6EA5-669C-4D98-B6C5-B1C5349FAC28}\3516E646D616E60215575637E656C6D2373616E6E696E676 : DhcpNameServer = 10.128.128.128
    TCP: Interfaces\{62FE6EA5-669C-4D98-B6C5-B1C5349FAC28}\4656661657C647 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{62FE6EA5-669C-4D98-B6C5-B1C5349FAC28}\D696E696E67656870756274737 : DhcpNameServer = 10.2.10.13 10.2.15.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
    Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    AppInit_DLLs: c:\progra~1\google\google~3\GO36F4~1.DLL
    mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
    mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\geoff\appdata\roaming\mozilla\firefox\profiles\2spvngjj.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&from=login
    FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.68\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\users\geoff\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\users\geoff\appdata\roaming\mozilla\firefox\profiles\2spvngjj.default\extensions\logmeinclient@logmein.com\plugins\npLMI64.dll
    FF - plugin: c:\users\geoff\appdata\roaming\mozilla\firefox\profiles\2spvngjj.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
    FF - plugin: c:\users\geoff\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\geoff\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1307010.005\symds.sys [2012-8-3 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1307010.005\symefa.sys [2012-8-3 905336]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-11 821920]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys [2012-8-3 132744]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-26 242240]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20120803.002\IDSvix86.sys [2012-8-3 382624]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1307010.005\ironx86.sys [2012-8-3 149624]
    R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1307010.005\symnets.sys [2012-8-3 318584]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-4 655944]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.7.1.5\ccsvchst.exe [2012-8-3 138232]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2011-10-22 361000]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-3 106656]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-9-14 88192]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-9-1 42648]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-9-1 12184]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-4 22344]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-10-25 145920]
    S3 18687;18687;c:\windows\system32\drivers\18687 [2012-3-8 9072]
    S3 28169;28169;c:\windows\system32\drivers\28169 [2012-7-29 9072]
    S3 4284;4284;c:\windows\system32\drivers\4284 [2012-6-3 9072]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
    S3 ArcGIS License Manager;ArcGIS License Manager;c:\program files\arcgis\license10.1\bin\lmgrd.exe [2012-4-20 1408904]
    S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-7-13 265088]
    S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSIb.sys [2009-7-13 11904]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-13 45736]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-10-2 227896]
    S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
    S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebirdsql\bin\fbguard.exe [2009-7-22 81920]
    S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebirdsql\bin\fbserver.exe [2009-7-22 2736128]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-12-6 30192]
    S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-24 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-24 136176]
    S3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2010-12-14 20504]
    S3 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-5-13 26168]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-10 113120]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\ca\PCPitstopScheduleService.exe [2011-7-13 90864]
    S3 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]
    S3 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-14 1343400]
    S4 Agent;Agent;c:\windows\agent.exe [2012-5-25 155648]
    .
    =============== Created Last 30 ================
    .
    2012-08-04 23:45:08 -------- d-----w- c:\users\geoff\appdata\roaming\Malwarebytes
    2012-08-04 23:44:47 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-04 23:44:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-04 23:44:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-04 03:57:24 905336 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symefa.sys
    2012-08-04 03:57:24 340088 ----a-r- c:\windows\system32\drivers\nis\1307010.005\symds.sys
    2012-08-04 03:57:24 32888 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtspx.sys
    2012-08-04 03:57:24 318584 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symnets.sys
    2012-08-04 03:57:23 574072 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtsp.sys
    2012-08-04 03:57:23 149624 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ironx86.sys
    2012-08-04 03:57:23 132744 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys
    2012-08-04 03:56:44 4782 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symvtcer.dat
    2012-08-04 03:56:44 -------- d-----w- c:\windows\system32\drivers\nis\1307010.005
    2012-08-03 23:34:26 -------- d-----w- c:\program files\Diablo III
    2012-08-03 21:17:10 -------- d-----w- c:\users\geoff\appdata\roaming\FixZeroAccess
    2012-08-03 20:53:04 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-08-03 20:53:04 -------- d-----w- c:\program files\Symantec
    2012-08-03 20:53:04 -------- d-----w- c:\program files\common files\Symantec Shared
    2012-08-03 20:52:16 -------- d-----w- c:\windows\system32\drivers\NIS
    2012-08-03 20:52:13 -------- d-----w- c:\program files\Norton Internet Security
    2012-08-03 20:49:05 -------- d-----w- c:\programdata\NortonInstaller
    2012-08-03 20:49:05 -------- d-----w- c:\program files\NortonInstaller
    2012-08-03 20:13:37 -------- d-----w- c:\users\geoff\appdata\roaming\SPE
    2012-08-03 20:04:35 -------- d-----w- c:\users\geoff\appdata\local\CrashDumps
    2012-08-03 20:03:30 -------- d-----w- c:\users\geoff\appdata\local\NPE
    2012-08-03 20:03:30 -------- d-----w- c:\programdata\Norton
    2012-08-02 04:46:10 98320 ----a-w- c:\windows\system32\winsfinst.exe
    2012-08-02 04:46:10 4108304 ----a-w- c:\windows\system32\win32cpr.dll
    2012-08-02 04:46:10 2760720 ----a-w- c:\windows\system32\svcprs32.exe
    2012-08-02 04:46:10 1744912 ----a-w- c:\windows\system32\winsflt.dll
    2012-08-02 04:46:09 3207184 ----a-w- c:\windows\system32\mdmcls32.exe
    2012-08-02 04:46:09 2990096 ----a-w- c:\windows\system32\winsflte.dll
    2012-07-30 00:46:17 7440 ----a-w- c:\windows\system32\sporder.dll
    2012-07-30 00:46:09 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
    2012-07-30 00:46:09 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
    2012-07-30 00:46:09 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
    2012-07-30 00:46:09 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
    2012-07-30 00:46:09 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
    2012-07-30 00:46:09 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
    2012-07-30 00:46:08 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
    2012-07-30 00:46:08 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
    2012-07-30 00:43:14 -------- d-----w- c:\program files\Total Defense
    2012-07-30 00:00:06 -------- d-----w- c:\programdata\CA
    2012-07-26 22:53:45 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-07-25 01:02:49 -------- d-----w- c:\program files\DAEMON Tools Lite
    2012-07-24 19:40:00 -------- d-----w- c:\program files\GUMA92A.tmp
    2012-07-24 19:01:22 4024320 ----a-w- c:\program files\GUTF4C7.tmp
    2012-07-24 19:01:22 4024320 ----a-w- c:\program files\GUTF3DD.tmp
    2012-07-24 19:01:22 -------- d-----w- c:\program files\GUMF4C6.tmp
    2012-07-24 19:01:22 -------- d-----w- c:\program files\GUMF3CC.tmp
    2012-07-10 04:07:07 -------- d-----w- c:\programdata\FNP
    .
    ==================== Find3M ====================
    .
    2012-08-02 21:57:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-02 21:57:35 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-30 00:43:20 9072 ----a-w- c:\windows\system32\drivers\28169
    2012-06-03 19:50:24 9072 ----a-w- c:\windows\system32\drivers\4284
    2012-06-03 19:27:09 0 ----a-w- c:\windows\ativpsrm.bin
    2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7601 Disk: ST95005620AS rev.SD24 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: >>UNKNOWN [0x83019000]<< >>UNKNOWN [0x8BBAC000]<< >>UNKNOWN [0x8BC11000]<< >>UNKNOWN [0x8BC08000]<< >>UNKNOWN [0x8342B000]<< >>UNKNOWN [0x8B587000]<< >>UNKNOWN [0x8B52C000]<< >>UNKNOWN [0x8B5AA000]<<
    _asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
    1 ntkrnlpa!IofCallDriver[0x8305055A] -> \Device\Harddisk0\DR0[0x8680F030]
    \Driver\Disk[0x859CF098] -> IRP_MJ_CREATE -> 0x8BBB039F
    3 [0x8BBB059E] -> ntkrnlpa!IofCallDriver[0x8305055A] -> [0x8680E6D8]
    \Driver\hpdskflt[0x867BC1A0] -> IRP_MJ_CREATE -> 0x8BC09EB2
    5 [0x8BC09F92] -> ntkrnlpa!IofCallDriver[0x8305055A] -> \Device\Ide\IdeDeviceP1T0L0-2[0x86716908]
    \Driver\atapi[0x866F9DB8] -> IRP_MJ_CREATE -> 0x8B5A18CC
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 22:03:13.64 ===============
     
  6. GeoffQ

    GeoffQ TS Rookie Topic Starter Posts: 30

    To keep you fully updated on my computer status:

    -Yesterday I had to manually restore "Base Filtering Engine" with regedit so that Norton could properly function
    -windows defender is no longer working (I don't know when this started)
    -windows update is no longer working (I don't know when this started)
    -the first time I tried to boot this computer to give you the DDS logs, it bluescreened during startup and I had to use the system startup repair from my boot disc - it said it didn't find any issues, but my computer started up fine after that

    I'll have to continue with you tomorrow, as I have to get to bed for work tomorrow.

    Thanks for taking a look at it Broni!!
     
  7. GeoffQ

    GeoffQ TS Rookie Topic Starter Posts: 30

    PS - as per your instructions I will take no other action until you advise me to do so.
     
  8. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  9. GeoffQ

    GeoffQ TS Rookie Topic Starter Posts: 30

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 05-08-2012
    Ran by SYSTEM at 05-08-2012 09:53:49
    Running from F:\
    Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1021224 2007-09-14] (Synaptics, Inc.)
    HKLM\...\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2007-11-20] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
    HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2011-12-06] (Google)
    HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288080 2009-07-17] (Microsoft Corporation)
    HKLM\...\Run: [] [x]
    HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
    HKU\Geoff\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
    Winlogon\Notify\PFW:
    Winlogon\Notify\ScCertProp: wlnotify.dll [X]
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GO36F4~1.DLL
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Users\Geoff\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)

    ================================ Services (Whitelisted) ==================

    4 Agent; C:\Windows\agent.exe [155648 2011-08-24] ()
    3 ArcGIS License Manager; C:\Program Files\ArcGIS\License10.1\bin\lmgrd.exe [1408904 2012-04-20] (Flexera Software, Inc.)
    2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
    3 FirebirdGuardianDefaultInstance; "C:\Program Files\FirebirdSQL\bin\fbguard.exe" -s DefaultInstance [81920 2009-07-22] (Firebird Project)
    3 FirebirdServerDefaultInstance; "C:\Program Files\FirebirdSQL\bin\fbserver.exe" -s DefaultInstance [2736128 2009-07-22] (Firebird Project)
    3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [1044816 2012-06-19] (Flexera Software, Inc.)
    3 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2011-12-06] (Google)
    2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    2 NIS; "C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\19.7.1.5\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
    3 PCPitstop Scheduling; C:\Program Files\CA\PCPitstopScheduleService.exe [90864 2010-09-29] (PC Pitstop LLC)
    3 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-07-05] (Skype Technologies S.A.)
    3 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-07-13] (Skype Technologies)

    ========================== Drivers (Whitelisted) =============

    3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146560 2007-08-28] (AuthenTec, Inc.)
    1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [821920 2012-07-11] (Symantec Corporation)
    1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1307010.005\ccSetx86.sys [132744 2011-11-29] (Symantec Corporation)
    1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-07-26] (DT Soft Ltd)
    1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-03] (Symantec Corporation)
    3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-03] (Symantec Corporation)
    3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57672 2011-07-14] (FTDI Ltd.)
    3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
    3 GTIPCI21; C:\Windows\System32\DRIVERS\gtipci21.sys [88192 2006-09-14] (Texas Instruments)
    3 HBtnKey; C:\Windows\System32\DRIVERS\cpqbttn.sys [15544 2010-02-24] (Hewlett-Packard Company)
    3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2010-12-14] (Hewlett Packard)
    1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120803.002\IDSvix86.sys [382624 2012-08-02] (Symantec Corporation)
    3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-01] (Logitech, Inc.)
    3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-01] (Logitech, Inc.)
    3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41888 2007-05-09] (Logitech Inc.)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
    3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120804.009\NAVENG.SYS [87928 2012-08-03] (Symantec Corporation)
    3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120804.009\NAVEX15.SYS [1589752 2012-08-03] (Symantec Corporation)
    3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.)
    3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [14112 2007-05-09] (Logitech Inc.)
    3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [1276832 2007-05-09] (Logitech Inc.)
    1 SRTSP; C:\Windows\System32\Drivers\NIS\1307010.005\SRTSP.SYS [574072 2012-03-28] (Symantec Corporation)
    1 SRTSPX; C:\Windows\system32\drivers\NIS\1307010.005\SRTSPX.SYS [32888 2012-03-28] (Symantec Corporation)
    0 SymDS; C:\Windows\System32\drivers\NIS\1307010.005\SYMDS.SYS [340088 2011-07-25] (Symantec Corporation)
    0 SymEFA; C:\Windows\System32\drivers\NIS\1307010.005\SYMEFA.SYS [905336 2012-03-28] (Symantec Corporation)
    3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-08-03] (Symantec Corporation)
    1 SymIRON; C:\Windows\system32\drivers\NIS\1307010.005\Ironx86.SYS [149624 2012-03-28] (Symantec Corporation)
    1 SymNetS; C:\Windows\System32\Drivers\NIS\1307010.005\SYMNETS.SYS [318584 2012-03-28] (Symantec Corporation)
    3 18687; C:\Windows\System32\DRIVERS\18687 [x]
    3 28169; C:\Windows\System32\DRIVERS\28169 [x]
    3 4284; C:\Windows\System32\DRIVERS\4284 [x]
    3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [x]
    3 UIUSys; C:\Windows\System32\DRIVERS\UIUSYS.SYS [x]
    3 XDva391; \??\C:\Windows\system32\XDva391.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-05 09:53 - 2012-08-05 09:53 - 00000000 ____D C:\FRST
    2012-08-04 20:56 - 2012-08-04 20:56 - 00143648 ____A C:\Windows\Minidump\080412-30310-01.dmp
    2012-08-04 19:46 - 2012-08-04 19:46 - 00000596 ____A C:\Users\Geoff\Desktop\GMER log 3.log
    2012-08-04 19:45 - 2012-08-04 19:45 - 00036866 ____A C:\Users\Geoff\Desktop\GMER Log 2.log
    2012-08-04 15:49 - 2012-08-04 15:50 - 00302592 ____A C:\Users\Geoff\Desktop\hdkj80hq.exe
    2012-08-04 15:45 - 2012-08-04 15:45 - 00000000 ____D C:\Users\Geoff\AppData\Roaming\Malwarebytes
    2012-08-04 15:44 - 2012-08-04 15:44 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-08-04 15:44 - 2012-08-04 15:44 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-08-04 15:44 - 2012-08-04 15:44 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2012-08-04 15:44 - 2012-07-03 12:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-08-04 15:43 - 2012-08-04 15:44 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Geoff\Desktop\mbam-setup-1.62.0.1300.exe
    2012-08-04 15:10 - 2012-08-04 15:10 - 00001502 ____A C:\Users\Geoff\Desktop\ZeroAccess!inf Scan Info.txt
    2012-08-03 15:34 - 2012-08-03 18:27 - 00000000 ____D C:\Program Files\Diablo III
    2012-08-03 15:34 - 2012-08-03 15:36 - 00001147 ____A C:\Users\Public\Desktop\Diablo III.lnk
    2012-08-03 15:27 - 2012-08-03 15:33 - 40048208 ____A (Blizzard Entertainment) C:\Users\Geoff\Downloads\Diablo-III-Setup-enUS.exe
    2012-08-03 14:24 - 2012-08-03 14:24 - 00000000 ____D C:\Users\Geoff\Documents\Windows 7 32 bit
    2012-08-03 14:08 - 2012-08-03 14:08 - 00187464 ____A (Webroot) C:\Users\Geoff\Desktop\KillZeroAccess.exe
    2012-08-03 13:35 - 2012-08-03 13:35 - 00000000 ____D C:\Users\Geoff\Documents\BFE
    2012-08-03 13:25 - 2012-08-03 14:00 - 01805736 ____A (Symantec Corporation) C:\Users\Geoff\Desktop\FixZeroAccess.exe
    2012-08-03 13:17 - 2012-08-03 13:17 - 00000000 ____D C:\Users\Geoff\AppData\Roaming\FixZeroAccess
    2012-08-03 12:53 - 2012-08-03 19:58 - 00000000 ____D C:\Program Files\Symantec
    2012-08-03 12:53 - 2012-08-03 19:57 - 00141944 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
    2012-08-03 12:53 - 2012-08-03 19:57 - 00007468 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
    2012-08-03 12:53 - 2012-08-03 13:08 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
    2012-08-03 12:52 - 2012-08-04 10:17 - 00002414 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
    2012-08-03 12:52 - 2012-08-04 10:17 - 00000000 ____D C:\Windows\System32\Drivers\NIS
    2012-08-03 12:52 - 2012-08-03 12:52 - 00000000 ____D C:\Program Files\Norton Internet Security
    2012-08-03 12:21 - 2012-08-03 12:19 - 00021218 ____A C:\Windows\ntbtlog.txt.bak
    2012-08-03 12:19 - 2012-08-03 12:19 - 02841104 ____A (Symantec Corporation) C:\Users\Geoff\Desktop\NPE.exe
    2012-08-03 12:14 - 2012-08-03 12:15 - 14388739 ____A C:\Users\Geoff\AppData\Roaming\SMRBackup250.dat
    2012-08-03 12:13 - 2012-08-03 12:13 - 00000000 ____D C:\Users\Geoff\AppData\Roaming\SPE
    2012-08-03 12:07 - 2012-08-03 12:07 - 00000000 ____A C:\KmxAMRT.asc
    2012-08-03 12:04 - 2012-08-03 15:33 - 00000000 ____D C:\Users\Geoff\AppData\Local\CrashDumps
    2012-08-03 12:03 - 2012-08-03 13:15 - 00000000 ____D C:\Users\Geoff\AppData\Local\NPE
    2012-08-03 12:03 - 2012-08-03 12:53 - 00000000 ____D C:\Users\All Users\Norton
    2012-08-02 12:17 - 2012-08-02 12:26 - 00000000 ____D C:\Users\Geoff\Desktop\Securities
    2012-08-02 09:30 - 2012-08-02 09:30 - 00001226 ____A C:\messages.xml
    2012-08-01 20:46 - 2012-08-01 20:46 - 01744912 ____A () C:\Windows\System32\winsflt.dll
    2012-08-01 20:46 - 2011-06-29 13:27 - 02760720 ____A () C:\Windows\System32\svcprs32.exe
    2012-08-01 20:46 - 2011-06-29 13:23 - 00098320 ____A C:\Windows\System32\winsfinst.exe
    2012-08-01 20:46 - 2011-06-29 13:22 - 04108304 ____A () C:\Windows\System32\win32cpr.dll
    2012-08-01 20:46 - 2011-06-29 13:20 - 03207184 ____A () C:\Windows\System32\mdmcls32.exe
    2012-08-01 20:46 - 2011-06-29 12:53 - 02990096 ____A (PureSight Technologies Ltd) C:\Windows\System32\winsflte.dll
    2012-07-31 07:05 - 2012-07-31 11:59 - 00143696 ____A C:\Windows\Minidump\073112-19936-01.dmp
    2012-07-30 19:24 - 2012-07-30 19:24 - 00143384 ____A C:\Windows\Minidump\073012-15147-01.dmp
    2012-07-29 16:46 - 2012-07-29 16:46 - 00000000 ____D C:\Program Files\Common Files\InstallShield
    2012-07-29 16:46 - 2002-01-01 13:02 - 00007440 ____A (Microsoft Corporation) C:\Windows\System32\sporder.dll
    2012-07-29 16:43 - 2012-07-29 16:43 - 00009072 ____A C:\Windows\System32\Drivers\28169
    2012-07-29 16:43 - 2012-07-29 16:43 - 00000000 ____D C:\Program Files\Total Defense
    2012-07-29 16:00 - 2012-08-03 13:04 - 00000000 ____D C:\Users\All Users\CA
    2012-07-29 15:44 - 2012-07-29 15:47 - 41500564 ____A (Total Defense, Inc.) C:\Users\Geoff\Desktop\issdm_td_en.exe.part
    2012-07-26 14:53 - 2012-07-26 14:53 - 00242240 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
    2012-07-26 07:28 - 2012-07-26 07:28 - 00000000 ____D C:\Users\Export\Source_Code
    2012-07-26 07:28 - 2012-07-26 07:28 - 00000000 ____D C:\users\Export
    2012-07-26 07:28 - 2011-02-01 11:07 - 00209608 ____A (Microsoft Corporation) C:\Users\Export\TABCTL32.OCX
    2012-07-26 07:28 - 2010-05-25 09:14 - 00368640 ____A (City of Portland, Bureau of Planning) C:\Users\Export\ExporttoKML.dll
    2012-07-26 07:28 - 2009-09-08 14:18 - 00001573 ____A C:\Users\Export\ExporttoKML_64bit.reg
    2012-07-26 07:28 - 2008-06-02 10:13 - 00001178 ____A C:\Users\Export\ExporttoKML_INSTALL.bat
    2012-07-26 07:28 - 2008-06-02 10:13 - 00000703 ____A C:\Users\Export\ExporttoKML_UNINSTALL.bat
    2012-07-26 07:28 - 2006-02-22 15:45 - 00001498 ____A C:\Users\Export\ExporttoKML.reg
    2012-07-24 17:02 - 2012-07-26 14:53 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
    2012-07-24 11:40 - 2012-07-24 11:40 - 00000000 ____D C:\Program Files\GUMA92A.tmp
    2012-07-24 11:01 - 2012-07-24 11:01 - 04024320 ____A C:\Program Files\GUTF4C7.tmp
    2012-07-24 11:01 - 2012-07-24 11:01 - 04024320 ____A C:\Program Files\GUTF3DD.tmp
    2012-07-24 11:01 - 2012-07-24 11:01 - 00000000 ____D C:\Program Files\GUMF4C6.tmp
    2012-07-24 11:01 - 2012-07-24 11:01 - 00000000 ____D C:\Program Files\GUMF3CC.tmp
    2012-07-09 20:07 - 2012-07-09 20:07 - 00000000 ____D C:\Users\All Users\FNP
    2012-07-09 20:05 - 2012-07-09 20:05 - 00000000 ____D C:\Users\Geoff\Documents\ArcGIS 10.1

    ============ 3 Months Modified Files ========================

    2012-08-05 08:45 - 2011-08-24 11:33 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-08-05 08:33 - 2011-07-14 08:46 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-168794860-1045125424-4017413192-1000UA.job
    2012-08-05 07:57 - 2012-04-12 13:16 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-05 07:14 - 2010-11-20 13:01 - 00777976 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-05 07:12 - 2009-07-13 20:34 - 00020528 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-05 07:12 - 2009-07-13 20:34 - 00020528 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-05 07:05 - 2011-08-24 11:33 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-08-05 07:05 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-05 07:05 - 2009-07-13 20:39 - 00061197 ____A C:\Windows\setupact.log
    2012-08-04 20:56 - 2012-08-04 20:56 - 00143648 ____A C:\Windows\Minidump\080412-30310-01.dmp
    2012-08-04 20:56 - 2011-07-23 22:35 - 317488458 ____A C:\Windows\MEMORY.DMP
    2012-08-04 20:55 - 2010-11-20 13:48 - 00217804 ____A C:\Windows\PFRO.log
    2012-08-04 19:46 - 2012-08-04 19:46 - 00000596 ____A C:\Users\Geoff\Desktop\GMER log 3.log
    2012-08-04 19:45 - 2012-08-04 19:45 - 00036866 ____A C:\Users\Geoff\Desktop\GMER Log 2.log
    2012-08-04 16:33 - 2011-07-14 08:46 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-168794860-1045125424-4017413192-1000Core.job
    2012-08-04 15:50 - 2012-08-04 15:49 - 00302592 ____A C:\Users\Geoff\Desktop\hdkj80hq.exe
    2012-08-04 15:44 - 2012-08-04 15:44 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-08-04 15:44 - 2012-08-04 15:43 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Geoff\Desktop\mbam-setup-1.62.0.1300.exe
    2012-08-04 15:10 - 2012-08-04 15:10 - 00001502 ____A C:\Users\Geoff\Desktop\ZeroAccess!inf Scan Info.txt
    2012-08-04 10:17 - 2012-08-03 12:52 - 00002414 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
    2012-08-03 19:57 - 2012-08-03 12:53 - 00141944 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
    2012-08-03 19:57 - 2012-08-03 12:53 - 00007468 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
    2012-08-03 15:36 - 2012-08-03 15:34 - 00001147 ____A C:\Users\Public\Desktop\Diablo III.lnk
    2012-08-03 15:33 - 2012-08-03 15:27 - 40048208 ____A (Blizzard Entertainment) C:\Users\Geoff\Downloads\Diablo-III-Setup-enUS.exe
    2012-08-03 14:08 - 2012-08-03 14:08 - 00187464 ____A (Webroot) C:\Users\Geoff\Desktop\KillZeroAccess.exe
    2012-08-03 14:00 - 2012-08-03 13:25 - 01805736 ____A (Symantec Corporation) C:\Users\Geoff\Desktop\FixZeroAccess.exe
    2012-08-03 13:29 - 2011-07-13 20:34 - 01139468 ____A C:\Windows\WindowsUpdate.log
    2012-08-03 12:50 - 2011-07-14 09:13 - 00269596 ____A C:\Windows\System32\Drivers\KmxAgent.asc
    2012-08-03 12:49 - 2011-07-13 19:05 - 00032949 ____A C:\Windows\System32\FDInstall.log
    2012-08-03 12:19 - 2012-08-03 12:21 - 00021218 ____A C:\Windows\ntbtlog.txt.bak
    2012-08-03 12:19 - 2012-08-03 12:19 - 02841104 ____A (Symantec Corporation) C:\Users\Geoff\Desktop\NPE.exe
    2012-08-03 12:15 - 2012-08-03 12:14 - 14388739 ____A C:\Users\Geoff\AppData\Roaming\SMRBackup250.dat
    2012-08-03 12:07 - 2012-08-03 12:07 - 00000000 ____A C:\KmxAMRT.asc
    2012-08-02 13:57 - 2012-04-12 13:16 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-08-02 13:57 - 2011-07-13 18:06 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-08-02 09:30 - 2012-08-02 09:30 - 00001226 ____A C:\messages.xml
    2012-08-02 07:28 - 2012-06-01 15:22 - 00002429 ___AC C:\Windows\System32\nrmtest.log.xml
    2012-08-01 20:46 - 2012-08-01 20:46 - 01744912 ____A () C:\Windows\System32\winsflt.dll
    2012-07-31 11:59 - 2012-07-31 07:05 - 00143696 ____A C:\Windows\Minidump\073112-19936-01.dmp
    2012-07-30 19:24 - 2012-07-30 19:24 - 00143384 ____A C:\Windows\Minidump\073012-15147-01.dmp
    2012-07-29 16:43 - 2012-07-29 16:43 - 00009072 ____A C:\Windows\System32\Drivers\28169
    2012-07-29 15:47 - 2012-07-29 15:44 - 41500564 ____A (Total Defense, Inc.) C:\Users\Geoff\Desktop\issdm_td_en.exe.part
    2012-07-26 14:53 - 2012-07-26 14:53 - 00242240 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
    2012-07-24 11:01 - 2012-07-24 11:01 - 04024320 ____A C:\Program Files\GUTF4C7.tmp
    2012-07-24 11:01 - 2012-07-24 11:01 - 04024320 ____A C:\Program Files\GUTF3DD.tmp
    2012-07-09 07:55 - 2012-06-25 16:48 - 00000079 ____A C:\Windows\omv.INI
    2012-07-03 18:01 - 2011-12-09 13:56 - 00000468 ____A C:\Windows\BRWMARK.INI
    2012-07-03 16:22 - 2012-01-18 17:56 - 00001999 ____A C:\Users\All Users\hpzinstall.log
    2012-07-03 16:21 - 2012-07-03 16:18 - 00182871 ____A C:\Windows\hpwins11.dat
    2012-07-03 16:19 - 2011-07-13 18:13 - 00012518 ____A C:\Windows\DPINST.LOG
    2012-07-03 16:17 - 2012-07-03 16:12 - 96023464 ____A C:\Users\Geoff\Desktop\OJProK8600_Basic_13.exe
    2012-07-03 15:43 - 2012-07-03 15:43 - 00065189 ____A C:\Users\Geoff\Desktop\Troubleshoot HP Installation Failure - Network.hta
    2012-07-03 15:42 - 2012-07-03 15:42 - 00000057 ____A C:\Users\All Users\Ament.ini
    2012-07-03 15:41 - 2012-07-03 15:41 - 00002176 ____A C:\Users\Public\Desktop\HP Officejet 7500 E910.lnk
    2012-07-03 15:41 - 2012-07-03 15:41 - 00001868 ____A C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 7500 E910.lnk
    2012-07-03 15:41 - 2012-07-03 15:41 - 00001159 ____A C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 7500 E910.lnk
    2012-07-03 15:41 - 2012-07-03 15:41 - 00001154 ____A C:\Users\Public\Desktop\HP Officejet 7500 E910 Scan.lnk
    2012-07-03 15:40 - 2012-07-03 15:38 - 43419000 ____A C:\Users\Geoff\Desktop\OJ7500_E910_Basic_x86_231.exe
    2012-07-03 12:46 - 2012-08-04 15:44 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-02 10:45 - 2012-07-02 10:40 - 49756040 ____A (Blue Marble Geographics) C:\Users\Geoff\Desktop\global_mapper_setup.exe
    2012-06-30 16:17 - 2012-06-30 16:17 - 00007909 ____A C:\Users\Geoff\Desktop\Data to fit.xlsx
    2012-06-25 16:47 - 2012-06-25 16:47 - 00001258 ____A C:\Users\Public\Desktop\Oasis montaj Viewer.lnk
    2012-06-25 16:01 - 2012-06-25 16:01 - 00002094 ____A C:\Users\Public\Desktop\Surfer 10 (32-bit).lnk
    2012-06-20 20:37 - 2009-07-13 20:33 - 00488168 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-19 09:35 - 2011-07-13 18:12 - 00142296 ____A C:\Users\Geoff\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-19 08:12 - 2012-06-19 08:12 - 00000011 ___RA C:\Windows\amunres.lsl
    2012-06-18 20:48 - 2012-06-18 20:48 - 00143576 ____A C:\Windows\Minidump\061812-21481-01.dmp
    2012-06-15 13:34 - 2012-06-15 13:34 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-06-13 19:59 - 2012-06-13 19:59 - 00416448 ____A C:\Windows\Minidump\061312-15974-01.dmp
    2012-06-13 19:58 - 2012-06-13 19:58 - 00000000 ____A C:\Windows\Minidump\061312-20529-01.dmp
    2012-06-09 07:36 - 2012-06-09 07:36 - 00002014 ____A C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
    2012-06-07 15:54 - 2012-06-03 10:44 - 00004530 ____A C:\Windows\pcsetup.log
    2012-06-06 15:57 - 2012-06-06 15:57 - 00000000 ____A C:\Users\Geoff\Downloads\vlc-2.0.1-win32.exe
    2012-06-06 15:48 - 2012-06-06 12:13 - 3889102848 ____A C:\Users\Geoff\Downloads\IbycusTopo32.iso
    2012-06-06 13:27 - 2012-06-06 13:27 - 00143576 ____A C:\Windows\Minidump\060612-20467-01.dmp
    2012-06-05 14:59 - 2012-06-05 14:59 - 00001250 ____A C:\Users\Public\Desktop\ZoomBrowser EX.lnk
    2012-06-05 14:59 - 2012-06-05 14:59 - 00001067 ____A C:\Users\Public\Desktop\Picture Style Editor.lnk
    2012-06-05 14:59 - 2012-06-05 14:59 - 00001037 ____A C:\Users\Public\Desktop\EOS Utility.lnk
    2012-06-05 14:58 - 2012-06-05 14:58 - 00001102 ____A C:\Users\Public\Desktop\Digital Photo Professional.lnk
    2012-06-04 15:15 - 2012-06-04 15:12 - 00000124 ____A C:\Users\Geoff\Desktop\BCeID - Mary Creek.txt
    2012-06-03 13:06 - 2012-06-03 13:04 - 07001280 ____A C:\Users\Geoff\Desktop\Backup of Hunter Porcupine Gold.wbk
    2012-06-03 12:10 - 2012-06-03 12:10 - 00000193 ____A C:\exception-failed.txt
    2012-06-03 11:50 - 2012-06-03 11:50 - 00009072 ____A C:\Windows\System32\Drivers\4284
    2012-06-03 11:47 - 2012-06-03 11:35 - 176671024 ____A (Total Defense, Inc.) C:\Users\Geoff\Downloads\issdm_td_en.exe
    2012-06-03 11:27 - 2012-06-03 11:27 - 00000000 ____A C:\Windows\ativpsrm.bin
    2012-06-03 11:13 - 2012-06-03 11:05 - 111652152 ____A (Hewlett Packard ) C:\Users\Geoff\Downloads\Legacy Video Driver (from hp).exe
    2012-06-03 08:55 - 2012-06-03 08:49 - 45241264 ____A (Advanced Micro Devices, Inc.) C:\Users\Geoff\Desktop\8-12_vista32_dd_ccc_wdm_enu_72275 (hardware heaven).exe
    2012-06-02 14:19 - 2012-06-18 14:05 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-18 14:05 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-18 14:05 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 14:19 - 2012-06-18 14:05 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-18 14:05 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-18 14:05 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:12 - 2012-06-18 14:05 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:12 - 2012-06-18 14:05 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:12 - 2012-06-18 14:05 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 16:48 - 2009-07-13 18:04 - 00000513 ____A C:\Windows\win.ini
    2012-05-31 14:59 - 2012-05-31 14:59 - 00000121 ____A C:\Windows\System32\msiexec.log
    2012-05-31 07:33 - 2011-11-28 14:48 - 00000763 ____A C:\Users\Geoff\AppData\Roaming\bibstats
    2012-05-29 16:56 - 2012-05-29 16:56 - 00322248 ____A C:\Windows\Minidump\052912-22900-01.dmp
    2012-05-25 12:57 - 2011-10-02 20:01 - 00000770 ____A C:\Users\Geoff\AppData\Roaming\Rim.DesktopHelper.Exception.log
    2012-05-25 12:57 - 2011-10-02 19:54 - 00001352 ____A C:\Users\Geoff\AppData\Roaming\Rim.Desktop.Exception.log
    2012-05-25 11:37 - 2012-05-25 11:35 - 00038088 ____A C:\P1005.log
    2012-05-25 09:35 - 2012-05-25 09:35 - 00001814 ____A C:\Users\Public\Desktop\Neat.lnk
    2012-05-25 09:25 - 2012-05-25 09:25 - 00000218 ____A C:\Windows\NeatWorksUninstall.LOG
    2012-05-09 16:48 - 2012-05-09 16:48 - 00000484 ____A C:\Users\Geoff\Desktop\Resume Download of MapleStory.url


    ZeroAccess:
    C:\Windows\Installer\{51f2c320-465a-b82c-db4c-992d1544e03c}
    C:\Windows\Installer\{51f2c320-465a-b82c-db4c-992d1544e03c}\@
    C:\Windows\Installer\{51f2c320-465a-b82c-db4c-992d1544e03c}\L
    C:\Windows\Installer\{51f2c320-465a-b82c-db4c-992d1544e03c}\U
    C:\Windows\Installer\{51f2c320-465a-b82c-db4c-992d1544e03c}\U\00000001.@

    ZeroAccess:
    C:\Users\Geoff\AppData\Local\{51f2c320-465a-b82c-db4c-992d1544e03c}
    C:\Users\Geoff\AppData\Local\{51f2c320-465a-b82c-db4c-992d1544e03c}\@
    C:\Users\Geoff\AppData\Local\{51f2c320-465a-b82c-db4c-992d1544e03c}\L
    C:\Users\Geoff\AppData\Local\{51f2c320-465a-b82c-db4c-992d1544e03c}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 16%
    Total physical RAM: 3071.43 MB
    Available physical RAM: 2550.66 MB
    Total Pagefile: 3069.71 MB
    Available Pagefile: 2559.38 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1968.68 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:465.66 GB) (Free:135.22 GB) NTFS
    2 Drive e: (GSP1RMCPRFRER_EN_DVD) (CDROM) (Total:2.39 GB) (Free:0 GB) UDF
    3 Drive f: () (Removable) (Total:3.75 GB) (Free:3.75 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 3848 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 465 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 465 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3847 MB 32 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT32 Removable 3847 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-29 16:26

    ======================= End Of Log ==========================
     
  10. GeoffQ

    GeoffQ TS Rookie Topic Starter Posts: 30

    Farbar Recovery Scan Tool Version: 05-08-2012
    Ran by SYSTEM at 2012-08-05 09:55:17
    Running from F:\

    ================== Search: "service.exe" ===================

    === End Of Search ===
     
  11. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

     
  12. GeoffQ

    GeoffQ TS Rookie Topic Starter Posts: 30

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-08-2012
    Ran by SYSTEM at 2012-08-05 11:56:45 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    18687 service deleted successfully.
    28169 service deleted successfully.
    4284 service deleted successfully.
    C:\Windows\Installer\{51f2c320-465a-b82c-db4c-992d1544e03c} moved successfully.
    C:\Users\Geoff\AppData\Local\{51f2c320-465a-b82c-db4c-992d1544e03c} moved successfully.

    ==== End of Fixlog ====
     
  13. GeoffQ

    GeoffQ TS Rookie Topic Starter Posts: 30

    ComboFix 12-08-05.02 - Geoff 08/05/2012 12:05:39.1.2 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1946 [GMT -7:00]
    Running from: C:\Users\Geoff\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\install.exe
    C:\Program Files\lol
    C:\Program Files\lol\LeagueOfLegends\0x0409.ini
    C:\Program Files\lol\LeagueOfLegends\data1.cab
    C:\Program Files\lol\LeagueOfLegends\data1.hdr
    C:\Program Files\lol\LeagueOfLegends\data2.cab
    C:\Program Files\lol\LeagueOfLegends\ISSetup.dll
    C:\Program Files\lol\LeagueOfLegends\layout.bin
    C:\Program Files\lol\LeagueOfLegends\setup.exe
    C:\Program Files\lol\LeagueOfLegends\setup.ini
    C:\Program Files\lol\LeagueOfLegends\setup.inx
    C:\Program Files\lol\LeagueOfLegends\setup.isn
    C:\Users\Geoff\AppData\Local\assembly\tmp
    C:\Users\Geoff\AppData\Local\assembly\tmp\2G4HICEB\__AssemblyInfo__.ini
    C:\Users\Geoff\AppData\Local\assembly\tmp\2G4HICEB\Google.Connect.Plugin.DLL
    C:\Users\Geoff\AppData\Local\assembly\tmp\3GQWI89E\__AssemblyInfo__.ini
    C:\Users\Geoff\AppData\Local\assembly\tmp\3GQWI89E\Interop.Office.DLL
    C:\Users\Geoff\AppData\Local\assembly\tmp\6Y9RUZCL\__AssemblyInfo__.ini
    C:\Users\Geoff\AppData\Local\assembly\tmp\B03ICXZO\__AssemblyInfo__.ini
    C:\Users\Geoff\AppData\Local\assembly\tmp\EIG7N6EQ\__AssemblyInfo__.ini
    C:\Users\Geoff\AppData\Local\assembly\tmp\ZJD09CGK\__AssemblyInfo__.ini
    C:\Users\Geoff\AppData\Local\Microsoft\Windows\Temporary Internet Files\{197DABC5-CECF-4467-8BF2-E91BCA98B8A3}.xps
    C:\Users\Geoff\AppData\Roaming\.#
    C:\Users\Geoff\videos\ac3filter_1_63b.exe
    C:\Users\Geoff\videos\DivXInstaller.exe
    C:\Users\Geoff\videos\GoogleEarthSetup.exe
    C:\Users\Geoff\videos\vlc-1.1.11-win32.exe


    ((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))


    2012-08-05 19:16:51 . 2012-08-05 19:16:51 -------- d-----w- C:\Users\Default\AppData\Local\temp
    2012-08-05 17:53:32 . 2012-08-05 17:53:49 -------- d-----w- C:\FRST
    2012-08-04 23:45:08 . 2012-08-04 23:45:08 -------- d-----w- C:\Users\Geoff\AppData\Roaming\Malwarebytes
    2012-08-04 23:44:47 . 2012-08-04 23:44:47 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-08-04 23:44:46 . 2012-08-04 23:44:51 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
    2012-08-04 23:44:46 . 2012-07-03 20:46:44 22344 ----a-w- C:\Windows\system32\drivers\mbam.sys
    2012-08-03 23:34:26 . 2012-08-04 02:27:23 -------- d-----w- C:\Program Files\Diablo III
    2012-08-03 21:17:10 . 2012-08-03 21:17:10 -------- d-----w- C:\Users\Geoff\AppData\Roaming\FixZeroAccess
    2012-08-03 20:53:04 . 2012-08-04 03:58:10 -------- d-----w- C:\Program Files\Symantec
    2012-08-03 20:53:04 . 2012-08-04 03:57:55 141944 ----a-w- C:\Windows\system32\drivers\SYMEVENT.SYS
    2012-08-03 20:53:04 . 2012-08-03 21:08:51 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2012-08-03 20:52:16 . 2012-08-04 18:17:20 -------- d-----w- C:\Windows\system32\drivers\NIS
    2012-08-03 20:52:13 . 2012-08-03 20:52:16 -------- d-----w- C:\Program Files\Norton Internet Security
    2012-08-03 20:49:05 . 2012-08-03 20:49:05 -------- d-----w- C:\Program Files\NortonInstaller
    2012-08-03 20:13:37 . 2012-08-03 20:13:37 -------- d-----w- C:\Users\Geoff\AppData\Roaming\SPE
    2012-08-03 20:04:35 . 2012-08-03 23:33:32 -------- d-----w- C:\Users\Geoff\AppData\Local\CrashDumps
    2012-08-03 20:03:30 . 2012-08-03 21:15:25 -------- d-----w- C:\Users\Geoff\AppData\Local\NPE
    2012-08-03 20:03:30 . 2012-08-03 20:53:13 -------- d-----w- C:\ProgramData\Norton
    2012-08-02 04:46:10 . 2012-08-02 04:46:10 1744912 ----a-w- C:\Windows\system32\winsflt.dll
    2012-08-02 04:46:10 . 2011-06-29 21:27:30 2760720 ----a-w- C:\Windows\system32\svcprs32.exe
    2012-08-02 04:46:10 . 2011-06-29 21:23:34 98320 ----a-w- C:\Windows\system32\winsfinst.exe
    2012-08-02 04:46:10 . 2011-06-29 21:22:18 4108304 ----a-w- C:\Windows\system32\win32cpr.dll
    2012-08-02 04:46:09 . 2011-06-29 21:20:02 3207184 ----a-w- C:\Windows\system32\mdmcls32.exe
    2012-08-02 04:46:09 . 2011-06-29 20:53:02 2990096 ----a-w- C:\Windows\system32\winsflte.dll
    2012-07-30 00:46:17 . 2002-01-01 21:02:02 7440 ----a-w- C:\Windows\system32\sporder.dll
    2012-07-30 00:46:08 . 2012-07-30 00:46:08 -------- d-----w- C:\Program Files\Common Files\InstallShield
    2012-07-30 00:43:14 . 2012-07-30 00:43:14 -------- d-----w- C:\Program Files\Total Defense
    2012-07-30 00:00:06 . 2012-08-03 21:04:22 -------- d-----w- C:\ProgramData\CA
    2012-07-26 22:53:45 . 2012-07-26 22:53:45 242240 ----a-w- C:\Windows\system32\drivers\dtsoftbus01.sys
    2012-07-26 15:28:26 . 2012-07-26 15:28:26 -------- d-----w- C:\Users\Export
    2012-07-25 01:02:49 . 2012-07-26 22:53:45 -------- d-----w- C:\Program Files\DAEMON Tools Lite
    2012-07-24 19:40:00 . 2012-07-24 19:40:01 -------- d-----w- C:\Program Files\GUMA92A.tmp
    2012-07-24 19:01:22 . 2012-07-24 19:01:22 4024320 ----a-w- C:\Program Files\GUTF4C7.tmp
    2012-07-24 19:01:22 . 2012-07-24 19:01:22 4024320 ----a-w- C:\Program Files\GUTF3DD.tmp
    2012-07-24 19:01:22 . 2012-07-24 19:01:22 -------- d-----w- C:\Program Files\GUMF4C6.tmp
    2012-07-24 19:01:22 . 2012-07-24 19:01:22 -------- d-----w- C:\Program Files\GUMF3CC.tmp
    2012-07-10 04:07:07 . 2012-07-10 04:07:07 -------- d-----w- C:\ProgramData\FNP
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2012-08-02 21:57:35 . 2012-04-12 21:16:51 426184 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
    2012-08-02 21:57:35 . 2011-07-14 02:06:49 70344 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
    2012-07-30 00:43:20 . 2012-07-30 00:43:20 9072 ----a-w- C:\Windows\system32\drivers\28169
    2012-06-03 19:50:24 . 2012-06-03 19:50:24 9072 ----a-w- C:\Windows\system32\drivers\4284
    2012-06-02 22:19:42 . 2012-06-18 22:05:03 171904 ----a-w- C:\Windows\system32\wuwebv.dll
    2012-06-02 22:19:33 . 2012-06-18 22:05:38 53784 ----a-w- C:\Windows\system32\wuauclt.exe
    2012-06-02 22:19:33 . 2012-06-18 22:05:38 45080 ----a-w- C:\Windows\system32\wups2.dll
    2012-06-02 22:19:32 . 2012-06-18 22:05:24 35864 ----a-w- C:\Windows\system32\wups.dll
    2012-06-02 22:19:23 . 2012-06-18 22:05:24 577048 ----a-w- C:\Windows\system32\wuapi.dll
    2012-06-02 22:19:17 . 2012-06-18 22:05:38 1933848 ----a-w- C:\Windows\system32\wuaueng.dll
    2012-06-02 22:12:32 . 2012-06-18 22:05:38 2422272 ----a-w- C:\Windows\system32\wucltux.dll
    2012-06-02 22:12:20 . 2012-06-18 22:05:03 33792 ----a-w- C:\Windows\system32\wuapp.exe
    2012-06-02 22:12:13 . 2012-06-18 22:05:24 88576 ----a-w- C:\Windows\system32\wudriver.dll
    2012-08-02 14:56:24 . 2011-07-14 01:58:00 136672 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
    2011-12-06 19:56:51 . 2011-12-06 19:56:52 119808 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4
     
  14. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    I assume more is coming?
     
  15. GeoffQ

    GeoffQ TS Rookie Topic Starter Posts: 30

    That's all I got. Am I missing a log? Do you need me to run something again?
     
  16. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  17. GeoffQ

    GeoffQ TS Rookie Topic Starter Posts: 30

    14:34:47.0547 5752 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    14:34:48.0576 5752 ============================================================
    14:34:48.0576 5752 Current date / time: 2012/08/05 14:34:48.0576
    14:34:48.0576 5752 SystemInfo:
    14:34:48.0576 5752
    14:34:48.0576 5752 OS Version: 6.1.7601 ServicePack: 1.0
    14:34:48.0576 5752 Product type: Workstation
    14:34:48.0576 5752 ComputerName: OMNICRONPERSEI8
    14:34:48.0576 5752 UserName: Geoff
    14:34:48.0576 5752 Windows directory: C:\Windows
    14:34:48.0576 5752 System windows directory: C:\Windows
    14:34:48.0576 5752 Processor architecture: Intel x86
    14:34:48.0576 5752 Number of processors: 2
    14:34:48.0576 5752 Page size: 0x1000
    14:34:48.0576 5752 Boot type: Normal boot
    14:34:48.0576 5752 ============================================================
    14:34:50.0245 5752 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
    14:34:50.0245 5752 Drive \Device\Harddisk1\DR1 - Size: 0xF0800000 (3.76 Gb), SectorSize: 0x200, Cylinders: 0x1EA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    14:34:50.0245 5752 ============================================================
    14:34:50.0245 5752 \Device\Harddisk0\DR0:
    14:34:50.0245 5752 MBR partitions:
    14:34:50.0245 5752 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    14:34:50.0245 5752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
    14:34:50.0245 5752 \Device\Harddisk1\DR1:
    14:34:50.0245 5752 MBR partitions:
    14:34:50.0245 5752 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x40, BlocksNum 0x783FC0
    14:34:50.0245 5752 ============================================================
    14:34:50.0245 5752 C: <-> \Device\Harddisk0\DR0\Partition1
    14:34:50.0245 5752 ============================================================
    14:34:50.0245 5752 Initialize success
    14:34:50.0245 5752 ============================================================
    14:35:05.0003 5848 ============================================================
    14:35:05.0003 5848 Scan started
    14:35:05.0003 5848 Mode: Manual;
    14:35:05.0003 5848 ============================================================
    14:35:07.0702 5848 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys
    14:35:07.0717 5848 1394ohci - ok
    14:35:07.0749 5848 Accelerometer (cc1f1d3d70dc13c2c281488d347d4415) C:\Windows\system32\DRIVERS\Accelerometer.sys
    14:35:07.0749 5848 Accelerometer - ok
    14:35:07.0795 5848 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    14:35:07.0811 5848 ACPI - ok
    14:35:07.0827 5848 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    14:35:07.0827 5848 AcpiPmi - ok
    14:35:07.0920 5848 ADIHdAudAddService (fb9ece3f7b8a03e474e611031ad4cd23) C:\Windows\system32\drivers\ADIHdAud.sys
    14:35:07.0920 5848 ADIHdAudAddService - ok
    14:35:07.0983 5848 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    14:35:07.0998 5848 AdobeFlashPlayerUpdateSvc - ok
    14:35:08.0061 5848 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
    14:35:08.0061 5848 adp94xx - ok
    14:35:08.0107 5848 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
    14:35:08.0123 5848 adpahci - ok
    14:35:08.0154 5848 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
    14:35:08.0154 5848 adpu320 - ok
    14:35:08.0201 5848 AEADIFilters (12d23758621b00b8d3134095ec3325fd) C:\Windows\system32\AEADISRV.EXE
    14:35:08.0201 5848 AEADIFilters - ok
    14:35:08.0217 5848 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
    14:35:08.0217 5848 AeLookupSvc - ok
    14:35:08.0279 5848 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
    14:35:08.0279 5848 AFD - ok
    14:35:08.0310 5848 Agent (b3aa46598403f63574f84880f2f2db8c) C:\Windows\agent.exe
    14:35:08.0326 5848 Agent - ok
    14:35:08.0341 5848 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    14:35:08.0341 5848 agp440 - ok
    14:35:08.0373 5848 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
    14:35:08.0373 5848 aic78xx - ok
    14:35:08.0388 5848 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
    14:35:08.0404 5848 ALG - ok
    14:35:08.0404 5848 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    14:35:08.0404 5848 aliide - ok
    14:35:08.0435 5848 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    14:35:08.0435 5848 amdagp - ok
    14:35:08.0451 5848 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    14:35:08.0451 5848 amdide - ok
    14:35:08.0482 5848 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
    14:35:08.0482 5848 AmdK8 - ok
    14:35:08.0497 5848 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
    14:35:08.0497 5848 AmdPPM - ok
    14:35:08.0529 5848 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    14:35:08.0529 5848 amdsata - ok
    14:35:08.0560 5848 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
    14:35:08.0560 5848 amdsbs - ok
    14:35:08.0575 5848 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    14:35:08.0575 5848 amdxata - ok
    14:35:08.0607 5848 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    14:35:08.0607 5848 AppID - ok
    14:35:08.0622 5848 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
    14:35:08.0622 5848 AppIDSvc - ok
    14:35:08.0638 5848 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
    14:35:08.0638 5848 Appinfo - ok
    14:35:08.0700 5848 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    14:35:08.0716 5848 Apple Mobile Device - ok
    14:35:08.0747 5848 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
    14:35:08.0747 5848 AppMgmt - ok
    14:35:08.0778 5848 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
    14:35:08.0778 5848 arc - ok
    14:35:08.0887 5848 ArcGIS License Manager (9b2055f86da50e5a945f067e86d15993) C:\Program Files\ArcGIS\License10.1\bin\lmgrd.exe
    14:35:08.0919 5848 ArcGIS License Manager - ok
    14:35:09.0059 5848 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
    14:35:09.0075 5848 arcsas - ok
    14:35:09.0121 5848 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    14:35:09.0153 5848 aspnet_state - ok
    14:35:09.0184 5848 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    14:35:09.0184 5848 AsyncMac - ok
    14:35:09.0199 5848 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    14:35:09.0199 5848 atapi - ok
    14:35:09.0277 5848 Ati External Event Utility (86acb6a60c50e99eb8e68710d5a12654) C:\Windows\system32\Ati2evxx.exe
    14:35:09.0293 5848 Ati External Event Utility - ok
    14:35:09.0340 5848 ATSWPDRV (69e65a2ce11619f0c868967ca9540b80) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
    14:35:09.0355 5848 ATSWPDRV - ok
    14:35:09.0433 5848 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    14:35:09.0433 5848 AudioEndpointBuilder - ok
    14:35:09.0449 5848 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    14:35:09.0465 5848 Audiosrv - ok
    14:35:09.0527 5848 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
    14:35:09.0527 5848 AxInstSV - ok
    14:35:09.0589 5848 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
    14:35:09.0605 5848 b06bdrv - ok
    14:35:09.0667 5848 b57nd60x (37c0fdc2b0c7b285910695194bf39826) C:\Windows\system32\DRIVERS\b57nd60x.sys
    14:35:09.0683 5848 b57nd60x - ok
    14:35:09.0714 5848 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
    14:35:09.0714 5848 BDESVC - ok
    14:35:09.0730 5848 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    14:35:09.0730 5848 Beep - ok
    14:35:09.0855 5848 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
    14:35:09.0870 5848 BFE - ok
    14:35:09.0995 5848 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
    14:35:10.0026 5848 BHDrvx86 - ok
    14:35:10.0182 5848 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    14:35:10.0182 5848 blbdrive - ok
    14:35:10.0260 5848 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    14:35:10.0276 5848 Bonjour Service - ok
    14:35:10.0291 5848 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    14:35:10.0307 5848 bowser - ok
    14:35:10.0323 5848 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
    14:35:10.0323 5848 BrFiltLo - ok
    14:35:10.0338 5848 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
    14:35:10.0338 5848 BrFiltUp - ok
    14:35:10.0401 5848 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
    14:35:10.0401 5848 BridgeMP - ok
    14:35:10.0416 5848 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
    14:35:10.0416 5848 Browser - ok
    14:35:10.0463 5848 BrSerIb (08c7e41ff10f56e83b4f10b5e8b1e8b6) C:\Windows\system32\DRIVERS\BrSerIb.sys
    14:35:10.0479 5848 BrSerIb - ok
    14:35:10.0510 5848 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    14:35:10.0525 5848 Brserid - ok
    14:35:10.0557 5848 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    14:35:10.0557 5848 BrSerWdm - ok
    14:35:10.0572 5848 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    14:35:10.0572 5848 BrUsbMdm - ok
    14:35:10.0588 5848 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    14:35:10.0588 5848 BrUsbSer - ok
    14:35:10.0603 5848 BrUsbSIb (2132a117160f2a96a13c044ae9bced91) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
    14:35:10.0603 5848 BrUsbSIb - ok
    14:35:10.0635 5848 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
    14:35:10.0635 5848 BthEnum - ok
    14:35:10.0650 5848 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    14:35:10.0666 5848 BTHMODEM - ok
    14:35:10.0681 5848 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
    14:35:10.0681 5848 BthPan - ok
    14:35:10.0744 5848 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
    14:35:10.0759 5848 BTHPORT - ok
    14:35:10.0791 5848 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
    14:35:10.0791 5848 bthserv - ok
    14:35:10.0822 5848 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
    14:35:10.0822 5848 BTHUSB - ok
    14:35:10.0853 5848 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
    14:35:10.0853 5848 btusbflt - ok
    14:35:10.0884 5848 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
    14:35:10.0884 5848 btwaudio - ok
    14:35:10.0915 5848 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
    14:35:10.0915 5848 btwavdt - ok
    14:35:10.0931 5848 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
    14:35:10.0947 5848 btwrchid - ok
    14:35:11.0009 5848 catchme - ok
    14:35:11.0056 5848 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\NIS\1307010.005\ccSetx86.sys
    14:35:11.0056 5848 ccSet_NIS - ok
    14:35:11.0087 5848 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    14:35:11.0103 5848 cdfs - ok
    14:35:11.0134 5848 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
    14:35:11.0134 5848 cdrom - ok
    14:35:11.0165 5848 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    14:35:11.0165 5848 CertPropSvc - ok
    14:35:11.0181 5848 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
    14:35:11.0181 5848 circlass - ok
    14:35:11.0227 5848 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    14:35:11.0227 5848 CLFS - ok
    14:35:11.0259 5848 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    14:35:11.0274 5848 clr_optimization_v2.0.50727_32 - ok
    14:35:11.0337 5848 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    14:35:11.0368 5848 clr_optimization_v4.0.30319_32 - ok
    14:35:11.0399 5848 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    14:35:11.0399 5848 CmBatt - ok
    14:35:11.0415 5848 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    14:35:11.0415 5848 cmdide - ok
    14:35:11.0461 5848 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
    14:35:11.0477 5848 CNG - ok
    14:35:11.0571 5848 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    14:35:11.0571 5848 Com4QLBEx - ok
    14:35:11.0602 5848 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    14:35:11.0602 5848 Compbatt - ok
    14:35:11.0633 5848 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
    14:35:11.0633 5848 CompositeBus - ok
    14:35:11.0649 5848 COMSysApp - ok
    14:35:11.0664 5848 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
    14:35:11.0664 5848 crcdisk - ok
    14:35:11.0711 5848 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
    14:35:11.0711 5848 CryptSvc - ok
    14:35:11.0773 5848 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
    14:35:11.0789 5848 CSC - ok
    14:35:11.0851 5848 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
    14:35:11.0867 5848 CscService - ok
    14:35:11.0961 5848 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    14:35:11.0976 5848 DcomLaunch - ok
    14:35:12.0023 5848 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
    14:35:12.0023 5848 defragsvc - ok
    14:35:12.0070 5848 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    14:35:12.0070 5848 DfsC - ok
    14:35:12.0132 5848 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
    14:35:12.0148 5848 Dhcp - ok
    14:35:12.0163 5848 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    14:35:12.0163 5848 discache - ok
    14:35:12.0195 5848 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
    14:35:12.0210 5848 Disk - ok
    14:35:12.0226 5848 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
    14:35:12.0226 5848 dmvsc - ok
    14:35:12.0257 5848 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
    14:35:12.0257 5848 Dnscache - ok
    14:35:12.0304 5848 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
    14:35:12.0319 5848 dot3svc - ok
    14:35:12.0335 5848 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
    14:35:12.0351 5848 DPS - ok
    14:35:12.0366 5848 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    14:35:12.0366 5848 drmkaud - ok
    14:35:12.0429 5848 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    14:35:12.0429 5848 dtsoftbus01 - ok
    14:35:12.0522 5848 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    14:35:12.0538 5848 DXGKrnl - ok
    14:35:12.0585 5848 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
    14:35:12.0585 5848 EapHost - ok
    14:35:12.0756 5848 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
    14:35:12.0819 5848 ebdrv - ok
    14:35:12.0897 5848 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    14:35:12.0897 5848 eeCtrl - ok
    14:35:13.0006 5848 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
    14:35:13.0021 5848 EFS - ok
    14:35:13.0068 5848 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
    14:35:13.0068 5848 ehRecvr - ok
    14:35:13.0099 5848 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
    14:35:13.0099 5848 ehSched - ok
    14:35:13.0209 5848 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
    14:35:13.0224 5848 elxstor - ok
    14:35:13.0287 5848 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    14:35:13.0302 5848 EraserUtilRebootDrv - ok
    14:35:13.0302 5848 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    14:35:13.0318 5848 ErrDev - ok
    14:35:13.0380 5848 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
    14:35:13.0380 5848 EventSystem - ok
    14:35:13.0411 5848 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    14:35:13.0427 5848 exfat - ok
    14:35:13.0458 5848 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    14:35:13.0458 5848 fastfat - ok
    14:35:13.0505 5848 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
    14:35:13.0521 5848 Fax - ok
    14:35:13.0552 5848 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
    14:35:13.0552 5848 fdc - ok
    14:35:13.0567 5848 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
    14:35:13.0567 5848 fdPHost - ok
    14:35:13.0583 5848 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
    14:35:13.0583 5848 FDResPub - ok
    14:35:13.0599 5848 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    14:35:13.0599 5848 FileInfo - ok
    14:35:13.0630 5848 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    14:35:13.0630 5848 Filetrace - ok
    14:35:13.0677 5848 FirebirdGuardianDefaultInstance (b9963c336a2bf054520dc09ce7c81476) C:\Program Files\FirebirdSQL\bin\fbguard.exe
    14:35:13.0677 5848 FirebirdGuardianDefaultInstance - ok
    14:35:13.0864 5848 FirebirdServerDefaultInstance (db8ee43c90536a07d4ba481079ae214c) C:\Program Files\FirebirdSQL\bin\fbserver.exe
    14:35:13.0911 5848 FirebirdServerDefaultInstance - ok
    14:35:14.0082 5848 FLEXnet Licensing Service (acefeea621dca62efb7a7eea59f5e91b) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    14:35:14.0113 5848 FLEXnet Licensing Service - ok
    14:35:14.0238 5848 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
    14:35:14.0238 5848 flpydisk - ok
    14:35:14.0301 5848 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    14:35:14.0301 5848 FltMgr - ok
    14:35:14.0379 5848 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
    14:35:14.0394 5848 FontCache - ok
    14:35:14.0425 5848 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    14:35:14.0441 5848 FontCache3.0.0.0 - ok
    14:35:14.0457 5848 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    14:35:14.0457 5848 FsDepends - ok
    14:35:14.0472 5848 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
    14:35:14.0472 5848 Fs_Rec - ok
    14:35:14.0503 5848 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) C:\Windows\system32\drivers\ftdibus.sys
    14:35:14.0503 5848 FTDIBUS - ok
    14:35:14.0550 5848 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    14:35:14.0550 5848 fvevol - ok
    14:35:14.0581 5848 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
    14:35:14.0581 5848 gagp30kx - ok
    14:35:14.0597 5848 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    14:35:14.0597 5848 GEARAspiWDM - ok
    14:35:14.0644 5848 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    14:35:14.0644 5848 GoogleDesktopManager-051210-111108 - ok
    14:35:14.0722 5848 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
    14:35:14.0737 5848 gpsvc - ok
    14:35:14.0769 5848 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys
    14:35:14.0769 5848 grmnusb - ok
    14:35:14.0800 5848 GTIPCI21 (f3c9f09aa3eda29a1c841877e7e39158) C:\Windows\system32\DRIVERS\gtipci21.sys
    14:35:14.0800 5848 GTIPCI21 - ok
    14:35:14.0847 5848 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    14:35:14.0847 5848 gupdate - ok
    14:35:14.0847 5848 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    14:35:14.0862 5848 gupdatem - ok
    14:35:14.0925 5848 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    14:35:14.0925 5848 gusvc - ok
    14:35:14.0940 5848 HBtnKey (c172f0d0329e46513b09e1fc60a27b9d) C:\Windows\system32\DRIVERS\cpqbttn.sys
    14:35:14.0940 5848 HBtnKey - ok
    14:35:14.0971 5848 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    14:35:14.0971 5848 hcw85cir - ok
    14:35:15.0018 5848 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    14:35:15.0034 5848 HdAudAddService - ok
    14:35:15.0065 5848 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
    14:35:15.0081 5848 HDAudBus - ok
    14:35:15.0096 5848 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
    14:35:15.0096 5848 HidBatt - ok
    14:35:15.0112 5848 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
    14:35:15.0112 5848 HidBth - ok
    14:35:15.0143 5848 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
    14:35:15.0143 5848 HidIr - ok
    14:35:15.0159 5848 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
    14:35:15.0159 5848 hidserv - ok
    14:35:15.0190 5848 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
    14:35:15.0190 5848 HidUsb - ok
    14:35:15.0221 5848 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
    14:35:15.0221 5848 hkmsvc - ok
    14:35:15.0252 5848 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
    14:35:15.0268 5848 HomeGroupListener - ok
    14:35:15.0299 5848 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
    14:35:15.0299 5848 HomeGroupProvider - ok
    14:35:15.0377 5848 HP LaserJet Service (d1e9cb573a9edf7be12e9c57f32e97f7) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
    14:35:15.0377 5848 HP LaserJet Service - ok
    14:35:15.0393 5848 hpdskflt (4ef10b866c62abbeaf7511cdd05a19be) C:\Windows\system32\DRIVERS\hpdskflt.sys
    14:35:15.0393 5848 hpdskflt - ok
    14:35:15.0439 5848 HPFXBULKLEDM (6f98a555acf3c1b68fcc1f50e0fd2091) C:\Windows\system32\drivers\hppcbulkio.sys
    14:35:15.0439 5848 HPFXBULKLEDM - ok
    14:35:15.0486 5848 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    14:35:15.0502 5848 hpqcxs08 - ok
    14:35:15.0533 5848 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    14:35:15.0549 5848 hpqddsvc - ok
    14:35:15.0564 5848 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    14:35:15.0564 5848 HpqKbFiltr - ok
    14:35:15.0611 5848 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    14:35:15.0611 5848 hpqwmiex - ok
    14:35:15.0642 5848 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    14:35:15.0642 5848 HpSAMD - ok
    14:35:15.0705 5848 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
    14:35:15.0736 5848 HPSLPSVC - ok
    14:35:15.0751 5848 hpsrv (c0beb56ed79b59b7b33d0aa6c38a0ba6) C:\Windows\system32\Hpservice.exe
    14:35:15.0751 5848 hpsrv - ok
    14:35:15.0845 5848 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    14:35:15.0876 5848 HSF_DPV - ok
    14:35:15.0907 5848 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    14:35:15.0907 5848 HSXHWAZL - ok
    14:35:15.0985 5848 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    14:35:16.0001 5848 HTTP - ok
    14:35:16.0017 5848 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    14:35:16.0017 5848 hwpolicy - ok
    14:35:16.0048 5848 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    14:35:16.0063 5848 i8042prt - ok
    14:35:16.0141 5848 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    14:35:16.0141 5848 iaStorV - ok
    14:35:16.0235 5848 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    14:35:16.0251 5848 idsvc - ok
    14:35:16.0375 5848 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120803.002\IDSvix86.sys
    14:35:16.0391 5848 IDSVix86 - ok
    14:35:16.0531 5848 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
    14:35:16.0531 5848 iirsp - ok
    14:35:16.0609 5848 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
    14:35:16.0625 5848 IKEEXT - ok
    14:35:16.0641 5848 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    14:35:16.0656 5848 intelide - ok
    14:35:16.0672 5848 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    14:35:16.0687 5848 intelppm - ok
    14:35:16.0703 5848 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
    14:35:16.0703 5848 IPBusEnum - ok
    14:35:16.0734 5848 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    14:35:16.0734 5848 IpFilterDriver - ok
    14:35:16.0843 5848 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
    14:35:16.0843 5848 iphlpsvc - ok
    14:35:16.0875 5848 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    14:35:16.0875 5848 IPMIDRV - ok
    14:35:16.0890 5848 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    14:35:16.0906 5848 IPNAT - ok
    14:35:16.0984 5848 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
    14:35:16.0999 5848 iPod Service - ok
    14:35:17.0031 5848 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    14:35:17.0031 5848 IRENUM - ok
    14:35:17.0046 5848 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    14:35:17.0062 5848 isapnp - ok
    14:35:17.0093 5848 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    14:35:17.0093 5848 iScsiPrt - ok
    14:35:17.0124 5848 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    14:35:17.0124 5848 kbdclass - ok
    14:35:17.0140 5848 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
    14:35:17.0155 5848 kbdhid - ok
    14:35:17.0171 5848 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    14:35:17.0171 5848 KeyIso - ok
    14:35:17.0187 5848 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
    14:35:17.0202 5848 KSecDD - ok
    14:35:17.0218 5848 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
    14:35:17.0233 5848 KSecPkg - ok
    14:35:17.0265 5848 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
    14:35:17.0280 5848 KtmRm - ok
    14:35:17.0311 5848 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
    14:35:17.0327 5848 LanmanServer - ok
    14:35:17.0343 5848 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
    14:35:17.0358 5848 LanmanWorkstation - ok
    14:35:17.0436 5848 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    14:35:17.0452 5848 LBTServ - ok
    14:35:17.0499 5848 LEqdUsb (717e6714bca808f2a372e636aff3d15a) C:\Windows\system32\Drivers\LEqdUsb.Sys
    14:35:17.0499 5848 LEqdUsb - ok
    14:35:17.0514 5848 LHidEqd (2786f7b4003adff88ce28bc1800b5407) C:\Windows\system32\Drivers\LHidEqd.Sys
    14:35:17.0514 5848 LHidEqd - ok
    14:35:17.0530 5848 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    14:35:17.0530 5848 LHidFilt - ok
    14:35:17.0561 5848 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    14:35:17.0577 5848 lltdio - ok
    14:35:17.0623 5848 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
    14:35:17.0623 5848 lltdsvc - ok
    14:35:17.0639 5848 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
    14:35:17.0639 5848 lmhosts - ok
    14:35:17.0655 5848 lmimirr - ok
    14:35:17.0670 5848 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    14:35:17.0686 5848 LMouFilt - ok
    14:35:17.0733 5848 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
    14:35:17.0733 5848 LSI_FC - ok
    14:35:17.0748 5848 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
    14:35:17.0764 5848 LSI_SAS - ok
    14:35:17.0779 5848 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
    14:35:17.0779 5848 LSI_SAS2 - ok
    14:35:17.0811 5848 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
    14:35:17.0811 5848 LSI_SCSI - ok
    14:35:17.0826 5848 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    14:35:17.0842 5848 luafv - ok
    14:35:17.0873 5848 LVUSBSta (9e9306063ecd8aa91b3fb76678d3cee2) C:\Windows\system32\drivers\LVUSBSta.sys
    14:35:17.0873 5848 LVUSBSta - ok
    14:35:17.0920 5848 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
    14:35:17.0920 5848 MBAMProtector - ok
    14:35:18.0029 5848 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    14:35:18.0045 5848 MBAMService - ok
    14:35:18.0076 5848 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
    14:35:18.0076 5848 Mcx2Svc - ok
    14:35:18.0091 5848 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    14:35:18.0091 5848 mdmxsdk - ok
    14:35:18.0107 5848 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
    14:35:18.0123 5848 megasas - ok
    14:35:18.0169 5848 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
    14:35:18.0185 5848 MegaSR - ok
    14:35:18.0201 5848 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    14:35:18.0201 5848 MMCSS - ok
    14:35:18.0216 5848 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    14:35:18.0216 5848 Modem - ok
    14:35:18.0232 5848 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    14:35:18.0247 5848 monitor - ok
    14:35:18.0263 5848 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    14:35:18.0279 5848 mouclass - ok
    14:35:18.0294 5848 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    14:35:18.0294 5848 mouhid - ok
    14:35:18.0310 5848 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    14:35:18.0310 5848 mountmgr - ok
    14:35:18.0357 5848 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    14:35:18.0372 5848 MozillaMaintenance - ok
    14:35:18.0388 5848 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    14:35:18.0388 5848 mpio - ok
    14:35:18.0419 5848 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    14:35:18.0419 5848 mpsdrv - ok
    14:35:18.0544 5848 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
    14:35:18.0559 5848 MpsSvc - ok
    14:35:18.0575 5848 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    14:35:18.0575 5848 MRxDAV - ok
    14:35:18.0622 5848 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    14:35:18.0622 5848 mrxsmb - ok
    14:35:18.0684 5848 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    14:35:18.0684 5848 mrxsmb10 - ok
    14:35:18.0715 5848 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    14:35:18.0715 5848 mrxsmb20 - ok
    14:35:18.0731 5848 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    14:35:18.0731 5848 msahci - ok
    14:35:18.0778 5848 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    14:35:18.0778 5848 msdsm - ok
    14:35:18.0825 5848 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
    14:35:18.0825 5848 MSDTC - ok
    14:35:18.0871 5848 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    14:35:18.0871 5848 Msfs - ok
    14:35:18.0887 5848 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    14:35:18.0887 5848 mshidkmdf - ok
    14:35:18.0903 5848 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    14:35:18.0903 5848 msisadrv - ok
    14:35:18.0918 5848 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
    14:35:18.0934 5848 MSiSCSI - ok
    14:35:18.0934 5848 msiserver - ok
    14:35:18.0965 5848 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    14:35:18.0965 5848 MSKSSRV - ok
    14:35:18.0981 5848 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    14:35:18.0996 5848 MSPCLOCK - ok
     
  18. GeoffQ

    GeoffQ TS Rookie Topic Starter Posts: 30

    Sorry, my computer shut down for no reason in the middle of me posting the results, and then had trouble re-starting. Might be an overheating problem with this laptop though, and not virus related...

    I'm going to run the program again and repost the results. Ignore the previous post (it found nothing anyways).
     
  19. GeoffQ

    GeoffQ TS Rookie Topic Starter Posts: 30

    15:16:34.0445 4160 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    15:16:34.0523 4160 ============================================================
    15:16:34.0523 4160 Current date / time: 2012/08/05 15:16:34.0523
    15:16:34.0523 4160 SystemInfo:
    15:16:34.0523 4160
    15:16:34.0523 4160 OS Version: 6.1.7601 ServicePack: 1.0
    15:16:34.0523 4160 Product type: Workstation
    15:16:34.0523 4160 ComputerName: OMNICRONPERSEI8
    15:16:34.0523 4160 UserName: Geoff
    15:16:34.0523 4160 Windows directory: C:\Windows
    15:16:34.0523 4160 System windows directory: C:\Windows
    15:16:34.0523 4160 Processor architecture: Intel x86
    15:16:34.0523 4160 Number of processors: 2
    15:16:34.0523 4160 Page size: 0x1000
    15:16:34.0523 4160 Boot type: Normal boot
    15:16:34.0523 4160 ============================================================
    15:16:36.0216 4160 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
    15:16:36.0216 4160 ============================================================
    15:16:36.0216 4160 \Device\Harddisk0\DR0:
    15:16:36.0216 4160 MBR partitions:
    15:16:36.0216 4160 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    15:16:36.0216 4160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
    15:16:36.0216 4160 ============================================================
    15:16:36.0232 4160 C: <-> \Device\Harddisk0\DR0\Partition1
    15:16:36.0232 4160 ============================================================
    15:16:36.0232 4160 Initialize success
    15:16:36.0232 4160 ============================================================
    15:16:38.0151 2652 ============================================================
    15:16:38.0151 2652 Scan started
    15:16:38.0151 2652 Mode: Manual;
    15:16:38.0151 2652 ============================================================
    15:16:39.0399 2652 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys
    15:16:39.0399 2652 1394ohci - ok
    15:16:39.0430 2652 Accelerometer (cc1f1d3d70dc13c2c281488d347d4415) C:\Windows\system32\DRIVERS\Accelerometer.sys
    15:16:39.0430 2652 Accelerometer - ok
    15:16:39.0461 2652 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    15:16:39.0477 2652 ACPI - ok
    15:16:39.0477 2652 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    15:16:39.0492 2652 AcpiPmi - ok
    15:16:39.0539 2652 ADIHdAudAddService (fb9ece3f7b8a03e474e611031ad4cd23) C:\Windows\system32\drivers\ADIHdAud.sys
    15:16:39.0555 2652 ADIHdAudAddService - ok
    15:16:39.0601 2652 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    15:16:39.0601 2652 AdobeFlashPlayerUpdateSvc - ok
    15:16:39.0664 2652 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
    15:16:39.0679 2652 adp94xx - ok
    15:16:39.0711 2652 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
    15:16:39.0711 2652 adpahci - ok
    15:16:39.0742 2652 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
    15:16:39.0757 2652 adpu320 - ok
    15:16:39.0773 2652 AEADIFilters (12d23758621b00b8d3134095ec3325fd) C:\Windows\system32\AEADISRV.EXE
    15:16:39.0773 2652 AEADIFilters - ok
    15:16:39.0804 2652 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
    15:16:39.0804 2652 AeLookupSvc - ok
    15:16:39.0867 2652 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
    15:16:39.0867 2652 AFD - ok
    15:16:39.0882 2652 Agent (b3aa46598403f63574f84880f2f2db8c) C:\Windows\agent.exe
    15:16:39.0898 2652 Agent - ok
    15:16:39.0913 2652 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    15:16:39.0913 2652 agp440 - ok
    15:16:39.0929 2652 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
    15:16:39.0945 2652 aic78xx - ok
    15:16:39.0960 2652 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
    15:16:39.0976 2652 ALG - ok
    15:16:39.0991 2652 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    15:16:39.0991 2652 aliide - ok
    15:16:40.0023 2652 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    15:16:40.0023 2652 amdagp - ok
    15:16:40.0038 2652 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    15:16:40.0038 2652 amdide - ok
    15:16:40.0054 2652 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
    15:16:40.0054 2652 AmdK8 - ok
    15:16:40.0069 2652 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
    15:16:40.0085 2652 AmdPPM - ok
    15:16:40.0116 2652 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    15:16:40.0132 2652 amdsata - ok
    15:16:40.0163 2652 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
    15:16:40.0163 2652 amdsbs - ok
    15:16:40.0179 2652 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    15:16:40.0179 2652 amdxata - ok
    15:16:40.0194 2652 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    15:16:40.0194 2652 AppID - ok
    15:16:40.0210 2652 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
    15:16:40.0210 2652 AppIDSvc - ok
    15:16:40.0225 2652 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
    15:16:40.0241 2652 Appinfo - ok
    15:16:40.0257 2652 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    15:16:40.0257 2652 Apple Mobile Device - ok
    15:16:40.0303 2652 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
    15:16:40.0303 2652 AppMgmt - ok
    15:16:40.0319 2652 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
    15:16:40.0319 2652 arc - ok
    15:16:40.0428 2652 ArcGIS License Manager (9b2055f86da50e5a945f067e86d15993) C:\Program Files\ArcGIS\License10.1\bin\lmgrd.exe
    15:16:40.0459 2652 ArcGIS License Manager - ok
    15:16:40.0600 2652 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
    15:16:40.0600 2652 arcsas - ok
    15:16:40.0647 2652 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    15:16:40.0662 2652 aspnet_state - ok
    15:16:40.0678 2652 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    15:16:40.0678 2652 AsyncMac - ok
    15:16:40.0693 2652 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    15:16:40.0693 2652 atapi - ok
    15:16:40.0771 2652 Ati External Event Utility (86acb6a60c50e99eb8e68710d5a12654) C:\Windows\system32\Ati2evxx.exe
    15:16:40.0787 2652 Ati External Event Utility - ok
    15:16:40.0834 2652 ATSWPDRV (69e65a2ce11619f0c868967ca9540b80) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
    15:16:40.0834 2652 ATSWPDRV - ok
    15:16:40.0896 2652 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    15:16:40.0912 2652 AudioEndpointBuilder - ok
    15:16:40.0927 2652 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    15:16:40.0927 2652 Audiosrv - ok
    15:16:40.0943 2652 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
    15:16:40.0959 2652 AxInstSV - ok
    15:16:40.0990 2652 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
    15:16:41.0005 2652 b06bdrv - ok
    15:16:41.0052 2652 b57nd60x (37c0fdc2b0c7b285910695194bf39826) C:\Windows\system32\DRIVERS\b57nd60x.sys
    15:16:41.0068 2652 b57nd60x - ok
    15:16:41.0115 2652 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
    15:16:41.0115 2652 BDESVC - ok
    15:16:41.0130 2652 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    15:16:41.0130 2652 Beep - ok
    15:16:41.0224 2652 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
    15:16:41.0239 2652 BFE - ok
    15:16:41.0395 2652 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
    15:16:41.0427 2652 BHDrvx86 - ok
    15:16:41.0583 2652 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    15:16:41.0583 2652 blbdrive - ok
    15:16:41.0645 2652 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    15:16:41.0661 2652 Bonjour Service - ok
    15:16:41.0676 2652 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    15:16:41.0676 2652 bowser - ok
    15:16:41.0692 2652 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
    15:16:41.0692 2652 BrFiltLo - ok
    15:16:41.0707 2652 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
    15:16:41.0707 2652 BrFiltUp - ok
    15:16:41.0739 2652 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
    15:16:41.0739 2652 BridgeMP - ok
    15:16:41.0770 2652 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
    15:16:41.0770 2652 Browser - ok
    15:16:41.0832 2652 BrSerIb (08c7e41ff10f56e83b4f10b5e8b1e8b6) C:\Windows\system32\DRIVERS\BrSerIb.sys
    15:16:41.0848 2652 BrSerIb - ok
    15:16:41.0879 2652 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    15:16:41.0879 2652 Brserid - ok
    15:16:41.0895 2652 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    15:16:41.0910 2652 BrSerWdm - ok
    15:16:41.0910 2652 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    15:16:41.0926 2652 BrUsbMdm - ok
    15:16:41.0926 2652 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    15:16:41.0926 2652 BrUsbSer - ok
    15:16:41.0941 2652 BrUsbSIb (2132a117160f2a96a13c044ae9bced91) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
    15:16:41.0941 2652 BrUsbSIb - ok
    15:16:41.0973 2652 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
    15:16:41.0988 2652 BthEnum - ok
    15:16:42.0004 2652 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    15:16:42.0004 2652 BTHMODEM - ok
    15:16:42.0019 2652 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
    15:16:42.0019 2652 BthPan - ok
    15:16:42.0082 2652 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
    15:16:42.0097 2652 BTHPORT - ok
    15:16:42.0129 2652 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
    15:16:42.0129 2652 bthserv - ok
    15:16:42.0144 2652 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
    15:16:42.0144 2652 BTHUSB - ok
    15:16:42.0175 2652 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
    15:16:42.0175 2652 btusbflt - ok
    15:16:42.0191 2652 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
    15:16:42.0191 2652 btwaudio - ok
    15:16:42.0222 2652 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
    15:16:42.0222 2652 btwavdt - ok
    15:16:42.0253 2652 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
    15:16:42.0253 2652 btwrchid - ok
    15:16:42.0300 2652 catchme - ok
    15:16:42.0331 2652 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\NIS\1307010.005\ccSetx86.sys
    15:16:42.0331 2652 ccSet_NIS - ok
    15:16:42.0363 2652 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    15:16:42.0363 2652 cdfs - ok
    15:16:42.0409 2652 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
    15:16:42.0409 2652 cdrom - ok
    15:16:42.0441 2652 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    15:16:42.0441 2652 CertPropSvc - ok
    15:16:42.0473 2652 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
    15:16:42.0473 2652 circlass - ok
    15:16:42.0504 2652 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    15:16:42.0520 2652 CLFS - ok
    15:16:42.0551 2652 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    15:16:42.0551 2652 clr_optimization_v2.0.50727_32 - ok
    15:16:42.0660 2652 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    15:16:42.0676 2652 clr_optimization_v4.0.30319_32 - ok
    15:16:42.0691 2652 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    15:16:42.0691 2652 CmBatt - ok
    15:16:42.0722 2652 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    15:16:42.0722 2652 cmdide - ok
    15:16:42.0785 2652 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
    15:16:42.0785 2652 CNG - ok
    15:16:42.0878 2652 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    15:16:42.0894 2652 Com4QLBEx - ok
    15:16:42.0910 2652 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    15:16:42.0910 2652 Compbatt - ok
    15:16:42.0941 2652 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
    15:16:42.0941 2652 CompositeBus - ok
    15:16:42.0956 2652 COMSysApp - ok
    15:16:42.0972 2652 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
    15:16:42.0972 2652 crcdisk - ok
    15:16:43.0003 2652 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
    15:16:43.0019 2652 CryptSvc - ok
    15:16:43.0066 2652 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
    15:16:43.0081 2652 CSC - ok
    15:16:43.0112 2652 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
    15:16:43.0128 2652 CscService - ok
    15:16:43.0159 2652 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    15:16:43.0175 2652 DcomLaunch - ok
    15:16:43.0206 2652 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
    15:16:43.0206 2652 defragsvc - ok
    15:16:43.0253 2652 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    15:16:43.0253 2652 DfsC - ok
    15:16:43.0300 2652 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
    15:16:43.0300 2652 Dhcp - ok
    15:16:43.0315 2652 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    15:16:43.0315 2652 discache - ok
    15:16:43.0331 2652 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
    15:16:43.0331 2652 Disk - ok
    15:16:43.0346 2652 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
    15:16:43.0346 2652 dmvsc - ok
    15:16:43.0362 2652 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
    15:16:43.0378 2652 Dnscache - ok
    15:16:43.0409 2652 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
    15:16:43.0409 2652 dot3svc - ok
    15:16:43.0424 2652 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
    15:16:43.0440 2652 DPS - ok
    15:16:43.0456 2652 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    15:16:43.0456 2652 drmkaud - ok
    15:16:43.0502 2652 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    15:16:43.0502 2652 dtsoftbus01 - ok
    15:16:43.0596 2652 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    15:16:43.0627 2652 DXGKrnl - ok
    15:16:43.0643 2652 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
    15:16:43.0643 2652 EapHost - ok
    15:16:43.0814 2652 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
    15:16:43.0861 2652 ebdrv - ok
    15:16:43.0939 2652 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    15:16:43.0955 2652 eeCtrl - ok
    15:16:44.0064 2652 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
    15:16:44.0064 2652 EFS - ok
    15:16:44.0251 2652 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
    15:16:44.0282 2652 ehRecvr - ok
    15:16:44.0298 2652 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
    15:16:44.0298 2652 ehSched - ok
    15:16:44.0392 2652 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
    15:16:44.0407 2652 elxstor - ok
    15:16:44.0438 2652 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    15:16:44.0454 2652 EraserUtilRebootDrv - ok
    15:16:44.0454 2652 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    15:16:44.0470 2652 ErrDev - ok
    15:16:44.0516 2652 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
    15:16:44.0516 2652 EventSystem - ok
    15:16:44.0548 2652 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    15:16:44.0548 2652 exfat - ok
    15:16:44.0594 2652 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    15:16:44.0610 2652 fastfat - ok
    15:16:44.0641 2652 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
    15:16:44.0672 2652 Fax - ok
    15:16:44.0672 2652 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
    15:16:44.0688 2652 fdc - ok
    15:16:44.0688 2652 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
    15:16:44.0688 2652 fdPHost - ok
    15:16:44.0704 2652 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
    15:16:44.0704 2652 FDResPub - ok
    15:16:44.0719 2652 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    15:16:44.0719 2652 FileInfo - ok
    15:16:44.0735 2652 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    15:16:44.0735 2652 Filetrace - ok
    15:16:44.0782 2652 FirebirdGuardianDefaultInstance (b9963c336a2bf054520dc09ce7c81476) C:\Program Files\FirebirdSQL\bin\fbguard.exe
    15:16:44.0797 2652 FirebirdGuardianDefaultInstance - ok
    15:16:44.0938 2652 FirebirdServerDefaultInstance (db8ee43c90536a07d4ba481079ae214c) C:\Program Files\FirebirdSQL\bin\fbserver.exe
    15:16:44.0984 2652 FirebirdServerDefaultInstance - ok
    15:16:45.0156 2652 FLEXnet Licensing Service (acefeea621dca62efb7a7eea59f5e91b) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    15:16:45.0187 2652 FLEXnet Licensing Service - ok
    15:16:45.0312 2652 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
    15:16:45.0312 2652 flpydisk - ok
    15:16:45.0343 2652 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    15:16:45.0343 2652 FltMgr - ok
    15:16:45.0421 2652 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
    15:16:45.0437 2652 FontCache - ok
    15:16:45.0468 2652 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    15:16:45.0468 2652 FontCache3.0.0.0 - ok
    15:16:45.0484 2652 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    15:16:45.0484 2652 FsDepends - ok
    15:16:45.0499 2652 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
    15:16:45.0499 2652 Fs_Rec - ok
    15:16:45.0530 2652 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) C:\Windows\system32\drivers\ftdibus.sys
    15:16:45.0530 2652 FTDIBUS - ok
    15:16:45.0577 2652 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    15:16:45.0577 2652 fvevol - ok
    15:16:45.0593 2652 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
    15:16:45.0608 2652 gagp30kx - ok
    15:16:45.0624 2652 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    15:16:45.0624 2652 GEARAspiWDM - ok
    15:16:45.0655 2652 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    15:16:45.0655 2652 GoogleDesktopManager-051210-111108 - ok
    15:16:45.0718 2652 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
    15:16:45.0733 2652 gpsvc - ok
    15:16:45.0749 2652 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys
    15:16:45.0764 2652 grmnusb - ok
    15:16:45.0780 2652 GTIPCI21 (f3c9f09aa3eda29a1c841877e7e39158) C:\Windows\system32\DRIVERS\gtipci21.sys
    15:16:45.0780 2652 GTIPCI21 - ok
    15:16:45.0811 2652 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    15:16:45.0827 2652 gupdate - ok
    15:16:45.0827 2652 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    15:16:45.0842 2652 gupdatem - ok
    15:16:45.0858 2652 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    15:16:45.0874 2652 gusvc - ok
    15:16:45.0889 2652 HBtnKey (c172f0d0329e46513b09e1fc60a27b9d) C:\Windows\system32\DRIVERS\cpqbttn.sys
    15:16:45.0889 2652 HBtnKey - ok
    15:16:45.0905 2652 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    15:16:45.0905 2652 hcw85cir - ok
    15:16:45.0952 2652 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    15:16:45.0952 2652 HdAudAddService - ok
    15:16:45.0983 2652 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
    15:16:45.0983 2652 HDAudBus - ok
    15:16:45.0998 2652 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
    15:16:45.0998 2652 HidBatt - ok
    15:16:46.0030 2652 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
    15:16:46.0030 2652 HidBth - ok
    15:16:46.0045 2652 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
    15:16:46.0061 2652 HidIr - ok
    15:16:46.0076 2652 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
    15:16:46.0076 2652 hidserv - ok
    15:16:46.0092 2652 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
    15:16:46.0108 2652 HidUsb - ok
    15:16:46.0123 2652 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
    15:16:46.0123 2652 hkmsvc - ok
    15:16:46.0154 2652 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
    15:16:46.0170 2652 HomeGroupListener - ok
    15:16:46.0186 2652 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
    15:16:46.0201 2652 HomeGroupProvider - ok
    15:16:46.0248 2652 HP LaserJet Service (d1e9cb573a9edf7be12e9c57f32e97f7) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
    15:16:46.0248 2652 HP LaserJet Service - ok
    15:16:46.0264 2652 hpdskflt (4ef10b866c62abbeaf7511cdd05a19be) C:\Windows\system32\DRIVERS\hpdskflt.sys
    15:16:46.0264 2652 hpdskflt - ok
    15:16:46.0279 2652 HPFXBULKLEDM (6f98a555acf3c1b68fcc1f50e0fd2091) C:\Windows\system32\drivers\hppcbulkio.sys
    15:16:46.0279 2652 HPFXBULKLEDM - ok
    15:16:46.0342 2652 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    15:16:46.0357 2652 hpqcxs08 - ok
    15:16:46.0373 2652 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    15:16:46.0388 2652 hpqddsvc - ok
    15:16:46.0404 2652 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    15:16:46.0420 2652 HpqKbFiltr - ok
    15:16:46.0451 2652 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    15:16:46.0451 2652 hpqwmiex - ok
    15:16:46.0482 2652 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    15:16:46.0482 2652 HpSAMD - ok
    15:16:46.0560 2652 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
    15:16:46.0591 2652 HPSLPSVC - ok
    15:16:46.0607 2652 hpsrv (c0beb56ed79b59b7b33d0aa6c38a0ba6) C:\Windows\system32\Hpservice.exe
    15:16:46.0607 2652 hpsrv - ok
    15:16:46.0669 2652 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    15:16:46.0700 2652 HSF_DPV - ok
    15:16:46.0747 2652 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    15:16:46.0763 2652 HSXHWAZL - ok
    15:16:46.0934 2652 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    15:16:46.0966 2652 HTTP - ok
    15:16:46.0981 2652 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    15:16:46.0981 2652 hwpolicy - ok
    15:16:47.0012 2652 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    15:16:47.0012 2652 i8042prt - ok
    15:16:47.0075 2652 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    15:16:47.0090 2652 iaStorV - ok
    15:16:47.0153 2652 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    15:16:47.0184 2652 idsvc - ok
    15:16:47.0309 2652 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120803.002\IDSvix86.sys
    15:16:47.0309 2652 IDSVix86 - ok
    15:16:47.0449 2652 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
    15:16:47.0449 2652 iirsp - ok
    15:16:47.0512 2652 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
    15:16:47.0543 2652 IKEEXT - ok
    15:16:47.0558 2652 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    15:16:47.0558 2652 intelide - ok
    15:16:47.0590 2652 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    15:16:47.0590 2652 intelppm - ok
    15:16:47.0605 2652 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
    15:16:47.0605 2652 IPBusEnum - ok
    15:16:47.0636 2652 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    15:16:47.0636 2652 IpFilterDriver - ok
    15:16:47.0714 2652 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
    15:16:47.0730 2652 iphlpsvc - ok
    15:16:47.0746 2652 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    15:16:47.0746 2652 IPMIDRV - ok
    15:16:47.0777 2652 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    15:16:47.0792 2652 IPNAT - ok
    15:16:47.0855 2652 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
    15:16:47.0886 2652 iPod Service - ok
    15:16:47.0917 2652 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    15:16:47.0917 2652 IRENUM - ok
    15:16:47.0933 2652 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    15:16:47.0933 2652 isapnp - ok
    15:16:47.0980 2652 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    15:16:47.0980 2652 iScsiPrt - ok
    15:16:48.0011 2652 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    15:16:48.0011 2652 kbdclass - ok
    15:16:48.0026 2652 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
    15:16:48.0026 2652 kbdhid - ok
    15:16:48.0042 2652 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    15:16:48.0042 2652 KeyIso - ok
    15:16:48.0073 2652 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
    15:16:48.0073 2652 KSecDD - ok
    15:16:48.0104 2652 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
    15:16:48.0104 2652 KSecPkg - ok
    15:16:48.0136 2652 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
    15:16:48.0151 2652 KtmRm - ok
    15:16:48.0182 2652 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
    15:16:48.0182 2652 LanmanServer - ok
    15:16:48.0214 2652 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
    15:16:48.0214 2652 LanmanWorkstation - ok
    15:16:48.0260 2652 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    15:16:48.0276 2652 LBTServ - ok
    15:16:48.0323 2652 LEqdUsb (717e6714bca808f2a372e636aff3d15a) C:\Windows\system32\Drivers\LEqdUsb.Sys
    15:16:48.0323 2652 LEqdUsb - ok
    15:16:48.0338 2652 LHidEqd (2786f7b4003adff88ce28bc1800b5407) C:\Windows\system32\Drivers\LHidEqd.Sys
    15:16:48.0338 2652 LHidEqd - ok
    15:16:48.0354 2652 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    15:16:48.0354 2652 LHidFilt - ok
    15:16:48.0385 2652 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    15:16:48.0385 2652 lltdio - ok
    15:16:48.0416 2652 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
    15:16:48.0432 2652 lltdsvc - ok
    15:16:48.0448 2652 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
    15:16:48.0448 2652 lmhosts - ok
    15:16:48.0463 2652 lmimirr - ok
    15:16:48.0479 2652 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    15:16:48.0479 2652 LMouFilt - ok
    15:16:48.0510 2652 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
    15:16:48.0510 2652 LSI_FC - ok
    15:16:48.0541 2652 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
    15:16:48.0557 2652 LSI_SAS - ok
    15:16:48.0572 2652 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
    15:16:48.0572 2652 LSI_SAS2 - ok
    15:16:48.0604 2652 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
    15:16:48.0604 2652 LSI_SCSI - ok
    15:16:48.0619 2652 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    15:16:48.0635 2652 luafv - ok
    15:16:48.0666 2652 LVUSBSta (9e9306063ecd8aa91b3fb76678d3cee2) C:\Windows\system32\drivers\LVUSBSta.sys
    15:16:48.0666 2652 LVUSBSta - ok
    15:16:48.0697 2652 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
    15:16:48.0697 2652 MBAMProtector - ok
    15:16:48.0806 2652 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    15:16:48.0822 2652 MBAMService - ok
    15:16:48.0853 2652 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
    15:16:48.0853 2652 Mcx2Svc - ok
    15:16:48.0869 2652 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    15:16:48.0869 2652 mdmxsdk - ok
    15:16:48.0884 2652 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
    15:16:48.0884 2652 megasas - ok
    15:16:48.0931 2652 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
    15:16:48.0947 2652 MegaSR - ok
    15:16:48.0962 2652 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    15:16:48.0962 2652 MMCSS - ok
    15:16:48.0978 2652 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    15:16:48.0978 2652 Modem - ok
    15:16:48.0994 2652 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    15:16:48.0994 2652 monitor - ok
    15:16:49.0025 2652 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    15:16:49.0025 2652 mouclass - ok
    15:16:49.0040 2652 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    15:16:49.0040 2652 mouhid - ok
    15:16:49.0072 2652 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    15:16:49.0087 2652 mountmgr - ok
    15:16:49.0118 2652 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    15:16:49.0118 2652 MozillaMaintenance - ok
    15:16:49.0150 2652 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    15:16:49.0150 2652 mpio - ok
    15:16:49.0165 2652 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    15:16:49.0181 2652 mpsdrv - ok
    15:16:49.0290 2652 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
    15:16:49.0306 2652 MpsSvc - ok
    15:16:49.0321 2652 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    15:16:49.0337 2652 MRxDAV - ok
    15:16:49.0352 2652 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    15:16:49.0368 2652 mrxsmb - ok
    15:16:49.0399 2652 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    15:16:49.0415 2652 mrxsmb10 - ok
    15:16:49.0430 2652 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    15:16:49.0430 2652 mrxsmb20 - ok
    15:16:49.0462 2652 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    15:16:49.0477 2652 msahci - ok
    15:16:49.0493 2652 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    15:16:49.0493 2652 msdsm - ok
    15:16:49.0524 2652 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
    15:16:49.0540 2652 MSDTC - ok
    15:16:49.0555 2652 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    15:16:49.0555 2652 Msfs - ok
    15:16:49.0571 2652 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    15:16:49.0571 2652 mshidkmdf - ok
    15:16:49.0586 2652 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    15:16:49.0586 2652 msisadrv - ok
    15:16:49.0618 2652 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
    15:16:49.0618 2652 MSiSCSI - ok
    15:16:49.0633 2652 msiserver - ok
    15:16:49.0649 2652 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    15:16:49.0649 2652 MSKSSRV - ok
    15:16:49.0664 2652 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    15:16:49.0664 2652 MSPCLOCK - ok
    15:16:49.0680 2652 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    15:16:49.0680 2652 MSPQM - ok
    15:16:49.0711 2652 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    15:16:49.0711 2652 MsRPC - ok
    15:16:49.0727 2652 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    15:16:49.0727 2652 mssmbios - ok
    15:16:49.0742 2652 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    15:16:49.0742 2652 MSTEE - ok
    15:16:49.0758 2652 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
    15:16:49.0758 2652 MTConfig - ok
    15:16:49.0774 2652 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    15:16:49.0789 2652 Mup - ok
    15:16:49.0820 2652 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
    15:16:49.0836 2652 napagent - ok
    15:16:49.0883 2652 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    15:16:49.0898 2652 NativeWifiP - ok
    15:16:49.0961 2652 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120804.009\NAVENG.SYS
    15:16:49.0961 2652 NAVENG - ok
    15:16:50.0086 2652 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120804.009\NAVEX15.SYS
    15:16:50.0086 2652 NAVEX15 - ok
    15:16:50.0273 2652 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    15:16:50.0288 2652 NDIS - ok
    15:16:50.0304 2652 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    15:16:50.0320 2652 NdisCap - ok
    15:16:50.0335 2652 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    15:16:50.0335 2652 NdisTapi - ok
     
  20. GeoffQ

    GeoffQ TS Rookie Topic Starter Posts: 30

    15:16:50.0366 2652 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    15:16:50.0366 2652 Ndisuio - ok
    15:16:50.0382 2652 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    15:16:50.0398 2652 NdisWan - ok
    15:16:50.0413 2652 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    15:16:50.0413 2652 NDProxy - ok
    15:16:50.0429 2652 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
    15:16:50.0429 2652 Net Driver HPZ12 - ok
    15:16:50.0444 2652 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
    15:16:50.0444 2652 Netaapl - ok
    15:16:50.0460 2652 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    15:16:50.0460 2652 NetBIOS - ok
    15:16:50.0507 2652 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    15:16:50.0507 2652 NetBT - ok
    15:16:50.0522 2652 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    15:16:50.0522 2652 Netlogon - ok
    15:16:50.0585 2652 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
    15:16:50.0585 2652 Netman - ok
    15:16:50.0663 2652 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    15:16:50.0678 2652 NetMsmqActivator - ok
    15:16:50.0678 2652 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    15:16:50.0694 2652 NetPipeActivator - ok
    15:16:50.0741 2652 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
    15:16:50.0741 2652 netprofm - ok
    15:16:50.0756 2652 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    15:16:50.0756 2652 NetTcpActivator - ok
    15:16:50.0756 2652 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    15:16:50.0756 2652 NetTcpPortSharing - ok
    15:16:50.0881 2652 NETw4v32 (38d720e0c8b0ecb9a019980265679798) C:\Windows\system32\DRIVERS\NETw4v32.sys
    15:16:50.0928 2652 NETw4v32 - ok
    15:16:51.0256 2652 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
    15:16:51.0334 2652 netw5v32 - ok
    15:16:51.0458 2652 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
    15:16:51.0458 2652 nfrd960 - ok
    15:16:51.0505 2652 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
    15:16:51.0505 2652 NIS - ok
    15:16:51.0552 2652 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
    15:16:51.0552 2652 NlaSvc - ok
    15:16:51.0568 2652 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    15:16:51.0568 2652 Npfs - ok
    15:16:51.0583 2652 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
    15:16:51.0583 2652 nsi - ok
    15:16:51.0599 2652 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    15:16:51.0599 2652 nsiproxy - ok
    15:16:51.0724 2652 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
    15:16:51.0770 2652 Ntfs - ok
    15:16:52.0051 2652 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    15:16:52.0051 2652 Null - ok
    15:16:52.0082 2652 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
    15:16:52.0082 2652 nvraid - ok
    15:16:52.0114 2652 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
    15:16:52.0114 2652 nvstor - ok
    15:16:52.0145 2652 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    15:16:52.0145 2652 nv_agp - ok
    15:16:52.0160 2652 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    15:16:52.0176 2652 ohci1394 - ok
    15:16:52.0207 2652 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    15:16:52.0207 2652 ose - ok
    15:16:52.0441 2652 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    15:16:52.0535 2652 osppsvc - ok
    15:16:52.0660 2652 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    15:16:52.0675 2652 p2pimsvc - ok
    15:16:52.0722 2652 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
    15:16:52.0738 2652 p2psvc - ok
    15:16:52.0784 2652 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    15:16:52.0784 2652 Parport - ok
    15:16:52.0800 2652 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
    15:16:52.0800 2652 partmgr - ok
    15:16:52.0816 2652 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    15:16:52.0816 2652 Parvdm - ok
    15:16:52.0847 2652 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
    15:16:52.0847 2652 PcaSvc - ok
    15:16:52.0878 2652 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    15:16:52.0894 2652 pci - ok
    15:16:52.0894 2652 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    15:16:52.0909 2652 pciide - ok
    15:16:52.0940 2652 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    15:16:52.0940 2652 pcmcia - ok
    15:16:52.0972 2652 PCPitstop Scheduling (4afdda6adeb0df8a1aa0268ffb838649) C:\Program Files\CA\PCPitstopScheduleService.exe
    15:16:52.0987 2652 PCPitstop Scheduling - ok
    15:16:53.0003 2652 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    15:16:53.0003 2652 pcw - ok
    15:16:53.0065 2652 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    15:16:53.0081 2652 PEAUTH - ok
    15:16:53.0159 2652 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
    15:16:53.0190 2652 PeerDistSvc - ok
    15:16:53.0221 2652 pepifilter (d30eda6e1ab3c8c82f2ca085ab79040a) C:\Windows\system32\DRIVERS\lv302af.sys
    15:16:53.0221 2652 pepifilter - ok
    15:16:53.0440 2652 PID_PEPI (0da6c5e0c8da6cebe52daacfe7ae9de6) C:\Windows\system32\DRIVERS\LV302V32.SYS
    15:16:53.0486 2652 PID_PEPI - ok
    15:16:53.0908 2652 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
    15:16:53.0954 2652 pla - ok
    15:16:54.0095 2652 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
    15:16:54.0110 2652 PlugPlay - ok
    15:16:54.0142 2652 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
    15:16:54.0142 2652 Pml Driver HPZ12 - ok
    15:16:54.0173 2652 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
    15:16:54.0173 2652 PNRPAutoReg - ok
    15:16:54.0204 2652 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    15:16:54.0220 2652 PNRPsvc - ok
    15:16:54.0266 2652 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
    15:16:54.0266 2652 PolicyAgent - ok
    15:16:54.0298 2652 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
    15:16:54.0313 2652 Power - ok
    15:16:54.0360 2652 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    15:16:54.0360 2652 PptpMiniport - ok
    15:16:54.0376 2652 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
    15:16:54.0376 2652 Processor - ok
    15:16:54.0407 2652 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
    15:16:54.0422 2652 ProfSvc - ok
    15:16:54.0422 2652 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    15:16:54.0438 2652 ProtectedStorage - ok
    15:16:54.0469 2652 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    15:16:54.0469 2652 Psched - ok
    15:16:54.0563 2652 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
    15:16:54.0594 2652 ql2300 - ok
    15:16:54.0734 2652 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
    15:16:54.0750 2652 ql40xx - ok
    15:16:54.0781 2652 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
    15:16:54.0781 2652 QWAVE - ok
    15:16:54.0797 2652 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    15:16:54.0797 2652 QWAVEdrv - ok
    15:16:55.0109 2652 R300 (7db96c2801a78513bdc133c25d07929e) C:\Windows\system32\DRIVERS\atikmdag.sys
    15:16:55.0187 2652 R300 - ok
    15:16:55.0312 2652 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    15:16:55.0312 2652 RasAcd - ok
    15:16:55.0343 2652 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    15:16:55.0343 2652 RasAgileVpn - ok
    15:16:55.0374 2652 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
    15:16:55.0374 2652 RasAuto - ok
    15:16:55.0405 2652 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    15:16:55.0405 2652 Rasl2tp - ok
    15:16:55.0436 2652 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
    15:16:55.0452 2652 RasMan - ok
    15:16:55.0468 2652 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    15:16:55.0468 2652 RasPppoe - ok
    15:16:55.0499 2652 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    15:16:55.0514 2652 RasSstp - ok
    15:16:55.0546 2652 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    15:16:55.0561 2652 rdbss - ok
    15:16:55.0577 2652 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    15:16:55.0577 2652 rdpbus - ok
    15:16:55.0577 2652 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    15:16:55.0592 2652 RDPCDD - ok
    15:16:55.0624 2652 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
    15:16:55.0624 2652 RDPDR - ok
    15:16:55.0655 2652 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    15:16:55.0655 2652 RDPENCDD - ok
    15:16:55.0670 2652 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    15:16:55.0670 2652 RDPREFMP - ok
    15:16:55.0702 2652 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
    15:16:55.0702 2652 RDPWD - ok
    15:16:55.0733 2652 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    15:16:55.0748 2652 rdyboost - ok
    15:16:55.0764 2652 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
    15:16:55.0764 2652 RemoteAccess - ok
    15:16:55.0795 2652 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
    15:16:55.0795 2652 RemoteRegistry - ok
    15:16:55.0826 2652 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
    15:16:55.0826 2652 RFCOMM - ok
    15:16:55.0858 2652 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
    15:16:55.0858 2652 RimUsb - ok
    15:16:55.0904 2652 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
    15:16:55.0904 2652 RimVSerPort - ok
    15:16:55.0951 2652 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
    15:16:55.0951 2652 ROOTMODEM - ok
    15:16:55.0967 2652 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
    15:16:55.0967 2652 RpcEptMapper - ok
    15:16:55.0982 2652 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
    15:16:55.0982 2652 RpcLocator - ok
    15:16:56.0014 2652 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    15:16:56.0029 2652 RpcSs - ok
    15:16:56.0045 2652 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    15:16:56.0060 2652 rspndr - ok
    15:16:56.0076 2652 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
    15:16:56.0076 2652 s3cap - ok
    15:16:56.0092 2652 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    15:16:56.0092 2652 SamSs - ok
    15:16:56.0123 2652 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    15:16:56.0123 2652 sbp2port - ok
    15:16:56.0154 2652 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
    15:16:56.0154 2652 SCardSvr - ok
    15:16:56.0170 2652 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    15:16:56.0170 2652 scfilter - ok
    15:16:56.0279 2652 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
    15:16:56.0294 2652 Schedule - ok
    15:16:56.0310 2652 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    15:16:56.0310 2652 SCPolicySvc - ok
    15:16:56.0341 2652 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\DRIVERS\sdbus.sys
    15:16:56.0357 2652 sdbus - ok
    15:16:56.0372 2652 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
    15:16:56.0388 2652 SDRSVC - ok
    15:16:56.0435 2652 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    15:16:56.0450 2652 SeaPort - ok
    15:16:56.0450 2652 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    15:16:56.0466 2652 secdrv - ok
    15:16:56.0466 2652 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
    15:16:56.0482 2652 seclogon - ok
    15:16:56.0497 2652 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
    15:16:56.0497 2652 SENS - ok
    15:16:56.0513 2652 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
    15:16:56.0528 2652 SensrSvc - ok
    15:16:56.0544 2652 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
    15:16:56.0544 2652 Serenum - ok
    15:16:56.0575 2652 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
    15:16:56.0575 2652 Serial - ok
    15:16:56.0591 2652 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
    15:16:56.0591 2652 sermouse - ok
    15:16:56.0638 2652 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
    15:16:56.0638 2652 SessionEnv - ok
    15:16:56.0653 2652 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    15:16:56.0653 2652 sffdisk - ok
    15:16:56.0669 2652 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    15:16:56.0669 2652 sffp_mmc - ok
    15:16:56.0684 2652 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    15:16:56.0684 2652 sffp_sd - ok
    15:16:56.0700 2652 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
    15:16:56.0700 2652 sfloppy - ok
    15:16:56.0778 2652 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
    15:16:56.0778 2652 SharedAccess - ok
    15:16:56.0825 2652 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
    15:16:56.0840 2652 ShellHWDetection - ok
    15:16:56.0856 2652 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    15:16:56.0856 2652 sisagp - ok
    15:16:56.0872 2652 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
    15:16:56.0887 2652 SiSRaid2 - ok
    15:16:56.0903 2652 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
    15:16:56.0918 2652 SiSRaid4 - ok
    15:16:57.0106 2652 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    15:16:57.0168 2652 Skype C2C Service - ok
    15:16:57.0246 2652 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files\Skype\Updater\Updater.exe
    15:16:57.0262 2652 SkypeUpdate - ok
    15:16:57.0386 2652 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    15:16:57.0386 2652 Smb - ok
    15:16:57.0418 2652 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
    15:16:57.0418 2652 SNMPTRAP - ok
    15:16:57.0433 2652 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    15:16:57.0433 2652 spldr - ok
    15:16:57.0480 2652 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
    15:16:57.0496 2652 Spooler - ok
    15:16:57.0667 2652 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
    15:16:57.0745 2652 sppsvc - ok
    15:16:57.0901 2652 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
    15:16:57.0901 2652 sppuinotify - ok
    15:16:57.0995 2652 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\Windows\System32\Drivers\NIS\1307010.005\SRTSP.SYS
    15:16:58.0010 2652 SRTSP - ok
    15:16:58.0042 2652 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\NIS\1307010.005\SRTSPX.SYS
    15:16:58.0042 2652 SRTSPX - ok
    15:16:58.0088 2652 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
    15:16:58.0104 2652 srv - ok
    15:16:58.0151 2652 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
    15:16:58.0151 2652 srv2 - ok
    15:16:58.0198 2652 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    15:16:58.0213 2652 SrvHsfHDA - ok
    15:16:58.0291 2652 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    15:16:58.0307 2652 SrvHsfV92 - ok
    15:16:58.0369 2652 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    15:16:58.0400 2652 SrvHsfWinac - ok
    15:16:58.0416 2652 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
    15:16:58.0416 2652 srvnet - ok
    15:16:58.0447 2652 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
    15:16:58.0463 2652 SSDPSRV - ok
    15:16:58.0478 2652 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
    15:16:58.0494 2652 SstpSvc - ok
    15:16:58.0510 2652 Steam Client Service - ok
    15:16:58.0525 2652 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
    15:16:58.0525 2652 stexstor - ok
    15:16:58.0541 2652 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
    15:16:58.0541 2652 StillCam - ok
    15:16:58.0619 2652 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
    15:16:58.0634 2652 StiSvc - ok
    15:16:58.0650 2652 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
    15:16:58.0650 2652 storflt - ok
    15:16:58.0666 2652 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
    15:16:58.0666 2652 StorSvc - ok
    15:16:58.0681 2652 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
    15:16:58.0681 2652 storvsc - ok
    15:16:58.0697 2652 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    15:16:58.0697 2652 swenum - ok
    15:16:58.0744 2652 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
    15:16:58.0744 2652 swprv - ok
    15:16:58.0790 2652 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NIS\1307010.005\SYMDS.SYS
    15:16:58.0806 2652 SymDS - ok
    15:16:58.0884 2652 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\NIS\1307010.005\SYMEFA.SYS
    15:16:58.0900 2652 SymEFA - ok
    15:16:58.0946 2652 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS
    15:16:58.0946 2652 SymEvent - ok
    15:16:58.0978 2652 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\NIS\1307010.005\Ironx86.SYS
    15:16:58.0993 2652 SymIRON - ok
    15:16:59.0024 2652 SymNetS (3ee215d6fe821e3edf0f7134d9ae905a) C:\Windows\System32\Drivers\NIS\1307010.005\SYMNETS.SYS
    15:16:59.0040 2652 SymNetS - ok
    15:16:59.0071 2652 SynTP (3d6316279c3540aa268bf025f4621ef3) C:\Windows\system32\DRIVERS\SynTP.sys
    15:16:59.0071 2652 SynTP - ok
    15:16:59.0212 2652 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
    15:16:59.0212 2652 SysMain - ok
    15:16:59.0243 2652 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
    15:16:59.0243 2652 TabletInputService - ok
    15:16:59.0290 2652 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
    15:16:59.0290 2652 TapiSrv - ok
    15:16:59.0321 2652 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
    15:16:59.0321 2652 TBS - ok
    15:16:59.0430 2652 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
    15:16:59.0461 2652 Tcpip - ok
    15:16:59.0664 2652 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
    15:16:59.0664 2652 TCPIP6 - ok
    15:16:59.0820 2652 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    15:16:59.0820 2652 tcpipreg - ok
    15:16:59.0836 2652 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    15:16:59.0836 2652 TDPIPE - ok
    15:16:59.0851 2652 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
    15:16:59.0851 2652 TDTCP - ok
    15:16:59.0882 2652 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    15:16:59.0898 2652 tdx - ok
    15:16:59.0914 2652 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
    15:16:59.0914 2652 TermDD - ok
    15:16:59.0960 2652 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
    15:16:59.0976 2652 TermService - ok
    15:16:59.0992 2652 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
    15:17:00.0007 2652 Themes - ok
    15:17:00.0023 2652 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    15:17:00.0023 2652 THREADORDER - ok
    15:17:00.0070 2652 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
    15:17:00.0085 2652 tifm21 - ok
    15:17:00.0101 2652 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
    15:17:00.0101 2652 TPM - ok
    15:17:00.0132 2652 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
    15:17:00.0132 2652 TrkWks - ok
    15:17:00.0163 2652 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
    15:17:00.0179 2652 TrustedInstaller - ok
    15:17:00.0194 2652 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    15:17:00.0194 2652 tssecsrv - ok
    15:17:00.0210 2652 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    15:17:00.0210 2652 TsUsbFlt - ok
    15:17:00.0226 2652 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
    15:17:00.0241 2652 TsUsbGD - ok
    15:17:00.0272 2652 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    15:17:00.0272 2652 tunnel - ok
    15:17:00.0288 2652 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
    15:17:00.0288 2652 uagp35 - ok
    15:17:00.0491 2652 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    15:17:00.0491 2652 udfs - ok
    15:17:00.0616 2652 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
    15:17:00.0616 2652 UI0Detect - ok
    15:17:00.0631 2652 UIUSys - ok
    15:17:00.0647 2652 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    15:17:00.0662 2652 uliagpkx - ok
    15:17:00.0772 2652 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
    15:17:00.0772 2652 umbus - ok
    15:17:00.0818 2652 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
    15:17:00.0818 2652 UmPass - ok
    15:17:00.0850 2652 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
    15:17:00.0850 2652 UmRdpService - ok
    15:17:01.0052 2652 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
    15:17:01.0068 2652 upnphost - ok
    15:17:01.0146 2652 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
    15:17:01.0146 2652 USBAAPL - ok
    15:17:01.0208 2652 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
    15:17:01.0208 2652 usbaudio - ok
    15:17:01.0333 2652 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
    15:17:01.0333 2652 usbccgp - ok
    15:17:01.0364 2652 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    15:17:01.0380 2652 usbcir - ok
    15:17:01.0474 2652 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
    15:17:01.0474 2652 usbehci - ok
    15:17:01.0630 2652 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
    15:17:01.0645 2652 usbhub - ok
    15:17:01.0676 2652 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
    15:17:01.0676 2652 usbohci - ok
    15:17:01.0692 2652 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    15:17:01.0692 2652 usbprint - ok
    15:17:01.0708 2652 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    15:17:01.0708 2652 usbscan - ok
    15:17:01.0754 2652 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\DRIVERS\usbser.sys
    15:17:01.0754 2652 usbser - ok
    15:17:01.0786 2652 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    15:17:01.0801 2652 USBSTOR - ok
    15:17:01.0817 2652 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
    15:17:01.0817 2652 usbuhci - ok
    15:17:01.0832 2652 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
    15:17:01.0832 2652 UxSms - ok
    15:17:01.0848 2652 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    15:17:01.0848 2652 VaultSvc - ok
    15:17:01.0879 2652 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    15:17:01.0895 2652 vdrvroot - ok
    15:17:01.0926 2652 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
    15:17:01.0942 2652 vds - ok
    15:17:01.0957 2652 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    15:17:01.0957 2652 vga - ok
    15:17:01.0973 2652 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    15:17:01.0973 2652 VgaSave - ok
    15:17:02.0020 2652 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    15:17:02.0020 2652 vhdmp - ok
    15:17:02.0035 2652 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    15:17:02.0051 2652 viaagp - ok
    15:17:02.0066 2652 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
    15:17:02.0066 2652 ViaC7 - ok
    15:17:02.0082 2652 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    15:17:02.0082 2652 viaide - ok
    15:17:02.0129 2652 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
    15:17:02.0129 2652 vmbus - ok
    15:17:02.0144 2652 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
    15:17:02.0144 2652 VMBusHID - ok
    15:17:02.0176 2652 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    15:17:02.0176 2652 volmgr - ok
    15:17:02.0222 2652 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    15:17:02.0222 2652 volmgrx - ok
    15:17:02.0269 2652 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    15:17:02.0285 2652 volsnap - ok
    15:17:02.0316 2652 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
    15:17:02.0316 2652 vsmraid - ok
    15:17:02.0394 2652 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
    15:17:02.0410 2652 VSS - ok
    15:17:02.0425 2652 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    15:17:02.0441 2652 vwifibus - ok
    15:17:02.0472 2652 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
    15:17:02.0488 2652 W32Time - ok
    15:17:02.0503 2652 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
    15:17:02.0503 2652 WacomPen - ok
    15:17:02.0519 2652 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    15:17:02.0519 2652 WANARP - ok
    15:17:02.0534 2652 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    15:17:02.0534 2652 Wanarpv6 - ok
    15:17:02.0628 2652 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
    15:17:02.0659 2652 WatAdminSvc - ok
    15:17:02.0862 2652 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
    15:17:02.0893 2652 wbengine - ok
    15:17:02.0924 2652 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
    15:17:02.0924 2652 WbioSrvc - ok
    15:17:02.0971 2652 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
    15:17:02.0987 2652 wcncsvc - ok
    15:17:03.0002 2652 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
    15:17:03.0002 2652 WcsPlugInService - ok
    15:17:03.0034 2652 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
    15:17:03.0034 2652 Wd - ok
    15:17:03.0112 2652 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    15:17:03.0112 2652 Wdf01000 - ok
    15:17:03.0143 2652 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    15:17:03.0143 2652 WdiServiceHost - ok
    15:17:03.0158 2652 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    15:17:03.0158 2652 WdiSystemHost - ok
    15:17:03.0190 2652 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
    15:17:03.0205 2652 WebClient - ok
    15:17:03.0236 2652 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
    15:17:03.0236 2652 Wecsvc - ok
    15:17:03.0268 2652 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
    15:17:03.0268 2652 wercplsupport - ok
    15:17:03.0299 2652 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
    15:17:03.0299 2652 WerSvc - ok
    15:17:03.0314 2652 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    15:17:03.0314 2652 WfpLwf - ok
    15:17:03.0330 2652 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    15:17:03.0330 2652 WIMMount - ok
    15:17:03.0424 2652 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    15:17:03.0439 2652 winachsf - ok
    15:17:03.0548 2652 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
    15:17:03.0564 2652 WinDefend - ok
    15:17:03.0580 2652 WinHttpAutoProxySvc - ok
    15:17:03.0704 2652 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
    15:17:03.0704 2652 Winmgmt - ok
    15:17:03.0798 2652 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
    15:17:03.0829 2652 WinRM - ok
    15:17:03.0892 2652 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
    15:17:03.0892 2652 WinUsb - ok
    15:17:04.0001 2652 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
    15:17:04.0048 2652 Wlansvc - ok
    15:17:04.0204 2652 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    15:17:04.0235 2652 wlidsvc - ok
    15:17:04.0360 2652 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    15:17:04.0360 2652 WmiAcpi - ok
    15:17:04.0406 2652 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
    15:17:04.0406 2652 wmiApSrv - ok
    15:17:04.0469 2652 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
    15:17:04.0500 2652 WMPNetworkSvc - ok
    15:17:04.0594 2652 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
    15:17:04.0609 2652 WPCSvc - ok
    15:17:04.0625 2652 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
    15:17:04.0625 2652 WPDBusEnum - ok
    15:17:04.0672 2652 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    15:17:04.0672 2652 ws2ifsl - ok
    15:17:04.0703 2652 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
    15:17:04.0703 2652 wscsvc - ok
    15:17:04.0718 2652 WSearch - ok
    15:17:04.0874 2652 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
    15:17:04.0921 2652 wuauserv - ok
    15:17:05.0062 2652 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    15:17:05.0062 2652 WudfPf - ok
    15:17:05.0093 2652 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    15:17:05.0108 2652 WUDFRd - ok
    15:17:05.0124 2652 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
    15:17:05.0124 2652 wudfsvc - ok
    15:17:05.0171 2652 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
    15:17:05.0171 2652 WwanSvc - ok
    15:17:05.0186 2652 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
    15:17:05.0186 2652 XAudio - ok
    15:17:05.0264 2652 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe
    15:17:05.0280 2652 XAudioService - ok
    15:17:05.0296 2652 XDva391 - ok
    15:17:05.0342 2652 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    15:17:05.0467 2652 \Device\Harddisk0\DR0 - ok
    15:17:05.0483 2652 Boot (0x1200) (0e34d51976ccc4908a0f629353d0f5b4) \Device\Harddisk0\DR0\Partition0
    15:17:05.0483 2652 \Device\Harddisk0\DR0\Partition0 - ok
    15:17:05.0483 2652 Boot (0x1200) (63e7792658fb5c87a4cd189ea5879184) \Device\Harddisk0\DR0\Partition1
    15:17:05.0483 2652 \Device\Harddisk0\DR0\Partition1 - ok
    15:17:05.0483 2652 ============================================================
    15:17:05.0483 2652 Scan finished
    15:17:05.0483 2652 ============================================================
    15:17:05.0498 3024 Detected object count: 0
    15:17:05.0498 3024 Actual detected object count: 0
     
  21. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    edited...
     
  22. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Re-run Combofix one more time.
     
  23. GeoffQ

    GeoffQ TS Rookie Topic Starter Posts: 30

    Here it is:

    ComboFix 12-08-05.02 - Geoff 08/05/2012 15:25:58.2.2 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1876 [GMT -7:00]
    Running from: c:\users\Geoff\Desktop\ComboFix.exe
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\install.exe
    c:\program files\lol\LeagueOfLegends\0x0409.ini
    c:\program files\lol\LeagueOfLegends\data1.cab
    c:\program files\lol\LeagueOfLegends\data1.hdr
    c:\program files\lol\LeagueOfLegends\data2.cab
    c:\program files\lol\LeagueOfLegends\ISSetup.dll
    c:\program files\lol\LeagueOfLegends\layout.bin
    c:\program files\lol\LeagueOfLegends\setup.exe
    c:\program files\lol\LeagueOfLegends\setup.ini
    c:\program files\lol\LeagueOfLegends\setup.inx
    c:\program files\lol\LeagueOfLegends\setup.isn
    c:\users\Geoff\AppData\Local\assembly\tmp\2G4HICEB\__AssemblyInfo__.ini
    c:\users\Geoff\AppData\Local\assembly\tmp\2G4HICEB\Google.Connect.Plugin.DLL
    c:\users\Geoff\AppData\Local\assembly\tmp\3GQWI89E\__AssemblyInfo__.ini
    c:\users\Geoff\AppData\Local\assembly\tmp\3GQWI89E\Interop.Office.DLL
    c:\users\Geoff\AppData\Local\assembly\tmp\6Y9RUZCL\__AssemblyInfo__.ini
    c:\users\Geoff\AppData\Local\assembly\tmp\B03ICXZO\__AssemblyInfo__.ini
    c:\users\Geoff\AppData\Local\assembly\tmp\EIG7N6EQ\__AssemblyInfo__.ini
    c:\users\Geoff\AppData\Local\assembly\tmp\ZJD09CGK\__AssemblyInfo__.ini
    c:\users\Geoff\AppData\Local\Microsoft\Windows\Temporary Internet Files\{197DABC5-CECF-4467-8BF2-E91BCA98B8A3}.xps
    c:\users\Geoff\videos\ac3filter_1_63b.exe
    c:\users\Geoff\videos\DivXInstaller.exe
    c:\users\Geoff\videos\GoogleEarthSetup.exe
    c:\users\Geoff\videos\vlc-1.1.11-win32.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-05 22:38 . 2012-08-05 22:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-05 17:53 . 2012-08-05 17:53 -------- d-----w- C:\FRST
    2012-08-04 23:45 . 2012-08-04 23:45 -------- d-----w- c:\users\Geoff\AppData\Roaming\Malwarebytes
    2012-08-04 23:44 . 2012-08-04 23:44 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-04 23:44 . 2012-08-04 23:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-04 23:44 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-03 23:34 . 2012-08-04 02:27 -------- d-----w- c:\program files\Diablo III
    2012-08-03 21:17 . 2012-08-03 21:17 -------- d-----w- c:\users\Geoff\AppData\Roaming\FixZeroAccess
    2012-08-03 20:53 . 2012-08-04 03:58 -------- d-----w- c:\program files\Symantec
    2012-08-03 20:53 . 2012-08-04 03:57 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-08-03 20:53 . 2012-08-03 21:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2012-08-03 20:52 . 2012-08-04 18:17 -------- d-----w- c:\windows\system32\drivers\NIS
    2012-08-03 20:52 . 2012-08-03 20:52 -------- d-----w- c:\program files\Norton Internet Security
    2012-08-03 20:49 . 2012-08-03 20:49 -------- d-----w- c:\program files\NortonInstaller
    2012-08-03 20:13 . 2012-08-03 20:13 -------- d-----w- c:\users\Geoff\AppData\Roaming\SPE
    2012-08-03 20:04 . 2012-08-03 23:33 -------- d-----w- c:\users\Geoff\AppData\Local\CrashDumps
    2012-08-03 20:03 . 2012-08-03 21:15 -------- d-----w- c:\users\Geoff\AppData\Local\NPE
    2012-08-03 20:03 . 2012-08-03 20:53 -------- d-----w- c:\programdata\Norton
    2012-08-02 04:46 . 2012-08-02 04:46 1744912 ----a-w- c:\windows\system32\winsflt.dll
    2012-08-02 04:46 . 2011-06-29 21:27 2760720 ----a-w- c:\windows\system32\svcprs32.exe
    2012-08-02 04:46 . 2011-06-29 21:23 98320 ----a-w- c:\windows\system32\winsfinst.exe
    2012-08-02 04:46 . 2011-06-29 21:22 4108304 ----a-w- c:\windows\system32\win32cpr.dll
    2012-08-02 04:46 . 2011-06-29 21:20 3207184 ----a-w- c:\windows\system32\mdmcls32.exe
    2012-08-02 04:46 . 2011-06-29 20:53 2990096 ----a-w- c:\windows\system32\winsflte.dll
    2012-07-30 00:46 . 2002-01-01 21:02 7440 ----a-w- c:\windows\system32\sporder.dll
    2012-07-30 00:46 . 2012-07-30 00:46 -------- d-----w- c:\program files\Common Files\InstallShield
    2012-07-30 00:43 . 2012-07-30 00:43 -------- d-----w- c:\program files\Total Defense
    2012-07-30 00:00 . 2012-08-03 21:04 -------- d-----w- c:\programdata\CA
    2012-07-26 22:53 . 2012-07-26 22:53 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-07-26 15:28 . 2012-07-26 15:28 -------- d-----w- c:\users\Export
    2012-07-25 01:02 . 2012-07-26 22:53 -------- d-----w- c:\program files\DAEMON Tools Lite
    2012-07-24 19:40 . 2012-07-24 19:40 -------- d-----w- c:\program files\GUMA92A.tmp
    2012-07-24 19:01 . 2012-07-24 19:01 4024320 ----a-w- c:\program files\GUTF4C7.tmp
    2012-07-24 19:01 . 2012-07-24 19:01 4024320 ----a-w- c:\program files\GUTF3DD.tmp
    2012-07-24 19:01 . 2012-07-24 19:01 -------- d-----w- c:\program files\GUMF4C6.tmp
    2012-07-24 19:01 . 2012-07-24 19:01 -------- d-----w- c:\program files\GUMF3CC.tmp
    2012-07-10 04:07 . 2012-07-10 04:07 -------- d-----w- c:\programdata\FNP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-02 21:57 . 2012-04-12 21:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-02 21:57 . 2011-07-14 02:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-30 00:43 . 2012-07-30 00:43 9072 ----a-w- c:\windows\system32\drivers\28169
    2012-06-03 19:50 . 2012-06-03 19:50 9072 ----a-w- c:\windows\system32\drivers\4284
    2012-06-02 22:19 . 2012-06-18 22:05 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-18 22:05 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-18 22:05 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-18 22:05 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-18 22:05 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-18 22:05 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-18 22:05 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-18 22:05 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:12 . 2012-06-18 22:05 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-08-02 14:56 . 2011-07-14 01:58 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-12-06 19:56 . 2011-12-06 19:56 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Geoff\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Geoff\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Geoff\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-07-20 22:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-07-20 22:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-07-20 22:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-07-20 22:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-12-06 30192]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    c:\users\Geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Geoff\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\logishrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux5"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2012-04-04 05:53 815512 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2012-04-04 05:53 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
    2012-03-13 12:37 3331872 ----a-w- c:\users\Geoff\AppData\Local\Akamai\netsession_win.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-05-31 03:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BIBLauncher]
    2011-03-15 22:02 901600 ----a-w- c:\program files\Business-in-a-Box\BIBLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
    2009-05-27 00:46 1159168 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2010-07-25 17:08 2569616 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
    2008-12-24 18:26 114688 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2012-04-17 15:19 3671872 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKAiO2StatusMonitor]
    2011-03-25 07:03 2421760 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-07-14 16:46 136176 ----atw- c:\users\Geoff\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
    2012-07-20 22:17 12218904 ----a-w- c:\program files\Google\Drive\googledrivesync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ida]
    2011-09-01 22:43 27368 ----a-w- c:\program files\Ida\IdaLaunch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
    2009-11-16 17:27 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
    2009-11-26 00:42 54672 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
    2009-11-11 22:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
    2011-02-18 18:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2012-08-04 02:28 1353080 ----a-w- c:\program files\Steam\Steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
    2007-09-15 06:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolboxFX]
    2010-10-25 21:40 58936 ----a-w- c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe
    .
    R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    R3 ArcGIS License Manager;ArcGIS License Manager;c:\program files\ArcGIS\License10.1\bin\lmgrd.exe [x]
    R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
    R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\FirebirdSQL\bin\fbguard.exe [x]
    R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\FirebirdSQL\bin\fbserver.exe [x]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
    R3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [x]
    R3 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
    R3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\CA\PCPitstopScheduleService.exe [x]
    R3 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    R3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
    R4 Agent;Agent;c:\windows\agent.exe [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1307010.005\SYMDS.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1307010.005\SYMEFA.SYS [x]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [x]
    S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307010.005\ccSetx86.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120803.002\IDSvix86.sys [x]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1307010.005\Ironx86.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1307010.005\SYMNETS.SYS [x]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
    S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [x]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [x]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 93718449
    *Deregistered* - 93718449
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 21:57]
    .
    2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-24 19:32]
    .
    2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-24 19:32]
    .
    2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-168794860-1045125424-4017413192-1000Core.job
    - c:\users\Geoff\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 16:46]
    .
    2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-168794860-1045125424-4017413192-1000UA.job
    - c:\users\Geoff\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 16:46]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.254
    Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
    Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
    DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
    FF - ProfilePath - c:\users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\2spvngjj.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&from=login
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-PFW - (no file)
    MSConfigStartUp-ATICustomerCare - c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
    MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
    HKLM_ActiveSetup-Neat ADF Scanner 2008 - reg copy HKLM\Software\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008
    HKLM_ActiveSetup-Send To Neat - reg copy HKLM\Software\The Neat Company\Send To Neat HKCU\Software\The Neat Company\Send To Neat
    AddRemove-eTrust Suite Personal - c:\program files\Total Defense\Internet Security Suite\caunst.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(2320)
    c:\users\Geoff\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    Completion time: 2012-08-05 15:41:48
    ComboFix-quarantined-files.txt 2012-08-05 22:41
    .
    Pre-Run: 145,387,778,048 bytes free
    Post-Run: 145,102,721,024 bytes free
    .
    - - End Of File - - 1E1A88D91CB7B654CD58F3E75E427583
     
  24. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Looks good :)

    How is computer doing?

    =================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ====================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  25. GeoffQ

    GeoffQ TS Rookie Topic Starter Posts: 30

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.05.08

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 8.0.7601.17514
    Geoff :: OMNICRONPERSEI8 [administrator]

    Protection: Enabled

    8/5/2012 4:15:57 PM
    mbam-log-2012-08-05 (16-15-57).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 224371
    Time elapsed: 4 minute(s), 5 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.