Solved Trojan.ZeroAccess!inf

G

GeoffQ

Posts: 30   +0
My computer is infected with the Trojan.ZeroAccess!inf virus. I've done everything I can to remove it, but it is very persistent. It has infected my microsoft "service.exe" for certain. I read a previous post that you had with someone else about this same virus and was impressed with how you resolved it. Would you be able to help me as well?

I have Norton AntiVirus and have tried their manual removal tool. I tried starting windows from the boot disc and running startup repair - it didn't find any issues. I just tried running MalwareBytes - it detected some items (see log below) and removed them, but zeroaccess!inf is still persistant (I ran a Norton scan directly on "service.exe" after restarting from malwarebytes which indicated it was still infected). In addition, malwarebytes is still blocking outgoing information from "services.exe"

See logs below.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.04.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Geoff :: OMNICRONPERSEI8 [administrator]

Protection: Enabled

8/4/2012 4:46:27 PM
mbam-log-2012-08-04 (16-46-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218232
Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCR\CLSID\{1959DF3E-D670-4C34-8B5A-6C89E3235E28} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1959DF3E-D670-4C34-8B5A-6C89E3235E28} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1959DF3E-D670-4C34-8B5A-6C89E3235E28} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1959DF3E-D670-4C34-8B5A-6C89E3235E28} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\Geoff\AppData\Local\{51f2c320-465a-b82c-db4c-992d1544e03c}\n. -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\ProgramData\CodecC\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
C:\Users\rmjowbthhk.cra (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Installer\{51f2c320-465a-b82c-db4c-992d1544e03c}\n (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{51f2c320-465a-b82c-db4c-992d1544e03c}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)
 
I've just run GMER and here is the log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-08-04 20:47:34
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST95005620AS rev.SD24
Running: hdkj80hq.exe; Driver: C:\Users\Geoff\AppData\Local\Temp\fggcyaoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================.

I still need DDS logs.
 
Hi Broni,

The logs are listed below:

Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/13/2011 6:40:49 PM
System Uptime: 8/4/2012 9:55:43 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 309F
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | U10 | 2000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 135.323 GiB free.
D: is CDROM ()
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Prem C310 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Prem C310 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 7500 E910
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Officejet 7500 E910
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet CP1525nw
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: Hewlett-Packard
Name: HP LaserJet CP1525nw
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8600
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: HP
Name: Officejet Pro 8600
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
==== System Restore Points ===================
.
RP165: 8/3/2012 1:34:15 PM - Norton_Power_Eraser_20120803133411922
.
==== Installed Programs ======================
.
.
µTorrent
32 Bit HP CIO Components Installer
8600_Help
8600_Readme
AC3Filter 1.63b
Adobe Acrobat X Standard - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcGIS 10.1 for Desktop
ArcGIS 10.1 License Manager
ATI Catalyst Install Manager
ATI Catalyst Registration
AuthenTec Fingerprint Sensor Minimum Install
Bastion
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
Bonjour
BPDSoftware
BPDSoftware_Ini
Broadcom 802.11 Wireless LAN Adapter
Broadcom NetXtreme Ethernet Controller
Brother MFL-Pro Suite MFC-9840CDW
BufferChm
Business-in-a-Box
C310
CA PC Tune-Up 3.0.0.2
calibre
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 4.1
Canon Speed Dial Utility
Canon Utilities Digital Photo Professional 3.10
Canon Utilities EOS Utility
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chinese Simplified Fonts Support For Adobe Reader X
CodecC
CutePDF Writer 2.8
DAEMON Tools Lite
DC Universe Online
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DH Mobility Modder.NET
Diablo III
DivX Setup
DNRGarmin
Download Accelerator Plus (DAP)
Driver Sweeper version 3.2.0
Dropbox
Dungeon Defenders
eReg
Fire Client v2.14
FirebirdSQL
Garmin MapSource
Garmin Trip and Waypoint Manager v5
Garmin USB Drivers
Geosoft Oasis montaj Viewer
Geosoft Plugin for ArcGIS
GeoView
Google Cloud Connect for Microsoft Office
Google Desktop
Google Drive
Google Earth
Google SketchUp 8
Google Talk Plugin
Google Update Helper
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Integrated Module with Bluetooth wireless technology 6.0.1.3100
HP LaserJet Professional CP1520 Series
HP MULTIPLE MODEM INSTALLER for VISTA
HP Officejet 7500 E910 Basic Device Software
HP Officejet 7500 E910 Help
HP Officejet Pro K8600
HP Photo Creations
HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7
HP Quick Launch Buttons
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HP Wireless Assistant
HPAppStudio
HPDiagnosticCoreDll
HPLaserJetHelp_LearnCenter
HPLJUT
hppCP1520LaserJetService
HPPhotoGadget
hppLaserJetService
HPProductAssistant
hppTLBXFXCP1520
HPSSupply
hpzTLBXFX
IBM SPSS Statistics 19
Ida
iTunes
Java Auto Updater
Java(TM) 6 Update 30
K8600_Basic
League of Legends
Logitech SetPoint 6.32
Magic: The Gathering — Duels of the Planeswalkers 2012
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Default Manager
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird (5.0)
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Mumble 1.2.3
NDT 7.1.2
Neat
Neat ADF Scanner 2008 Driver
Neat ADF Scanner Driver
Neat Core Files
Neat Mobile Scanner (Silver) Driver
Neat Mobile Scanner 2008 Driver
Neat Mobile Scanner Driver
Network
Norton Internet Security
NVIDIA Drivers
OLYMPUS Master 2
Pando Media Booster
Picasa 3
PS_AIO_07_C310_SW_Min
Python 2.7.2
QLBCASL
QuickTime
QuickTransfer
RidNacs 2.0.3
Scan
Scan to PDF
ScanWiz
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Send To Neat
Shop for HP Supplies
Skins
Skype Click to Call
Skype™ 5.10
SmartWebPrinting
SolutionCenter
SoundMAX
Status
Steam
Surfer 10 (32-bit)
Synaptics Pointing Device Driver
Team Fortress 2
Terraria
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
Total Defense Internet Security Suite
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.1.11
WebReg
Winamp
Winamp Detector Plug-in
Windows Driver Package - Broadcom (b57nd60x) Net (05/10/2011 14.8.0.5)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - Intel USB (08/05/2009 9.1.1.1016)
Windows Live ID Sign-in Assistant
WinRAR 4.01 (32-bit)
World of Warcraft FREE Trial
.
==== Event Viewer Messages From Past Week ========
.
8/4/2012 9:58:13 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
8/4/2012 9:57:14 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 1 time(s).
8/4/2012 9:56:14 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x874237e8, 0x87423954, 0x83237df0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080412-30310-01.
8/4/2012 9:56:11 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
8/4/2012 9:56:10 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/4/2012 9:09:02 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 15 time(s).
8/4/2012 8:01:43 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 14 time(s).
8/4/2012 10:02:09 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 13 time(s).
8/4/2012 10:01:54 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 12 time(s).
8/4/2012 10:01:42 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 11 time(s).
8/4/2012 10:01:30 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 10 time(s).
8/4/2012 10:01:19 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 9 time(s).
8/4/2012 10:01:07 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 8 time(s).
8/4/2012 10:00:55 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 7 time(s).
8/4/2012 10:00:44 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 6 time(s).
8/4/2012 10:00:32 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 5 time(s).
8/4/2012 10:00:20 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 4 time(s).
8/4/2012 10:00:09 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 3 time(s).
8/4/2012 10:00:06 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 2 time(s).
8/3/2012 3:03:27 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 18 time(s).
8/3/2012 3:03:15 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 17 time(s).
8/3/2012 3:03:03 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 16 time(s).
8/3/2012 2:39:46 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.
8/3/2012 2:38:04 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
8/3/2012 2:38:04 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
8/3/2012 2:27:08 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/3/2012 2:27:08 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/3/2012 12:05:54 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 151 time(s).
8/3/2012 12:05:43 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 150 time(s).
8/3/2012 12:05:31 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 149 time(s).
8/3/2012 12:05:19 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 148 time(s).
8/3/2012 12:05:07 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 147 time(s).
8/3/2012 12:04:56 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 146 time(s).
8/3/2012 12:04:44 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 145 time(s).
8/3/2012 12:04:32 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 144 time(s).
8/3/2012 12:04:20 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 143 time(s).
8/3/2012 12:04:08 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 142 time(s).
8/3/2012 12:03:56 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 141 time(s).
8/3/2012 12:03:44 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 140 time(s).
8/3/2012 12:03:32 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 139 time(s).
8/3/2012 12:03:20 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 138 time(s).
8/3/2012 12:03:08 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 137 time(s).
8/3/2012 12:02:56 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 136 time(s).
8/3/2012 12:02:45 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 135 time(s).
8/3/2012 12:02:33 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 134 time(s).
8/3/2012 12:02:21 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 133 time(s).
8/3/2012 12:02:09 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 132 time(s).
8/3/2012 12:01:57 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 131 time(s).
8/3/2012 12:01:46 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 130 time(s).
8/3/2012 12:01:34 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 129 time(s).
8/3/2012 12:01:22 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 128 time(s).
8/3/2012 12:01:10 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 127 time(s).
8/3/2012 12:00:58 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 126 time(s).
8/3/2012 12:00:46 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 125 time(s).
8/3/2012 12:00:35 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 124 time(s).
8/3/2012 12:00:23 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 123 time(s).
8/3/2012 12:00:11 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 122 time(s).
8/3/2012 12:00:09 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 121 time(s).
8/3/2012 11:00:08 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 120 time(s).
8/3/2012 10:00:12 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 119 time(s).
8/3/2012 1:00:15 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 152 time(s).
8/2/2012 9:02:16 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 118 time(s).
8/2/2012 9:02:00 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 117 time(s).
8/2/2012 9:01:48 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 116 time(s).
8/2/2012 9:01:37 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 115 time(s).
8/2/2012 9:01:25 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 114 time(s).
8/2/2012 9:01:14 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 113 time(s).
8/2/2012 9:01:02 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 112 time(s).
8/2/2012 9:00:51 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 111 time(s).
8/2/2012 9:00:39 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 110 time(s).
8/2/2012 9:00:28 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 109 time(s).
8/2/2012 9:00:16 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 108 time(s).
8/2/2012 9:00:06 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 54 time(s).
8/2/2012 9:00:05 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 107 time(s).
8/2/2012 9:00:03 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 106 time(s).
8/2/2012 8:05:48 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 53 time(s).
8/2/2012 8:05:36 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 52 time(s).
8/2/2012 8:05:25 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 51 time(s).
8/2/2012 8:05:13 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 50 time(s).
8/2/2012 8:05:01 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 49 time(s).
8/2/2012 8:04:49 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 48 time(s).
8/2/2012 8:04:37 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 47 time(s).
8/2/2012 8:04:26 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 46 time(s).
8/2/2012 8:04:14 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 45 time(s).
8/2/2012 8:04:02 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 44 time(s).
8/2/2012 8:03:50 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 43 time(s).
8/2/2012 8:03:38 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 42 time(s).
8/2/2012 8:03:27 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 41 time(s).
8/2/2012 8:03:13 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 40 time(s).
8/2/2012 8:03:01 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 39 time(s).
8/2/2012 8:02:49 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 38 time(s).
8/2/2012 8:02:37 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 37 time(s).
8/2/2012 8:02:26 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 36 time(s).
8/2/2012 8:02:14 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 35 time(s).
8/2/2012 8:02:02 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 34 time(s).
8/2/2012 8:01:50 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 33 time(s).
8/2/2012 8:01:38 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 32 time(s).
8/2/2012 8:01:27 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 31 time(s).
8/2/2012 8:01:15 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 30 time(s).
8/2/2012 8:01:04 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 29 time(s).
8/2/2012 8:00:52 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 28 time(s).
8/2/2012 8:00:41 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 27 time(s).
8/2/2012 8:00:29 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 26 time(s).
8/2/2012 8:00:18 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 25 time(s).
8/2/2012 8:00:06 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 24 time(s).
8/2/2012 8:00:05 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 105 time(s).
8/2/2012 8:00:05 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 23 time(s).
8/2/2012 7:51:40 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 22 time(s).
8/2/2012 7:05:45 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 104 time(s).
8/2/2012 7:05:33 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 103 time(s).
8/2/2012 7:05:22 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 102 time(s).
8/2/2012 7:05:10 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 101 time(s).
8/2/2012 7:04:59 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 100 time(s).
8/2/2012 7:04:47 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 99 time(s).
8/2/2012 7:04:35 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 98 time(s).
8/2/2012 7:04:24 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 97 time(s).
8/2/2012 7:04:12 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 96 time(s).
8/2/2012 7:04:01 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 95 time(s).
8/2/2012 7:03:49 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 94 time(s).
8/2/2012 7:03:38 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 93 time(s).
8/2/2012 7:03:26 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 92 time(s).
8/2/2012 7:03:14 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 91 time(s).
8/2/2012 7:03:03 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 90 time(s).
8/2/2012 7:02:51 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 89 time(s).
8/2/2012 7:02:40 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 88 time(s).
8/2/2012 7:02:28 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 87 time(s).
8/2/2012 7:02:17 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 86 time(s).
8/2/2012 7:02:05 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 85 time(s).
8/2/2012 7:01:53 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 84 time(s).
8/2/2012 7:01:42 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 83 time(s).
8/2/2012 7:01:30 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 82 time(s).
8/2/2012 7:01:18 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 81 time(s).
8/2/2012 7:01:07 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 80 time(s).
8/2/2012 7:00:55 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 79 time(s).
8/2/2012 7:00:44 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 78 time(s).
8/2/2012 7:00:32 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 77 time(s).
8/2/2012 7:00:20 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 76 time(s).
8/2/2012 7:00:09 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 75 time(s).
8/2/2012 7:00:07 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 74 time(s).
8/2/2012 6:00:09 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 73 time(s).
8/2/2012 5:00:09 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 72 time(s).
8/2/2012 4:00:14 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 71 time(s).
8/2/2012 3:00:09 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 70 time(s).
8/2/2012 2:00:06 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 69 time(s).
8/2/2012 12:02:01 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 67 time(s).
8/2/2012 12:01:43 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 66 time(s).
8/2/2012 12:01:31 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 65 time(s).
8/2/2012 12:01:19 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 64 time(s).
8/2/2012 12:01:05 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 63 time(s).
8/2/2012 12:00:53 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 62 time(s).
8/2/2012 12:00:41 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 61 time(s).
8/2/2012 12:00:29 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 60 time(s).
8/2/2012 12:00:18 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 59 time(s).
8/2/2012 12:00:06 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 58 time(s).
8/2/2012 12:00:04 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 57 time(s).
8/2/2012 11:00:06 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 56 time(s).
8/2/2012 10:00:08 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 55 time(s).
8/2/2012 1:00:06 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 68 time(s).
8/1/2012 9:45:01 PM, Error: Service Control Manager [7030] - The CA Common Scheduler Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/1/2012 9:13:41 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 20 time(s).
8/1/2012 7:32:38 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 19 time(s).
8/1/2012 10:00:08 PM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 21 time(s).
7/31/2012 12:59:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000ea (0x88eb8538, 0x00000000, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073112-19936-01.
7/30/2012 8:24:44 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
7/30/2012 8:24:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x883657a0, 0x8836590c, 0x83263df0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073012-15147-01.
7/30/2012 8:04:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xa8685510, 0x94024e16, 0xc0000001, 0x00000003). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073012-19952-01.
7/29/2012 5:48:09 PM, Error: Service Control Manager [7030] - The CAISafe service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================
 
DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by Geoff at 22:01:55 on 2012-08-04
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1848 [GMT -7:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Geoff\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.7.1.5\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll
TB: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\geoff\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\geoff\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{485C8E1E-D60C-4D24-9C13-8962D932E283} : DhcpNameServer = 209.121.225.11 209.91.107.11
TCP: Interfaces\{62FE6EA5-669C-4D98-B6C5-B1C5349FAC28} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{62FE6EA5-669C-4D98-B6C5-B1C5349FAC28}\15579637470234F6E6E656364796F6E6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{62FE6EA5-669C-4D98-B6C5-B1C5349FAC28}\3516E646D616E60215575637E656C6 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{62FE6EA5-669C-4D98-B6C5-B1C5349FAC28}\3516E646D616E60215575637E656C6D2373616E6E696E676 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{62FE6EA5-669C-4D98-B6C5-B1C5349FAC28}\4656661657C647 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{62FE6EA5-669C-4D98-B6C5-B1C5349FAC28}\D696E696E67656870756274737 : DhcpNameServer = 10.2.10.13 10.2.15.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\progra~1\google\google~3\GO36F4~1.DLL
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\geoff\appdata\roaming\mozilla\firefox\profiles\2spvngjj.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&from=login
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.68\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\geoff\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\geoff\appdata\roaming\mozilla\firefox\profiles\2spvngjj.default\extensions\logmeinclient@logmein.com\plugins\npLMI64.dll
FF - plugin: c:\users\geoff\appdata\roaming\mozilla\firefox\profiles\2spvngjj.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\geoff\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\geoff\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1307010.005\symds.sys [2012-8-3 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1307010.005\symefa.sys [2012-8-3 905336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-11 821920]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys [2012-8-3 132744]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-26 242240]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20120803.002\IDSvix86.sys [2012-8-3 382624]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1307010.005\ironx86.sys [2012-8-3 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1307010.005\symnets.sys [2012-8-3 318584]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-4 655944]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.7.1.5\ccsvchst.exe [2012-8-3 138232]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2011-10-22 361000]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-3 106656]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-9-14 88192]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-9-1 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-9-1 12184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-4 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-10-25 145920]
S3 18687;18687;c:\windows\system32\drivers\18687 [2012-3-8 9072]
S3 28169;28169;c:\windows\system32\drivers\28169 [2012-7-29 9072]
S3 4284;4284;c:\windows\system32\drivers\4284 [2012-6-3 9072]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
S3 ArcGIS License Manager;ArcGIS License Manager;c:\program files\arcgis\license10.1\bin\lmgrd.exe [2012-4-20 1408904]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-7-13 265088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSIb.sys [2009-7-13 11904]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-13 45736]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-10-2 227896]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebirdsql\bin\fbguard.exe [2009-7-22 81920]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebirdsql\bin\fbserver.exe [2009-7-22 2736128]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-12-6 30192]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-24 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-24 136176]
S3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2010-12-14 20504]
S3 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-5-13 26168]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-10 113120]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\ca\PCPitstopScheduleService.exe [2011-7-13 90864]
S3 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]
S3 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-14 1343400]
S4 Agent;Agent;c:\windows\agent.exe [2012-5-25 155648]
.
=============== Created Last 30 ================
.
2012-08-04 23:45:08 -------- d-----w- c:\users\geoff\appdata\roaming\Malwarebytes
2012-08-04 23:44:47 -------- d-----w- c:\programdata\Malwarebytes
2012-08-04 23:44:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-04 23:44:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-04 03:57:24 905336 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symefa.sys
2012-08-04 03:57:24 340088 ----a-r- c:\windows\system32\drivers\nis\1307010.005\symds.sys
2012-08-04 03:57:24 32888 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtspx.sys
2012-08-04 03:57:24 318584 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symnets.sys
2012-08-04 03:57:23 574072 ----a-w- c:\windows\system32\drivers\nis\1307010.005\srtsp.sys
2012-08-04 03:57:23 149624 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ironx86.sys
2012-08-04 03:57:23 132744 ----a-w- c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys
2012-08-04 03:56:44 4782 ----a-w- c:\windows\system32\drivers\nis\1307010.005\symvtcer.dat
2012-08-04 03:56:44 -------- d-----w- c:\windows\system32\drivers\nis\1307010.005
2012-08-03 23:34:26 -------- d-----w- c:\program files\Diablo III
2012-08-03 21:17:10 -------- d-----w- c:\users\geoff\appdata\roaming\FixZeroAccess
2012-08-03 20:53:04 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-08-03 20:53:04 -------- d-----w- c:\program files\Symantec
2012-08-03 20:53:04 -------- d-----w- c:\program files\common files\Symantec Shared
2012-08-03 20:52:16 -------- d-----w- c:\windows\system32\drivers\NIS
2012-08-03 20:52:13 -------- d-----w- c:\program files\Norton Internet Security
2012-08-03 20:49:05 -------- d-----w- c:\programdata\NortonInstaller
2012-08-03 20:49:05 -------- d-----w- c:\program files\NortonInstaller
2012-08-03 20:13:37 -------- d-----w- c:\users\geoff\appdata\roaming\SPE
2012-08-03 20:04:35 -------- d-----w- c:\users\geoff\appdata\local\CrashDumps
2012-08-03 20:03:30 -------- d-----w- c:\users\geoff\appdata\local\NPE
2012-08-03 20:03:30 -------- d-----w- c:\programdata\Norton
2012-08-02 04:46:10 98320 ----a-w- c:\windows\system32\winsfinst.exe
2012-08-02 04:46:10 4108304 ----a-w- c:\windows\system32\win32cpr.dll
2012-08-02 04:46:10 2760720 ----a-w- c:\windows\system32\svcprs32.exe
2012-08-02 04:46:10 1744912 ----a-w- c:\windows\system32\winsflt.dll
2012-08-02 04:46:09 3207184 ----a-w- c:\windows\system32\mdmcls32.exe
2012-08-02 04:46:09 2990096 ----a-w- c:\windows\system32\winsflte.dll
2012-07-30 00:46:17 7440 ----a-w- c:\windows\system32\sporder.dll
2012-07-30 00:46:09 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2012-07-30 00:46:09 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2012-07-30 00:46:09 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2012-07-30 00:46:09 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2012-07-30 00:46:09 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2012-07-30 00:46:09 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2012-07-30 00:46:08 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2012-07-30 00:46:08 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2012-07-30 00:43:14 -------- d-----w- c:\program files\Total Defense
2012-07-30 00:00:06 -------- d-----w- c:\programdata\CA
2012-07-26 22:53:45 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-25 01:02:49 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-07-24 19:40:00 -------- d-----w- c:\program files\GUMA92A.tmp
2012-07-24 19:01:22 4024320 ----a-w- c:\program files\GUTF4C7.tmp
2012-07-24 19:01:22 4024320 ----a-w- c:\program files\GUTF3DD.tmp
2012-07-24 19:01:22 -------- d-----w- c:\program files\GUMF4C6.tmp
2012-07-24 19:01:22 -------- d-----w- c:\program files\GUMF3CC.tmp
2012-07-10 04:07:07 -------- d-----w- c:\programdata\FNP
.
==================== Find3M ====================
.
2012-08-02 21:57:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-02 21:57:35 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-30 00:43:20 9072 ----a-w- c:\windows\system32\drivers\28169
2012-06-03 19:50:24 9072 ----a-w- c:\windows\system32\drivers\4284
2012-06-03 19:27:09 0 ----a-w- c:\windows\ativpsrm.bin
2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: ST95005620AS rev.SD24 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83019000]<< >>UNKNOWN [0x8BBAC000]<< >>UNKNOWN [0x8BC11000]<< >>UNKNOWN [0x8BC08000]<< >>UNKNOWN [0x8342B000]<< >>UNKNOWN [0x8B587000]<< >>UNKNOWN [0x8B52C000]<< >>UNKNOWN [0x8B5AA000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x8305055A] -> \Device\Harddisk0\DR0[0x8680F030]
\Driver\Disk[0x859CF098] -> IRP_MJ_CREATE -> 0x8BBB039F
3 [0x8BBB059E] -> ntkrnlpa!IofCallDriver[0x8305055A] -> [0x8680E6D8]
\Driver\hpdskflt[0x867BC1A0] -> IRP_MJ_CREATE -> 0x8BC09EB2
5 [0x8BC09F92] -> ntkrnlpa!IofCallDriver[0x8305055A] -> \Device\Ide\IdeDeviceP1T0L0-2[0x86716908]
\Driver\atapi[0x866F9DB8] -> IRP_MJ_CREATE -> 0x8B5A18CC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:03:13.64 ===============
 
To keep you fully updated on my computer status:

-Yesterday I had to manually restore "Base Filtering Engine" with regedit so that Norton could properly function
-windows defender is no longer working (I don't know when this started)
-windows update is no longer working (I don't know when this started)
-the first time I tried to boot this computer to give you the DDS logs, it bluescreened during startup and I had to use the system startup repair from my boot disc - it said it didn't find any issues, but my computer started up fine after that

I'll have to continue with you tomorrow, as I have to get to bed for work tomorrow.

Thanks for taking a look at it Broni!!
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt
 
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 05-08-2012
Ran by SYSTEM at 05-08-2012 09:53:49
Running from F:\
Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1021224 2007-09-14] (Synaptics, Inc.)
HKLM\...\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2007-11-20] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2011-12-06] (Google)
HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288080 2009-07-17] (Microsoft Corporation)
HKLM\...\Run: [] [x]
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Geoff\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
Winlogon\Notify\PFW:
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GO36F4~1.DLL
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Geoff\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

================================ Services (Whitelisted) ==================

4 Agent; C:\Windows\agent.exe [155648 2011-08-24] ()
3 ArcGIS License Manager; C:\Program Files\ArcGIS\License10.1\bin\lmgrd.exe [1408904 2012-04-20] (Flexera Software, Inc.)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 FirebirdGuardianDefaultInstance; "C:\Program Files\FirebirdSQL\bin\fbguard.exe" -s DefaultInstance [81920 2009-07-22] (Firebird Project)
3 FirebirdServerDefaultInstance; "C:\Program Files\FirebirdSQL\bin\fbserver.exe" -s DefaultInstance [2736128 2009-07-22] (Firebird Project)
3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [1044816 2012-06-19] (Flexera Software, Inc.)
3 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2011-12-06] (Google)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 NIS; "C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\19.7.1.5\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
3 PCPitstop Scheduling; C:\Program Files\CA\PCPitstopScheduleService.exe [90864 2010-09-29] (PC Pitstop LLC)
3 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-07-05] (Skype Technologies S.A.)
3 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-07-13] (Skype Technologies)

========================== Drivers (Whitelisted) =============

3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146560 2007-08-28] (AuthenTec, Inc.)
1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [821920 2012-07-11] (Symantec Corporation)
1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1307010.005\ccSetx86.sys [132744 2011-11-29] (Symantec Corporation)
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-07-26] (DT Soft Ltd)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-03] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-03] (Symantec Corporation)
3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57672 2011-07-14] (FTDI Ltd.)
3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
3 GTIPCI21; C:\Windows\System32\DRIVERS\gtipci21.sys [88192 2006-09-14] (Texas Instruments)
3 HBtnKey; C:\Windows\System32\DRIVERS\cpqbttn.sys [15544 2010-02-24] (Hewlett-Packard Company)
3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2010-12-14] (Hewlett Packard)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120803.002\IDSvix86.sys [382624 2012-08-02] (Symantec Corporation)
3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-01] (Logitech, Inc.)
3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-01] (Logitech, Inc.)
3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41888 2007-05-09] (Logitech Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120804.009\NAVENG.SYS [87928 2012-08-03] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120804.009\NAVEX15.SYS [1589752 2012-08-03] (Symantec Corporation)
3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.)
3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [14112 2007-05-09] (Logitech Inc.)
3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [1276832 2007-05-09] (Logitech Inc.)
1 SRTSP; C:\Windows\System32\Drivers\NIS\1307010.005\SRTSP.SYS [574072 2012-03-28] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NIS\1307010.005\SRTSPX.SYS [32888 2012-03-28] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NIS\1307010.005\SYMDS.SYS [340088 2011-07-25] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NIS\1307010.005\SYMEFA.SYS [905336 2012-03-28] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-08-03] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NIS\1307010.005\Ironx86.SYS [149624 2012-03-28] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NIS\1307010.005\SYMNETS.SYS [318584 2012-03-28] (Symantec Corporation)
3 18687; C:\Windows\System32\DRIVERS\18687 [x]
3 28169; C:\Windows\System32\DRIVERS\28169 [x]
3 4284; C:\Windows\System32\DRIVERS\4284 [x]
3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [x]
3 UIUSys; C:\Windows\System32\DRIVERS\UIUSYS.SYS [x]
3 XDva391; \??\C:\Windows\system32\XDva391.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-05 09:53 - 2012-08-05 09:53 - 00000000 ____D C:\FRST
2012-08-04 20:56 - 2012-08-04 20:56 - 00143648 ____A C:\Windows\Minidump\080412-30310-01.dmp
2012-08-04 19:46 - 2012-08-04 19:46 - 00000596 ____A C:\Users\Geoff\Desktop\GMER log 3.log
2012-08-04 19:45 - 2012-08-04 19:45 - 00036866 ____A C:\Users\Geoff\Desktop\GMER Log 2.log
2012-08-04 15:49 - 2012-08-04 15:50 - 00302592 ____A C:\Users\Geoff\Desktop\hdkj80hq.exe
2012-08-04 15:45 - 2012-08-04 15:45 - 00000000 ____D C:\Users\Geoff\AppData\Roaming\Malwarebytes
2012-08-04 15:44 - 2012-08-04 15:44 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-04 15:44 - 2012-08-04 15:44 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-04 15:44 - 2012-08-04 15:44 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-08-04 15:44 - 2012-07-03 12:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-04 15:43 - 2012-08-04 15:44 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Geoff\Desktop\mbam-setup-1.62.0.1300.exe
2012-08-04 15:10 - 2012-08-04 15:10 - 00001502 ____A C:\Users\Geoff\Desktop\ZeroAccess!inf Scan Info.txt
2012-08-03 15:34 - 2012-08-03 18:27 - 00000000 ____D C:\Program Files\Diablo III
2012-08-03 15:34 - 2012-08-03 15:36 - 00001147 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-08-03 15:27 - 2012-08-03 15:33 - 40048208 ____A (Blizzard Entertainment) C:\Users\Geoff\Downloads\Diablo-III-Setup-enUS.exe
2012-08-03 14:24 - 2012-08-03 14:24 - 00000000 ____D C:\Users\Geoff\Documents\Windows 7 32 bit
2012-08-03 14:08 - 2012-08-03 14:08 - 00187464 ____A (Webroot) C:\Users\Geoff\Desktop\KillZeroAccess.exe
2012-08-03 13:35 - 2012-08-03 13:35 - 00000000 ____D C:\Users\Geoff\Documents\BFE
2012-08-03 13:25 - 2012-08-03 14:00 - 01805736 ____A (Symantec Corporation) C:\Users\Geoff\Desktop\FixZeroAccess.exe
2012-08-03 13:17 - 2012-08-03 13:17 - 00000000 ____D C:\Users\Geoff\AppData\Roaming\FixZeroAccess
2012-08-03 12:53 - 2012-08-03 19:58 - 00000000 ____D C:\Program Files\Symantec
2012-08-03 12:53 - 2012-08-03 19:57 - 00141944 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2012-08-03 12:53 - 2012-08-03 19:57 - 00007468 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2012-08-03 12:53 - 2012-08-03 13:08 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-08-03 12:52 - 2012-08-04 10:17 - 00002414 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2012-08-03 12:52 - 2012-08-04 10:17 - 00000000 ____D C:\Windows\System32\Drivers\NIS
2012-08-03 12:52 - 2012-08-03 12:52 - 00000000 ____D C:\Program Files\Norton Internet Security
2012-08-03 12:21 - 2012-08-03 12:19 - 00021218 ____A C:\Windows\ntbtlog.txt.bak
2012-08-03 12:19 - 2012-08-03 12:19 - 02841104 ____A (Symantec Corporation) C:\Users\Geoff\Desktop\NPE.exe
2012-08-03 12:14 - 2012-08-03 12:15 - 14388739 ____A C:\Users\Geoff\AppData\Roaming\SMRBackup250.dat
2012-08-03 12:13 - 2012-08-03 12:13 - 00000000 ____D C:\Users\Geoff\AppData\Roaming\SPE
2012-08-03 12:07 - 2012-08-03 12:07 - 00000000 ____A C:\KmxAMRT.asc
2012-08-03 12:04 - 2012-08-03 15:33 - 00000000 ____D C:\Users\Geoff\AppData\Local\CrashDumps
2012-08-03 12:03 - 2012-08-03 13:15 - 00000000 ____D C:\Users\Geoff\AppData\Local\NPE
2012-08-03 12:03 - 2012-08-03 12:53 - 00000000 ____D C:\Users\All Users\Norton
2012-08-02 12:17 - 2012-08-02 12:26 - 00000000 ____D C:\Users\Geoff\Desktop\Securities
2012-08-02 09:30 - 2012-08-02 09:30 - 00001226 ____A C:\messages.xml
2012-08-01 20:46 - 2012-08-01 20:46 - 01744912 ____A () C:\Windows\System32\winsflt.dll
2012-08-01 20:46 - 2011-06-29 13:27 - 02760720 ____A () C:\Windows\System32\svcprs32.exe
2012-08-01 20:46 - 2011-06-29 13:23 - 00098320 ____A C:\Windows\System32\winsfinst.exe
2012-08-01 20:46 - 2011-06-29 13:22 - 04108304 ____A () C:\Windows\System32\win32cpr.dll
2012-08-01 20:46 - 2011-06-29 13:20 - 03207184 ____A () C:\Windows\System32\mdmcls32.exe
2012-08-01 20:46 - 2011-06-29 12:53 - 02990096 ____A (PureSight Technologies Ltd) C:\Windows\System32\winsflte.dll
2012-07-31 07:05 - 2012-07-31 11:59 - 00143696 ____A C:\Windows\Minidump\073112-19936-01.dmp
2012-07-30 19:24 - 2012-07-30 19:24 - 00143384 ____A C:\Windows\Minidump\073012-15147-01.dmp
2012-07-29 16:46 - 2012-07-29 16:46 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2012-07-29 16:46 - 2002-01-01 13:02 - 00007440 ____A (Microsoft Corporation) C:\Windows\System32\sporder.dll
2012-07-29 16:43 - 2012-07-29 16:43 - 00009072 ____A C:\Windows\System32\Drivers\28169
2012-07-29 16:43 - 2012-07-29 16:43 - 00000000 ____D C:\Program Files\Total Defense
2012-07-29 16:00 - 2012-08-03 13:04 - 00000000 ____D C:\Users\All Users\CA
2012-07-29 15:44 - 2012-07-29 15:47 - 41500564 ____A (Total Defense, Inc.) C:\Users\Geoff\Desktop\issdm_td_en.exe.part
2012-07-26 14:53 - 2012-07-26 14:53 - 00242240 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-07-26 07:28 - 2012-07-26 07:28 - 00000000 ____D C:\Users\Export\Source_Code
2012-07-26 07:28 - 2012-07-26 07:28 - 00000000 ____D C:\users\Export
2012-07-26 07:28 - 2011-02-01 11:07 - 00209608 ____A (Microsoft Corporation) C:\Users\Export\TABCTL32.OCX
2012-07-26 07:28 - 2010-05-25 09:14 - 00368640 ____A (City of Portland, Bureau of Planning) C:\Users\Export\ExporttoKML.dll
2012-07-26 07:28 - 2009-09-08 14:18 - 00001573 ____A C:\Users\Export\ExporttoKML_64bit.reg
2012-07-26 07:28 - 2008-06-02 10:13 - 00001178 ____A C:\Users\Export\ExporttoKML_INSTALL.bat
2012-07-26 07:28 - 2008-06-02 10:13 - 00000703 ____A C:\Users\Export\ExporttoKML_UNINSTALL.bat
2012-07-26 07:28 - 2006-02-22 15:45 - 00001498 ____A C:\Users\Export\ExporttoKML.reg
2012-07-24 17:02 - 2012-07-26 14:53 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2012-07-24 11:40 - 2012-07-24 11:40 - 00000000 ____D C:\Program Files\GUMA92A.tmp
2012-07-24 11:01 - 2012-07-24 11:01 - 04024320 ____A C:\Program Files\GUTF4C7.tmp
2012-07-24 11:01 - 2012-07-24 11:01 - 04024320 ____A C:\Program Files\GUTF3DD.tmp
2012-07-24 11:01 - 2012-07-24 11:01 - 00000000 ____D C:\Program Files\GUMF4C6.tmp
2012-07-24 11:01 - 2012-07-24 11:01 - 00000000 ____D C:\Program Files\GUMF3CC.tmp
2012-07-09 20:07 - 2012-07-09 20:07 - 00000000 ____D C:\Users\All Users\FNP
2012-07-09 20:05 - 2012-07-09 20:05 - 00000000 ____D C:\Users\Geoff\Documents\ArcGIS 10.1

============ 3 Months Modified Files ========================

2012-08-05 08:45 - 2011-08-24 11:33 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-05 08:33 - 2011-07-14 08:46 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-168794860-1045125424-4017413192-1000UA.job
2012-08-05 07:57 - 2012-04-12 13:16 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-05 07:14 - 2010-11-20 13:01 - 00777976 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-05 07:12 - 2009-07-13 20:34 - 00020528 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-05 07:12 - 2009-07-13 20:34 - 00020528 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-05 07:05 - 2011-08-24 11:33 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-05 07:05 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-05 07:05 - 2009-07-13 20:39 - 00061197 ____A C:\Windows\setupact.log
2012-08-04 20:56 - 2012-08-04 20:56 - 00143648 ____A C:\Windows\Minidump\080412-30310-01.dmp
2012-08-04 20:56 - 2011-07-23 22:35 - 317488458 ____A C:\Windows\MEMORY.DMP
2012-08-04 20:55 - 2010-11-20 13:48 - 00217804 ____A C:\Windows\PFRO.log
2012-08-04 19:46 - 2012-08-04 19:46 - 00000596 ____A C:\Users\Geoff\Desktop\GMER log 3.log
2012-08-04 19:45 - 2012-08-04 19:45 - 00036866 ____A C:\Users\Geoff\Desktop\GMER Log 2.log
2012-08-04 16:33 - 2011-07-14 08:46 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-168794860-1045125424-4017413192-1000Core.job
2012-08-04 15:50 - 2012-08-04 15:49 - 00302592 ____A C:\Users\Geoff\Desktop\hdkj80hq.exe
2012-08-04 15:44 - 2012-08-04 15:44 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-04 15:44 - 2012-08-04 15:43 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Geoff\Desktop\mbam-setup-1.62.0.1300.exe
2012-08-04 15:10 - 2012-08-04 15:10 - 00001502 ____A C:\Users\Geoff\Desktop\ZeroAccess!inf Scan Info.txt
2012-08-04 10:17 - 2012-08-03 12:52 - 00002414 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2012-08-03 19:57 - 2012-08-03 12:53 - 00141944 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2012-08-03 19:57 - 2012-08-03 12:53 - 00007468 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2012-08-03 15:36 - 2012-08-03 15:34 - 00001147 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-08-03 15:33 - 2012-08-03 15:27 - 40048208 ____A (Blizzard Entertainment) C:\Users\Geoff\Downloads\Diablo-III-Setup-enUS.exe
2012-08-03 14:08 - 2012-08-03 14:08 - 00187464 ____A (Webroot) C:\Users\Geoff\Desktop\KillZeroAccess.exe
2012-08-03 14:00 - 2012-08-03 13:25 - 01805736 ____A (Symantec Corporation) C:\Users\Geoff\Desktop\FixZeroAccess.exe
2012-08-03 13:29 - 2011-07-13 20:34 - 01139468 ____A C:\Windows\WindowsUpdate.log
2012-08-03 12:50 - 2011-07-14 09:13 - 00269596 ____A C:\Windows\System32\Drivers\KmxAgent.asc
2012-08-03 12:49 - 2011-07-13 19:05 - 00032949 ____A C:\Windows\System32\FDInstall.log
2012-08-03 12:19 - 2012-08-03 12:21 - 00021218 ____A C:\Windows\ntbtlog.txt.bak
2012-08-03 12:19 - 2012-08-03 12:19 - 02841104 ____A (Symantec Corporation) C:\Users\Geoff\Desktop\NPE.exe
2012-08-03 12:15 - 2012-08-03 12:14 - 14388739 ____A C:\Users\Geoff\AppData\Roaming\SMRBackup250.dat
2012-08-03 12:07 - 2012-08-03 12:07 - 00000000 ____A C:\KmxAMRT.asc
2012-08-02 13:57 - 2012-04-12 13:16 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-02 13:57 - 2011-07-13 18:06 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-02 09:30 - 2012-08-02 09:30 - 00001226 ____A C:\messages.xml
2012-08-02 07:28 - 2012-06-01 15:22 - 00002429 ___AC C:\Windows\System32\nrmtest.log.xml
2012-08-01 20:46 - 2012-08-01 20:46 - 01744912 ____A () C:\Windows\System32\winsflt.dll
2012-07-31 11:59 - 2012-07-31 07:05 - 00143696 ____A C:\Windows\Minidump\073112-19936-01.dmp
2012-07-30 19:24 - 2012-07-30 19:24 - 00143384 ____A C:\Windows\Minidump\073012-15147-01.dmp
2012-07-29 16:43 - 2012-07-29 16:43 - 00009072 ____A C:\Windows\System32\Drivers\28169
2012-07-29 15:47 - 2012-07-29 15:44 - 41500564 ____A (Total Defense, Inc.) C:\Users\Geoff\Desktop\issdm_td_en.exe.part
2012-07-26 14:53 - 2012-07-26 14:53 - 00242240 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-07-24 11:01 - 2012-07-24 11:01 - 04024320 ____A C:\Program Files\GUTF4C7.tmp
2012-07-24 11:01 - 2012-07-24 11:01 - 04024320 ____A C:\Program Files\GUTF3DD.tmp
2012-07-09 07:55 - 2012-06-25 16:48 - 00000079 ____A C:\Windows\omv.INI
2012-07-03 18:01 - 2011-12-09 13:56 - 00000468 ____A C:\Windows\BRWMARK.INI
2012-07-03 16:22 - 2012-01-18 17:56 - 00001999 ____A C:\Users\All Users\hpzinstall.log
2012-07-03 16:21 - 2012-07-03 16:18 - 00182871 ____A C:\Windows\hpwins11.dat
2012-07-03 16:19 - 2011-07-13 18:13 - 00012518 ____A C:\Windows\DPINST.LOG
2012-07-03 16:17 - 2012-07-03 16:12 - 96023464 ____A C:\Users\Geoff\Desktop\OJProK8600_Basic_13.exe
2012-07-03 15:43 - 2012-07-03 15:43 - 00065189 ____A C:\Users\Geoff\Desktop\Troubleshoot HP Installation Failure - Network.hta
2012-07-03 15:42 - 2012-07-03 15:42 - 00000057 ____A C:\Users\All Users\Ament.ini
2012-07-03 15:41 - 2012-07-03 15:41 - 00002176 ____A C:\Users\Public\Desktop\HP Officejet 7500 E910.lnk
2012-07-03 15:41 - 2012-07-03 15:41 - 00001868 ____A C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 7500 E910.lnk
2012-07-03 15:41 - 2012-07-03 15:41 - 00001159 ____A C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 7500 E910.lnk
2012-07-03 15:41 - 2012-07-03 15:41 - 00001154 ____A C:\Users\Public\Desktop\HP Officejet 7500 E910 Scan.lnk
2012-07-03 15:40 - 2012-07-03 15:38 - 43419000 ____A C:\Users\Geoff\Desktop\OJ7500_E910_Basic_x86_231.exe
2012-07-03 12:46 - 2012-08-04 15:44 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 10:45 - 2012-07-02 10:40 - 49756040 ____A (Blue Marble Geographics) C:\Users\Geoff\Desktop\global_mapper_setup.exe
2012-06-30 16:17 - 2012-06-30 16:17 - 00007909 ____A C:\Users\Geoff\Desktop\Data to fit.xlsx
2012-06-25 16:47 - 2012-06-25 16:47 - 00001258 ____A C:\Users\Public\Desktop\Oasis montaj Viewer.lnk
2012-06-25 16:01 - 2012-06-25 16:01 - 00002094 ____A C:\Users\Public\Desktop\Surfer 10 (32-bit).lnk
2012-06-20 20:37 - 2009-07-13 20:33 - 00488168 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-19 09:35 - 2011-07-13 18:12 - 00142296 ____A C:\Users\Geoff\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-19 08:12 - 2012-06-19 08:12 - 00000011 ___RA C:\Windows\amunres.lsl
2012-06-18 20:48 - 2012-06-18 20:48 - 00143576 ____A C:\Windows\Minidump\061812-21481-01.dmp
2012-06-15 13:34 - 2012-06-15 13:34 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-13 19:59 - 2012-06-13 19:59 - 00416448 ____A C:\Windows\Minidump\061312-15974-01.dmp
2012-06-13 19:58 - 2012-06-13 19:58 - 00000000 ____A C:\Windows\Minidump\061312-20529-01.dmp
2012-06-09 07:36 - 2012-06-09 07:36 - 00002014 ____A C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
2012-06-07 15:54 - 2012-06-03 10:44 - 00004530 ____A C:\Windows\pcsetup.log
2012-06-06 15:57 - 2012-06-06 15:57 - 00000000 ____A C:\Users\Geoff\Downloads\vlc-2.0.1-win32.exe
2012-06-06 15:48 - 2012-06-06 12:13 - 3889102848 ____A C:\Users\Geoff\Downloads\IbycusTopo32.iso
2012-06-06 13:27 - 2012-06-06 13:27 - 00143576 ____A C:\Windows\Minidump\060612-20467-01.dmp
2012-06-05 14:59 - 2012-06-05 14:59 - 00001250 ____A C:\Users\Public\Desktop\ZoomBrowser EX.lnk
2012-06-05 14:59 - 2012-06-05 14:59 - 00001067 ____A C:\Users\Public\Desktop\Picture Style Editor.lnk
2012-06-05 14:59 - 2012-06-05 14:59 - 00001037 ____A C:\Users\Public\Desktop\EOS Utility.lnk
2012-06-05 14:58 - 2012-06-05 14:58 - 00001102 ____A C:\Users\Public\Desktop\Digital Photo Professional.lnk
2012-06-04 15:15 - 2012-06-04 15:12 - 00000124 ____A C:\Users\Geoff\Desktop\BCeID - Mary Creek.txt
2012-06-03 13:06 - 2012-06-03 13:04 - 07001280 ____A C:\Users\Geoff\Desktop\Backup of Hunter Porcupine Gold.wbk
2012-06-03 12:10 - 2012-06-03 12:10 - 00000193 ____A C:\exception-failed.txt
2012-06-03 11:50 - 2012-06-03 11:50 - 00009072 ____A C:\Windows\System32\Drivers\4284
2012-06-03 11:47 - 2012-06-03 11:35 - 176671024 ____A (Total Defense, Inc.) C:\Users\Geoff\Downloads\issdm_td_en.exe
2012-06-03 11:27 - 2012-06-03 11:27 - 00000000 ____A C:\Windows\ativpsrm.bin
2012-06-03 11:13 - 2012-06-03 11:05 - 111652152 ____A (Hewlett Packard ) C:\Users\Geoff\Downloads\Legacy Video Driver (from hp).exe
2012-06-03 08:55 - 2012-06-03 08:49 - 45241264 ____A (Advanced Micro Devices, Inc.) C:\Users\Geoff\Desktop\8-12_vista32_dd_ccc_wdm_enu_72275 (hardware heaven).exe
2012-06-02 14:19 - 2012-06-18 14:05 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 14:05 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 14:05 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-18 14:05 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 14:05 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 14:05 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-18 14:05 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-18 14:05 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-18 14:05 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 16:48 - 2009-07-13 18:04 - 00000513 ____A C:\Windows\win.ini
2012-05-31 14:59 - 2012-05-31 14:59 - 00000121 ____A C:\Windows\System32\msiexec.log
2012-05-31 07:33 - 2011-11-28 14:48 - 00000763 ____A C:\Users\Geoff\AppData\Roaming\bibstats
2012-05-29 16:56 - 2012-05-29 16:56 - 00322248 ____A C:\Windows\Minidump\052912-22900-01.dmp
2012-05-25 12:57 - 2011-10-02 20:01 - 00000770 ____A C:\Users\Geoff\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-05-25 12:57 - 2011-10-02 19:54 - 00001352 ____A C:\Users\Geoff\AppData\Roaming\Rim.Desktop.Exception.log
2012-05-25 11:37 - 2012-05-25 11:35 - 00038088 ____A C:\P1005.log
2012-05-25 09:35 - 2012-05-25 09:35 - 00001814 ____A C:\Users\Public\Desktop\Neat.lnk
2012-05-25 09:25 - 2012-05-25 09:25 - 00000218 ____A C:\Windows\NeatWorksUninstall.LOG
2012-05-09 16:48 - 2012-05-09 16:48 - 00000484 ____A C:\Users\Geoff\Desktop\Resume Download of MapleStory.url


ZeroAccess:
C:\Windows\Installer\{51f2c320-465a-b82c-db4c-992d1544e03c}
C:\Windows\Installer\{51f2c320-465a-b82c-db4c-992d1544e03c}\@
C:\Windows\Installer\{51f2c320-465a-b82c-db4c-992d1544e03c}\L
C:\Windows\Installer\{51f2c320-465a-b82c-db4c-992d1544e03c}\U
C:\Windows\Installer\{51f2c320-465a-b82c-db4c-992d1544e03c}\U\00000001.@

ZeroAccess:
C:\Users\Geoff\AppData\Local\{51f2c320-465a-b82c-db4c-992d1544e03c}
C:\Users\Geoff\AppData\Local\{51f2c320-465a-b82c-db4c-992d1544e03c}\@
C:\Users\Geoff\AppData\Local\{51f2c320-465a-b82c-db4c-992d1544e03c}\L
C:\Users\Geoff\AppData\Local\{51f2c320-465a-b82c-db4c-992d1544e03c}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3071.43 MB
Available physical RAM: 2550.66 MB
Total Pagefile: 3069.71 MB
Available Pagefile: 2559.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.68 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:135.22 GB) NTFS
2 Drive e: (GSP1RMCPRFRER_EN_DVD) (CDROM) (Total:2.39 GB) (Free:0 GB) UDF
3 Drive f: () (Removable) (Total:3.75 GB) (Free:3.75 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3848 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 465 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3847 MB 32 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 3847 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-29 16:26

======================= End Of Log ==========================
 
Farbar Recovery Scan Tool Version: 05-08-2012
Ran by SYSTEM at 2012-08-05 09:55:17
Running from F:\

================== Search: "service.exe" ===================

=== End Of Search ===
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    362 bytes · Views: 1
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-08-2012
Ran by SYSTEM at 2012-08-05 11:56:45 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
18687 service deleted successfully.
28169 service deleted successfully.
4284 service deleted successfully.
C:\Windows\Installer\{51f2c320-465a-b82c-db4c-992d1544e03c} moved successfully.
C:\Users\Geoff\AppData\Local\{51f2c320-465a-b82c-db4c-992d1544e03c} moved successfully.

==== End of Fixlog ====
 
ComboFix 12-08-05.02 - Geoff 08/05/2012 12:05:39.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1946 [GMT -7:00]
Running from: C:\Users\Geoff\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\install.exe
C:\Program Files\lol
C:\Program Files\lol\LeagueOfLegends\0x0409.ini
C:\Program Files\lol\LeagueOfLegends\data1.cab
C:\Program Files\lol\LeagueOfLegends\data1.hdr
C:\Program Files\lol\LeagueOfLegends\data2.cab
C:\Program Files\lol\LeagueOfLegends\ISSetup.dll
C:\Program Files\lol\LeagueOfLegends\layout.bin
C:\Program Files\lol\LeagueOfLegends\setup.exe
C:\Program Files\lol\LeagueOfLegends\setup.ini
C:\Program Files\lol\LeagueOfLegends\setup.inx
C:\Program Files\lol\LeagueOfLegends\setup.isn
C:\Users\Geoff\AppData\Local\assembly\tmp
C:\Users\Geoff\AppData\Local\assembly\tmp\2G4HICEB\__AssemblyInfo__.ini
C:\Users\Geoff\AppData\Local\assembly\tmp\2G4HICEB\Google.Connect.Plugin.DLL
C:\Users\Geoff\AppData\Local\assembly\tmp\3GQWI89E\__AssemblyInfo__.ini
C:\Users\Geoff\AppData\Local\assembly\tmp\3GQWI89E\Interop.Office.DLL
C:\Users\Geoff\AppData\Local\assembly\tmp\6Y9RUZCL\__AssemblyInfo__.ini
C:\Users\Geoff\AppData\Local\assembly\tmp\B03ICXZO\__AssemblyInfo__.ini
C:\Users\Geoff\AppData\Local\assembly\tmp\EIG7N6EQ\__AssemblyInfo__.ini
C:\Users\Geoff\AppData\Local\assembly\tmp\ZJD09CGK\__AssemblyInfo__.ini
C:\Users\Geoff\AppData\Local\Microsoft\Windows\Temporary Internet Files\{197DABC5-CECF-4467-8BF2-E91BCA98B8A3}.xps
C:\Users\Geoff\AppData\Roaming\.#
C:\Users\Geoff\videos\ac3filter_1_63b.exe
C:\Users\Geoff\videos\DivXInstaller.exe
C:\Users\Geoff\videos\GoogleEarthSetup.exe
C:\Users\Geoff\videos\vlc-1.1.11-win32.exe


((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))


2012-08-05 19:16:51 . 2012-08-05 19:16:51 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-08-05 17:53:32 . 2012-08-05 17:53:49 -------- d-----w- C:\FRST
2012-08-04 23:45:08 . 2012-08-04 23:45:08 -------- d-----w- C:\Users\Geoff\AppData\Roaming\Malwarebytes
2012-08-04 23:44:47 . 2012-08-04 23:44:47 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-04 23:44:46 . 2012-08-04 23:44:51 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-08-04 23:44:46 . 2012-07-03 20:46:44 22344 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-08-03 23:34:26 . 2012-08-04 02:27:23 -------- d-----w- C:\Program Files\Diablo III
2012-08-03 21:17:10 . 2012-08-03 21:17:10 -------- d-----w- C:\Users\Geoff\AppData\Roaming\FixZeroAccess
2012-08-03 20:53:04 . 2012-08-04 03:58:10 -------- d-----w- C:\Program Files\Symantec
2012-08-03 20:53:04 . 2012-08-04 03:57:55 141944 ----a-w- C:\Windows\system32\drivers\SYMEVENT.SYS
2012-08-03 20:53:04 . 2012-08-03 21:08:51 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-08-03 20:52:16 . 2012-08-04 18:17:20 -------- d-----w- C:\Windows\system32\drivers\NIS
2012-08-03 20:52:13 . 2012-08-03 20:52:16 -------- d-----w- C:\Program Files\Norton Internet Security
2012-08-03 20:49:05 . 2012-08-03 20:49:05 -------- d-----w- C:\Program Files\NortonInstaller
2012-08-03 20:13:37 . 2012-08-03 20:13:37 -------- d-----w- C:\Users\Geoff\AppData\Roaming\SPE
2012-08-03 20:04:35 . 2012-08-03 23:33:32 -------- d-----w- C:\Users\Geoff\AppData\Local\CrashDumps
2012-08-03 20:03:30 . 2012-08-03 21:15:25 -------- d-----w- C:\Users\Geoff\AppData\Local\NPE
2012-08-03 20:03:30 . 2012-08-03 20:53:13 -------- d-----w- C:\ProgramData\Norton
2012-08-02 04:46:10 . 2012-08-02 04:46:10 1744912 ----a-w- C:\Windows\system32\winsflt.dll
2012-08-02 04:46:10 . 2011-06-29 21:27:30 2760720 ----a-w- C:\Windows\system32\svcprs32.exe
2012-08-02 04:46:10 . 2011-06-29 21:23:34 98320 ----a-w- C:\Windows\system32\winsfinst.exe
2012-08-02 04:46:10 . 2011-06-29 21:22:18 4108304 ----a-w- C:\Windows\system32\win32cpr.dll
2012-08-02 04:46:09 . 2011-06-29 21:20:02 3207184 ----a-w- C:\Windows\system32\mdmcls32.exe
2012-08-02 04:46:09 . 2011-06-29 20:53:02 2990096 ----a-w- C:\Windows\system32\winsflte.dll
2012-07-30 00:46:17 . 2002-01-01 21:02:02 7440 ----a-w- C:\Windows\system32\sporder.dll
2012-07-30 00:46:08 . 2012-07-30 00:46:08 -------- d-----w- C:\Program Files\Common Files\InstallShield
2012-07-30 00:43:14 . 2012-07-30 00:43:14 -------- d-----w- C:\Program Files\Total Defense
2012-07-30 00:00:06 . 2012-08-03 21:04:22 -------- d-----w- C:\ProgramData\CA
2012-07-26 22:53:45 . 2012-07-26 22:53:45 242240 ----a-w- C:\Windows\system32\drivers\dtsoftbus01.sys
2012-07-26 15:28:26 . 2012-07-26 15:28:26 -------- d-----w- C:\Users\Export
2012-07-25 01:02:49 . 2012-07-26 22:53:45 -------- d-----w- C:\Program Files\DAEMON Tools Lite
2012-07-24 19:40:00 . 2012-07-24 19:40:01 -------- d-----w- C:\Program Files\GUMA92A.tmp
2012-07-24 19:01:22 . 2012-07-24 19:01:22 4024320 ----a-w- C:\Program Files\GUTF4C7.tmp
2012-07-24 19:01:22 . 2012-07-24 19:01:22 4024320 ----a-w- C:\Program Files\GUTF3DD.tmp
2012-07-24 19:01:22 . 2012-07-24 19:01:22 -------- d-----w- C:\Program Files\GUMF4C6.tmp
2012-07-24 19:01:22 . 2012-07-24 19:01:22 -------- d-----w- C:\Program Files\GUMF3CC.tmp
2012-07-10 04:07:07 . 2012-07-10 04:07:07 -------- d-----w- C:\ProgramData\FNP
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-08-02 21:57:35 . 2012-04-12 21:16:51 426184 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2012-08-02 21:57:35 . 2011-07-14 02:06:49 70344 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-07-30 00:43:20 . 2012-07-30 00:43:20 9072 ----a-w- C:\Windows\system32\drivers\28169
2012-06-03 19:50:24 . 2012-06-03 19:50:24 9072 ----a-w- C:\Windows\system32\drivers\4284
2012-06-02 22:19:42 . 2012-06-18 22:05:03 171904 ----a-w- C:\Windows\system32\wuwebv.dll
2012-06-02 22:19:33 . 2012-06-18 22:05:38 53784 ----a-w- C:\Windows\system32\wuauclt.exe
2012-06-02 22:19:33 . 2012-06-18 22:05:38 45080 ----a-w- C:\Windows\system32\wups2.dll
2012-06-02 22:19:32 . 2012-06-18 22:05:24 35864 ----a-w- C:\Windows\system32\wups.dll
2012-06-02 22:19:23 . 2012-06-18 22:05:24 577048 ----a-w- C:\Windows\system32\wuapi.dll
2012-06-02 22:19:17 . 2012-06-18 22:05:38 1933848 ----a-w- C:\Windows\system32\wuaueng.dll
2012-06-02 22:12:32 . 2012-06-18 22:05:38 2422272 ----a-w- C:\Windows\system32\wucltux.dll
2012-06-02 22:12:20 . 2012-06-18 22:05:03 33792 ----a-w- C:\Windows\system32\wuapp.exe
2012-06-02 22:12:13 . 2012-06-18 22:05:24 88576 ----a-w- C:\Windows\system32\wudriver.dll
2012-08-02 14:56:24 . 2011-07-14 01:58:00 136672 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
2011-12-06 19:56:51 . 2011-12-06 19:56:52 119808 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
14:34:47.0547 5752 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:34:48.0576 5752 ============================================================
14:34:48.0576 5752 Current date / time: 2012/08/05 14:34:48.0576
14:34:48.0576 5752 SystemInfo:
14:34:48.0576 5752
14:34:48.0576 5752 OS Version: 6.1.7601 ServicePack: 1.0
14:34:48.0576 5752 Product type: Workstation
14:34:48.0576 5752 ComputerName: OMNICRONPERSEI8
14:34:48.0576 5752 UserName: Geoff
14:34:48.0576 5752 Windows directory: C:\Windows
14:34:48.0576 5752 System windows directory: C:\Windows
14:34:48.0576 5752 Processor architecture: Intel x86
14:34:48.0576 5752 Number of processors: 2
14:34:48.0576 5752 Page size: 0x1000
14:34:48.0576 5752 Boot type: Normal boot
14:34:48.0576 5752 ============================================================
14:34:50.0245 5752 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
14:34:50.0245 5752 Drive \Device\Harddisk1\DR1 - Size: 0xF0800000 (3.76 Gb), SectorSize: 0x200, Cylinders: 0x1EA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:34:50.0245 5752 ============================================================
14:34:50.0245 5752 \Device\Harddisk0\DR0:
14:34:50.0245 5752 MBR partitions:
14:34:50.0245 5752 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:34:50.0245 5752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
14:34:50.0245 5752 \Device\Harddisk1\DR1:
14:34:50.0245 5752 MBR partitions:
14:34:50.0245 5752 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x40, BlocksNum 0x783FC0
14:34:50.0245 5752 ============================================================
14:34:50.0245 5752 C: <-> \Device\Harddisk0\DR0\Partition1
14:34:50.0245 5752 ============================================================
14:34:50.0245 5752 Initialize success
14:34:50.0245 5752 ============================================================
14:35:05.0003 5848 ============================================================
14:35:05.0003 5848 Scan started
14:35:05.0003 5848 Mode: Manual;
14:35:05.0003 5848 ============================================================
14:35:07.0702 5848 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys
14:35:07.0717 5848 1394ohci - ok
14:35:07.0749 5848 Accelerometer (cc1f1d3d70dc13c2c281488d347d4415) C:\Windows\system32\DRIVERS\Accelerometer.sys
14:35:07.0749 5848 Accelerometer - ok
14:35:07.0795 5848 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
14:35:07.0811 5848 ACPI - ok
14:35:07.0827 5848 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
14:35:07.0827 5848 AcpiPmi - ok
14:35:07.0920 5848 ADIHdAudAddService (fb9ece3f7b8a03e474e611031ad4cd23) C:\Windows\system32\drivers\ADIHdAud.sys
14:35:07.0920 5848 ADIHdAudAddService - ok
14:35:07.0983 5848 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:35:07.0998 5848 AdobeFlashPlayerUpdateSvc - ok
14:35:08.0061 5848 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
14:35:08.0061 5848 adp94xx - ok
14:35:08.0107 5848 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
14:35:08.0123 5848 adpahci - ok
14:35:08.0154 5848 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
14:35:08.0154 5848 adpu320 - ok
14:35:08.0201 5848 AEADIFilters (12d23758621b00b8d3134095ec3325fd) C:\Windows\system32\AEADISRV.EXE
14:35:08.0201 5848 AEADIFilters - ok
14:35:08.0217 5848 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
14:35:08.0217 5848 AeLookupSvc - ok
14:35:08.0279 5848 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
14:35:08.0279 5848 AFD - ok
14:35:08.0310 5848 Agent (b3aa46598403f63574f84880f2f2db8c) C:\Windows\agent.exe
14:35:08.0326 5848 Agent - ok
14:35:08.0341 5848 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
14:35:08.0341 5848 agp440 - ok
14:35:08.0373 5848 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
14:35:08.0373 5848 aic78xx - ok
14:35:08.0388 5848 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
14:35:08.0404 5848 ALG - ok
14:35:08.0404 5848 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
14:35:08.0404 5848 aliide - ok
14:35:08.0435 5848 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
14:35:08.0435 5848 amdagp - ok
14:35:08.0451 5848 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
14:35:08.0451 5848 amdide - ok
14:35:08.0482 5848 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
14:35:08.0482 5848 AmdK8 - ok
14:35:08.0497 5848 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
14:35:08.0497 5848 AmdPPM - ok
14:35:08.0529 5848 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
14:35:08.0529 5848 amdsata - ok
14:35:08.0560 5848 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
14:35:08.0560 5848 amdsbs - ok
14:35:08.0575 5848 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
14:35:08.0575 5848 amdxata - ok
14:35:08.0607 5848 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
14:35:08.0607 5848 AppID - ok
14:35:08.0622 5848 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
14:35:08.0622 5848 AppIDSvc - ok
14:35:08.0638 5848 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
14:35:08.0638 5848 Appinfo - ok
14:35:08.0700 5848 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:35:08.0716 5848 Apple Mobile Device - ok
14:35:08.0747 5848 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
14:35:08.0747 5848 AppMgmt - ok
14:35:08.0778 5848 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
14:35:08.0778 5848 arc - ok
14:35:08.0887 5848 ArcGIS License Manager (9b2055f86da50e5a945f067e86d15993) C:\Program Files\ArcGIS\License10.1\bin\lmgrd.exe
14:35:08.0919 5848 ArcGIS License Manager - ok
14:35:09.0059 5848 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
14:35:09.0075 5848 arcsas - ok
14:35:09.0121 5848 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:35:09.0153 5848 aspnet_state - ok
14:35:09.0184 5848 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
14:35:09.0184 5848 AsyncMac - ok
14:35:09.0199 5848 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
14:35:09.0199 5848 atapi - ok
14:35:09.0277 5848 Ati External Event Utility (86acb6a60c50e99eb8e68710d5a12654) C:\Windows\system32\Ati2evxx.exe
14:35:09.0293 5848 Ati External Event Utility - ok
14:35:09.0340 5848 ATSWPDRV (69e65a2ce11619f0c868967ca9540b80) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
14:35:09.0355 5848 ATSWPDRV - ok
14:35:09.0433 5848 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
14:35:09.0433 5848 AudioEndpointBuilder - ok
14:35:09.0449 5848 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
14:35:09.0465 5848 Audiosrv - ok
14:35:09.0527 5848 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
14:35:09.0527 5848 AxInstSV - ok
14:35:09.0589 5848 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
14:35:09.0605 5848 b06bdrv - ok
14:35:09.0667 5848 b57nd60x (37c0fdc2b0c7b285910695194bf39826) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:35:09.0683 5848 b57nd60x - ok
14:35:09.0714 5848 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
14:35:09.0714 5848 BDESVC - ok
14:35:09.0730 5848 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
14:35:09.0730 5848 Beep - ok
14:35:09.0855 5848 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
14:35:09.0870 5848 BFE - ok
14:35:09.0995 5848 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
14:35:10.0026 5848 BHDrvx86 - ok
14:35:10.0182 5848 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
14:35:10.0182 5848 blbdrive - ok
14:35:10.0260 5848 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:35:10.0276 5848 Bonjour Service - ok
14:35:10.0291 5848 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
14:35:10.0307 5848 bowser - ok
14:35:10.0323 5848 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
14:35:10.0323 5848 BrFiltLo - ok
14:35:10.0338 5848 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
14:35:10.0338 5848 BrFiltUp - ok
14:35:10.0401 5848 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
14:35:10.0401 5848 BridgeMP - ok
14:35:10.0416 5848 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
14:35:10.0416 5848 Browser - ok
14:35:10.0463 5848 BrSerIb (08c7e41ff10f56e83b4f10b5e8b1e8b6) C:\Windows\system32\DRIVERS\BrSerIb.sys
14:35:10.0479 5848 BrSerIb - ok
14:35:10.0510 5848 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
14:35:10.0525 5848 Brserid - ok
14:35:10.0557 5848 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
14:35:10.0557 5848 BrSerWdm - ok
14:35:10.0572 5848 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:35:10.0572 5848 BrUsbMdm - ok
14:35:10.0588 5848 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
14:35:10.0588 5848 BrUsbSer - ok
14:35:10.0603 5848 BrUsbSIb (2132a117160f2a96a13c044ae9bced91) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
14:35:10.0603 5848 BrUsbSIb - ok
14:35:10.0635 5848 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
14:35:10.0635 5848 BthEnum - ok
14:35:10.0650 5848 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
14:35:10.0666 5848 BTHMODEM - ok
14:35:10.0681 5848 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
14:35:10.0681 5848 BthPan - ok
14:35:10.0744 5848 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
14:35:10.0759 5848 BTHPORT - ok
14:35:10.0791 5848 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
14:35:10.0791 5848 bthserv - ok
14:35:10.0822 5848 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
14:35:10.0822 5848 BTHUSB - ok
14:35:10.0853 5848 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
14:35:10.0853 5848 btusbflt - ok
14:35:10.0884 5848 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
14:35:10.0884 5848 btwaudio - ok
14:35:10.0915 5848 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
14:35:10.0915 5848 btwavdt - ok
14:35:10.0931 5848 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
14:35:10.0947 5848 btwrchid - ok
14:35:11.0009 5848 catchme - ok
14:35:11.0056 5848 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\NIS\1307010.005\ccSetx86.sys
14:35:11.0056 5848 ccSet_NIS - ok
14:35:11.0087 5848 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
14:35:11.0103 5848 cdfs - ok
14:35:11.0134 5848 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
14:35:11.0134 5848 cdrom - ok
14:35:11.0165 5848 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
14:35:11.0165 5848 CertPropSvc - ok
14:35:11.0181 5848 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
14:35:11.0181 5848 circlass - ok
14:35:11.0227 5848 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
14:35:11.0227 5848 CLFS - ok
14:35:11.0259 5848 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:35:11.0274 5848 clr_optimization_v2.0.50727_32 - ok
14:35:11.0337 5848 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:35:11.0368 5848 clr_optimization_v4.0.30319_32 - ok
14:35:11.0399 5848 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
14:35:11.0399 5848 CmBatt - ok
14:35:11.0415 5848 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
14:35:11.0415 5848 cmdide - ok
14:35:11.0461 5848 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
14:35:11.0477 5848 CNG - ok
14:35:11.0571 5848 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
14:35:11.0571 5848 Com4QLBEx - ok
14:35:11.0602 5848 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
14:35:11.0602 5848 Compbatt - ok
14:35:11.0633 5848 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:35:11.0633 5848 CompositeBus - ok
14:35:11.0649 5848 COMSysApp - ok
14:35:11.0664 5848 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
14:35:11.0664 5848 crcdisk - ok
14:35:11.0711 5848 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
14:35:11.0711 5848 CryptSvc - ok
14:35:11.0773 5848 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
14:35:11.0789 5848 CSC - ok
14:35:11.0851 5848 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
14:35:11.0867 5848 CscService - ok
14:35:11.0961 5848 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
14:35:11.0976 5848 DcomLaunch - ok
14:35:12.0023 5848 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
14:35:12.0023 5848 defragsvc - ok
14:35:12.0070 5848 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
14:35:12.0070 5848 DfsC - ok
14:35:12.0132 5848 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
14:35:12.0148 5848 Dhcp - ok
14:35:12.0163 5848 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
14:35:12.0163 5848 discache - ok
14:35:12.0195 5848 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
14:35:12.0210 5848 Disk - ok
14:35:12.0226 5848 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
14:35:12.0226 5848 dmvsc - ok
14:35:12.0257 5848 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
14:35:12.0257 5848 Dnscache - ok
14:35:12.0304 5848 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
14:35:12.0319 5848 dot3svc - ok
14:35:12.0335 5848 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
14:35:12.0351 5848 DPS - ok
14:35:12.0366 5848 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
14:35:12.0366 5848 drmkaud - ok
14:35:12.0429 5848 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:35:12.0429 5848 dtsoftbus01 - ok
14:35:12.0522 5848 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
14:35:12.0538 5848 DXGKrnl - ok
14:35:12.0585 5848 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
14:35:12.0585 5848 EapHost - ok
14:35:12.0756 5848 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
14:35:12.0819 5848 ebdrv - ok
14:35:12.0897 5848 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:35:12.0897 5848 eeCtrl - ok
14:35:13.0006 5848 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
14:35:13.0021 5848 EFS - ok
14:35:13.0068 5848 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
14:35:13.0068 5848 ehRecvr - ok
14:35:13.0099 5848 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
14:35:13.0099 5848 ehSched - ok
14:35:13.0209 5848 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
14:35:13.0224 5848 elxstor - ok
14:35:13.0287 5848 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:35:13.0302 5848 EraserUtilRebootDrv - ok
14:35:13.0302 5848 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
14:35:13.0318 5848 ErrDev - ok
14:35:13.0380 5848 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
14:35:13.0380 5848 EventSystem - ok
14:35:13.0411 5848 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
14:35:13.0427 5848 exfat - ok
14:35:13.0458 5848 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
14:35:13.0458 5848 fastfat - ok
14:35:13.0505 5848 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
14:35:13.0521 5848 Fax - ok
14:35:13.0552 5848 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
14:35:13.0552 5848 fdc - ok
14:35:13.0567 5848 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
14:35:13.0567 5848 fdPHost - ok
14:35:13.0583 5848 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
14:35:13.0583 5848 FDResPub - ok
14:35:13.0599 5848 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
14:35:13.0599 5848 FileInfo - ok
14:35:13.0630 5848 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
14:35:13.0630 5848 Filetrace - ok
14:35:13.0677 5848 FirebirdGuardianDefaultInstance (b9963c336a2bf054520dc09ce7c81476) C:\Program Files\FirebirdSQL\bin\fbguard.exe
14:35:13.0677 5848 FirebirdGuardianDefaultInstance - ok
14:35:13.0864 5848 FirebirdServerDefaultInstance (db8ee43c90536a07d4ba481079ae214c) C:\Program Files\FirebirdSQL\bin\fbserver.exe
14:35:13.0911 5848 FirebirdServerDefaultInstance - ok
14:35:14.0082 5848 FLEXnet Licensing Service (acefeea621dca62efb7a7eea59f5e91b) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:35:14.0113 5848 FLEXnet Licensing Service - ok
14:35:14.0238 5848 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
14:35:14.0238 5848 flpydisk - ok
14:35:14.0301 5848 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
14:35:14.0301 5848 FltMgr - ok
14:35:14.0379 5848 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
14:35:14.0394 5848 FontCache - ok
14:35:14.0425 5848 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:35:14.0441 5848 FontCache3.0.0.0 - ok
14:35:14.0457 5848 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
14:35:14.0457 5848 FsDepends - ok
14:35:14.0472 5848 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
14:35:14.0472 5848 Fs_Rec - ok
14:35:14.0503 5848 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) C:\Windows\system32\drivers\ftdibus.sys
14:35:14.0503 5848 FTDIBUS - ok
14:35:14.0550 5848 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
14:35:14.0550 5848 fvevol - ok
14:35:14.0581 5848 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
14:35:14.0581 5848 gagp30kx - ok
14:35:14.0597 5848 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:35:14.0597 5848 GEARAspiWDM - ok
14:35:14.0644 5848 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
14:35:14.0644 5848 GoogleDesktopManager-051210-111108 - ok
14:35:14.0722 5848 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
14:35:14.0737 5848 gpsvc - ok
14:35:14.0769 5848 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys
14:35:14.0769 5848 grmnusb - ok
14:35:14.0800 5848 GTIPCI21 (f3c9f09aa3eda29a1c841877e7e39158) C:\Windows\system32\DRIVERS\gtipci21.sys
14:35:14.0800 5848 GTIPCI21 - ok
14:35:14.0847 5848 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:35:14.0847 5848 gupdate - ok
14:35:14.0847 5848 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:35:14.0862 5848 gupdatem - ok
14:35:14.0925 5848 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:35:14.0925 5848 gusvc - ok
14:35:14.0940 5848 HBtnKey (c172f0d0329e46513b09e1fc60a27b9d) C:\Windows\system32\DRIVERS\cpqbttn.sys
14:35:14.0940 5848 HBtnKey - ok
14:35:14.0971 5848 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
14:35:14.0971 5848 hcw85cir - ok
14:35:15.0018 5848 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
14:35:15.0034 5848 HdAudAddService - ok
14:35:15.0065 5848 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:35:15.0081 5848 HDAudBus - ok
14:35:15.0096 5848 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
14:35:15.0096 5848 HidBatt - ok
14:35:15.0112 5848 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
14:35:15.0112 5848 HidBth - ok
14:35:15.0143 5848 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
14:35:15.0143 5848 HidIr - ok
14:35:15.0159 5848 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
14:35:15.0159 5848 hidserv - ok
14:35:15.0190 5848 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
14:35:15.0190 5848 HidUsb - ok
14:35:15.0221 5848 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
14:35:15.0221 5848 hkmsvc - ok
14:35:15.0252 5848 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
14:35:15.0268 5848 HomeGroupListener - ok
14:35:15.0299 5848 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
14:35:15.0299 5848 HomeGroupProvider - ok
14:35:15.0377 5848 HP LaserJet Service (d1e9cb573a9edf7be12e9c57f32e97f7) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
14:35:15.0377 5848 HP LaserJet Service - ok
14:35:15.0393 5848 hpdskflt (4ef10b866c62abbeaf7511cdd05a19be) C:\Windows\system32\DRIVERS\hpdskflt.sys
14:35:15.0393 5848 hpdskflt - ok
14:35:15.0439 5848 HPFXBULKLEDM (6f98a555acf3c1b68fcc1f50e0fd2091) C:\Windows\system32\drivers\hppcbulkio.sys
14:35:15.0439 5848 HPFXBULKLEDM - ok
14:35:15.0486 5848 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:35:15.0502 5848 hpqcxs08 - ok
14:35:15.0533 5848 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
14:35:15.0549 5848 hpqddsvc - ok
14:35:15.0564 5848 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
14:35:15.0564 5848 HpqKbFiltr - ok
14:35:15.0611 5848 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
14:35:15.0611 5848 hpqwmiex - ok
14:35:15.0642 5848 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
14:35:15.0642 5848 HpSAMD - ok
14:35:15.0705 5848 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
14:35:15.0736 5848 HPSLPSVC - ok
14:35:15.0751 5848 hpsrv (c0beb56ed79b59b7b33d0aa6c38a0ba6) C:\Windows\system32\Hpservice.exe
14:35:15.0751 5848 hpsrv - ok
14:35:15.0845 5848 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:35:15.0876 5848 HSF_DPV - ok
14:35:15.0907 5848 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
14:35:15.0907 5848 HSXHWAZL - ok
14:35:15.0985 5848 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
14:35:16.0001 5848 HTTP - ok
14:35:16.0017 5848 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
14:35:16.0017 5848 hwpolicy - ok
14:35:16.0048 5848 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
14:35:16.0063 5848 i8042prt - ok
14:35:16.0141 5848 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
14:35:16.0141 5848 iaStorV - ok
14:35:16.0235 5848 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:35:16.0251 5848 idsvc - ok
14:35:16.0375 5848 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120803.002\IDSvix86.sys
14:35:16.0391 5848 IDSVix86 - ok
14:35:16.0531 5848 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
14:35:16.0531 5848 iirsp - ok
14:35:16.0609 5848 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
14:35:16.0625 5848 IKEEXT - ok
14:35:16.0641 5848 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
14:35:16.0656 5848 intelide - ok
14:35:16.0672 5848 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
14:35:16.0687 5848 intelppm - ok
14:35:16.0703 5848 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
14:35:16.0703 5848 IPBusEnum - ok
14:35:16.0734 5848 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:35:16.0734 5848 IpFilterDriver - ok
14:35:16.0843 5848 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
14:35:16.0843 5848 iphlpsvc - ok
14:35:16.0875 5848 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
14:35:16.0875 5848 IPMIDRV - ok
14:35:16.0890 5848 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
14:35:16.0906 5848 IPNAT - ok
14:35:16.0984 5848 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
14:35:16.0999 5848 iPod Service - ok
14:35:17.0031 5848 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
14:35:17.0031 5848 IRENUM - ok
14:35:17.0046 5848 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
14:35:17.0062 5848 isapnp - ok
14:35:17.0093 5848 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
14:35:17.0093 5848 iScsiPrt - ok
14:35:17.0124 5848 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:35:17.0124 5848 kbdclass - ok
14:35:17.0140 5848 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
14:35:17.0155 5848 kbdhid - ok
14:35:17.0171 5848 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:35:17.0171 5848 KeyIso - ok
14:35:17.0187 5848 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
14:35:17.0202 5848 KSecDD - ok
14:35:17.0218 5848 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
14:35:17.0233 5848 KSecPkg - ok
14:35:17.0265 5848 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
14:35:17.0280 5848 KtmRm - ok
14:35:17.0311 5848 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
14:35:17.0327 5848 LanmanServer - ok
14:35:17.0343 5848 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
14:35:17.0358 5848 LanmanWorkstation - ok
14:35:17.0436 5848 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
14:35:17.0452 5848 LBTServ - ok
14:35:17.0499 5848 LEqdUsb (717e6714bca808f2a372e636aff3d15a) C:\Windows\system32\Drivers\LEqdUsb.Sys
14:35:17.0499 5848 LEqdUsb - ok
14:35:17.0514 5848 LHidEqd (2786f7b4003adff88ce28bc1800b5407) C:\Windows\system32\Drivers\LHidEqd.Sys
14:35:17.0514 5848 LHidEqd - ok
14:35:17.0530 5848 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\Windows\system32\DRIVERS\LHidFilt.Sys
14:35:17.0530 5848 LHidFilt - ok
14:35:17.0561 5848 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
14:35:17.0577 5848 lltdio - ok
14:35:17.0623 5848 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
14:35:17.0623 5848 lltdsvc - ok
14:35:17.0639 5848 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
14:35:17.0639 5848 lmhosts - ok
14:35:17.0655 5848 lmimirr - ok
14:35:17.0670 5848 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\Windows\system32\DRIVERS\LMouFilt.Sys
14:35:17.0686 5848 LMouFilt - ok
14:35:17.0733 5848 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
14:35:17.0733 5848 LSI_FC - ok
14:35:17.0748 5848 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
14:35:17.0764 5848 LSI_SAS - ok
14:35:17.0779 5848 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
14:35:17.0779 5848 LSI_SAS2 - ok
14:35:17.0811 5848 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
14:35:17.0811 5848 LSI_SCSI - ok
14:35:17.0826 5848 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
14:35:17.0842 5848 luafv - ok
14:35:17.0873 5848 LVUSBSta (9e9306063ecd8aa91b3fb76678d3cee2) C:\Windows\system32\drivers\LVUSBSta.sys
14:35:17.0873 5848 LVUSBSta - ok
14:35:17.0920 5848 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
14:35:17.0920 5848 MBAMProtector - ok
14:35:18.0029 5848 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:35:18.0045 5848 MBAMService - ok
14:35:18.0076 5848 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
14:35:18.0076 5848 Mcx2Svc - ok
14:35:18.0091 5848 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:35:18.0091 5848 mdmxsdk - ok
14:35:18.0107 5848 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
14:35:18.0123 5848 megasas - ok
14:35:18.0169 5848 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
14:35:18.0185 5848 MegaSR - ok
14:35:18.0201 5848 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
14:35:18.0201 5848 MMCSS - ok
14:35:18.0216 5848 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
14:35:18.0216 5848 Modem - ok
14:35:18.0232 5848 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
14:35:18.0247 5848 monitor - ok
14:35:18.0263 5848 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
14:35:18.0279 5848 mouclass - ok
14:35:18.0294 5848 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
14:35:18.0294 5848 mouhid - ok
14:35:18.0310 5848 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
14:35:18.0310 5848 mountmgr - ok
14:35:18.0357 5848 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:35:18.0372 5848 MozillaMaintenance - ok
14:35:18.0388 5848 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
14:35:18.0388 5848 mpio - ok
14:35:18.0419 5848 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
14:35:18.0419 5848 mpsdrv - ok
14:35:18.0544 5848 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
14:35:18.0559 5848 MpsSvc - ok
14:35:18.0575 5848 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
14:35:18.0575 5848 MRxDAV - ok
14:35:18.0622 5848 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:35:18.0622 5848 mrxsmb - ok
14:35:18.0684 5848 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:35:18.0684 5848 mrxsmb10 - ok
14:35:18.0715 5848 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:35:18.0715 5848 mrxsmb20 - ok
14:35:18.0731 5848 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
14:35:18.0731 5848 msahci - ok
14:35:18.0778 5848 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
14:35:18.0778 5848 msdsm - ok
14:35:18.0825 5848 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
14:35:18.0825 5848 MSDTC - ok
14:35:18.0871 5848 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
14:35:18.0871 5848 Msfs - ok
14:35:18.0887 5848 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
14:35:18.0887 5848 mshidkmdf - ok
14:35:18.0903 5848 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
14:35:18.0903 5848 msisadrv - ok
14:35:18.0918 5848 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
14:35:18.0934 5848 MSiSCSI - ok
14:35:18.0934 5848 msiserver - ok
14:35:18.0965 5848 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
14:35:18.0965 5848 MSKSSRV - ok
14:35:18.0981 5848 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
14:35:18.0996 5848 MSPCLOCK - ok
 
Sorry, my computer shut down for no reason in the middle of me posting the results, and then had trouble re-starting. Might be an overheating problem with this laptop though, and not virus related...

I'm going to run the program again and repost the results. Ignore the previous post (it found nothing anyways).
 
15:16:34.0445 4160 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:16:34.0523 4160 ============================================================
15:16:34.0523 4160 Current date / time: 2012/08/05 15:16:34.0523
15:16:34.0523 4160 SystemInfo:
15:16:34.0523 4160
15:16:34.0523 4160 OS Version: 6.1.7601 ServicePack: 1.0
15:16:34.0523 4160 Product type: Workstation
15:16:34.0523 4160 ComputerName: OMNICRONPERSEI8
15:16:34.0523 4160 UserName: Geoff
15:16:34.0523 4160 Windows directory: C:\Windows
15:16:34.0523 4160 System windows directory: C:\Windows
15:16:34.0523 4160 Processor architecture: Intel x86
15:16:34.0523 4160 Number of processors: 2
15:16:34.0523 4160 Page size: 0x1000
15:16:34.0523 4160 Boot type: Normal boot
15:16:34.0523 4160 ============================================================
15:16:36.0216 4160 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
15:16:36.0216 4160 ============================================================
15:16:36.0216 4160 \Device\Harddisk0\DR0:
15:16:36.0216 4160 MBR partitions:
15:16:36.0216 4160 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:16:36.0216 4160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
15:16:36.0216 4160 ============================================================
15:16:36.0232 4160 C: <-> \Device\Harddisk0\DR0\Partition1
15:16:36.0232 4160 ============================================================
15:16:36.0232 4160 Initialize success
15:16:36.0232 4160 ============================================================
15:16:38.0151 2652 ============================================================
15:16:38.0151 2652 Scan started
15:16:38.0151 2652 Mode: Manual;
15:16:38.0151 2652 ============================================================
15:16:39.0399 2652 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys
15:16:39.0399 2652 1394ohci - ok
15:16:39.0430 2652 Accelerometer (cc1f1d3d70dc13c2c281488d347d4415) C:\Windows\system32\DRIVERS\Accelerometer.sys
15:16:39.0430 2652 Accelerometer - ok
15:16:39.0461 2652 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
15:16:39.0477 2652 ACPI - ok
15:16:39.0477 2652 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
15:16:39.0492 2652 AcpiPmi - ok
15:16:39.0539 2652 ADIHdAudAddService (fb9ece3f7b8a03e474e611031ad4cd23) C:\Windows\system32\drivers\ADIHdAud.sys
15:16:39.0555 2652 ADIHdAudAddService - ok
15:16:39.0601 2652 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:16:39.0601 2652 AdobeFlashPlayerUpdateSvc - ok
15:16:39.0664 2652 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
15:16:39.0679 2652 adp94xx - ok
15:16:39.0711 2652 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
15:16:39.0711 2652 adpahci - ok
15:16:39.0742 2652 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
15:16:39.0757 2652 adpu320 - ok
15:16:39.0773 2652 AEADIFilters (12d23758621b00b8d3134095ec3325fd) C:\Windows\system32\AEADISRV.EXE
15:16:39.0773 2652 AEADIFilters - ok
15:16:39.0804 2652 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
15:16:39.0804 2652 AeLookupSvc - ok
15:16:39.0867 2652 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
15:16:39.0867 2652 AFD - ok
15:16:39.0882 2652 Agent (b3aa46598403f63574f84880f2f2db8c) C:\Windows\agent.exe
15:16:39.0898 2652 Agent - ok
15:16:39.0913 2652 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
15:16:39.0913 2652 agp440 - ok
15:16:39.0929 2652 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
15:16:39.0945 2652 aic78xx - ok
15:16:39.0960 2652 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
15:16:39.0976 2652 ALG - ok
15:16:39.0991 2652 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
15:16:39.0991 2652 aliide - ok
15:16:40.0023 2652 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
15:16:40.0023 2652 amdagp - ok
15:16:40.0038 2652 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
15:16:40.0038 2652 amdide - ok
15:16:40.0054 2652 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
15:16:40.0054 2652 AmdK8 - ok
15:16:40.0069 2652 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
15:16:40.0085 2652 AmdPPM - ok
15:16:40.0116 2652 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
15:16:40.0132 2652 amdsata - ok
15:16:40.0163 2652 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
15:16:40.0163 2652 amdsbs - ok
15:16:40.0179 2652 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
15:16:40.0179 2652 amdxata - ok
15:16:40.0194 2652 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
15:16:40.0194 2652 AppID - ok
15:16:40.0210 2652 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
15:16:40.0210 2652 AppIDSvc - ok
15:16:40.0225 2652 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
15:16:40.0241 2652 Appinfo - ok
15:16:40.0257 2652 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:16:40.0257 2652 Apple Mobile Device - ok
15:16:40.0303 2652 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
15:16:40.0303 2652 AppMgmt - ok
15:16:40.0319 2652 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
15:16:40.0319 2652 arc - ok
15:16:40.0428 2652 ArcGIS License Manager (9b2055f86da50e5a945f067e86d15993) C:\Program Files\ArcGIS\License10.1\bin\lmgrd.exe
15:16:40.0459 2652 ArcGIS License Manager - ok
15:16:40.0600 2652 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
15:16:40.0600 2652 arcsas - ok
15:16:40.0647 2652 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:16:40.0662 2652 aspnet_state - ok
15:16:40.0678 2652 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:16:40.0678 2652 AsyncMac - ok
15:16:40.0693 2652 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
15:16:40.0693 2652 atapi - ok
15:16:40.0771 2652 Ati External Event Utility (86acb6a60c50e99eb8e68710d5a12654) C:\Windows\system32\Ati2evxx.exe
15:16:40.0787 2652 Ati External Event Utility - ok
15:16:40.0834 2652 ATSWPDRV (69e65a2ce11619f0c868967ca9540b80) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
15:16:40.0834 2652 ATSWPDRV - ok
15:16:40.0896 2652 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
15:16:40.0912 2652 AudioEndpointBuilder - ok
15:16:40.0927 2652 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
15:16:40.0927 2652 Audiosrv - ok
15:16:40.0943 2652 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
15:16:40.0959 2652 AxInstSV - ok
15:16:40.0990 2652 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
15:16:41.0005 2652 b06bdrv - ok
15:16:41.0052 2652 b57nd60x (37c0fdc2b0c7b285910695194bf39826) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:16:41.0068 2652 b57nd60x - ok
15:16:41.0115 2652 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
15:16:41.0115 2652 BDESVC - ok
15:16:41.0130 2652 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:16:41.0130 2652 Beep - ok
15:16:41.0224 2652 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
15:16:41.0239 2652 BFE - ok
15:16:41.0395 2652 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
15:16:41.0427 2652 BHDrvx86 - ok
15:16:41.0583 2652 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:16:41.0583 2652 blbdrive - ok
15:16:41.0645 2652 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:16:41.0661 2652 Bonjour Service - ok
15:16:41.0676 2652 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
15:16:41.0676 2652 bowser - ok
15:16:41.0692 2652 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
15:16:41.0692 2652 BrFiltLo - ok
15:16:41.0707 2652 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
15:16:41.0707 2652 BrFiltUp - ok
15:16:41.0739 2652 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
15:16:41.0739 2652 BridgeMP - ok
15:16:41.0770 2652 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
15:16:41.0770 2652 Browser - ok
15:16:41.0832 2652 BrSerIb (08c7e41ff10f56e83b4f10b5e8b1e8b6) C:\Windows\system32\DRIVERS\BrSerIb.sys
15:16:41.0848 2652 BrSerIb - ok
15:16:41.0879 2652 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:16:41.0879 2652 Brserid - ok
15:16:41.0895 2652 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:16:41.0910 2652 BrSerWdm - ok
15:16:41.0910 2652 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:16:41.0926 2652 BrUsbMdm - ok
15:16:41.0926 2652 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:16:41.0926 2652 BrUsbSer - ok
15:16:41.0941 2652 BrUsbSIb (2132a117160f2a96a13c044ae9bced91) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
15:16:41.0941 2652 BrUsbSIb - ok
15:16:41.0973 2652 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
15:16:41.0988 2652 BthEnum - ok
15:16:42.0004 2652 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:16:42.0004 2652 BTHMODEM - ok
15:16:42.0019 2652 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
15:16:42.0019 2652 BthPan - ok
15:16:42.0082 2652 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
15:16:42.0097 2652 BTHPORT - ok
15:16:42.0129 2652 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
15:16:42.0129 2652 bthserv - ok
15:16:42.0144 2652 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
15:16:42.0144 2652 BTHUSB - ok
15:16:42.0175 2652 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
15:16:42.0175 2652 btusbflt - ok
15:16:42.0191 2652 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
15:16:42.0191 2652 btwaudio - ok
15:16:42.0222 2652 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
15:16:42.0222 2652 btwavdt - ok
15:16:42.0253 2652 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
15:16:42.0253 2652 btwrchid - ok
15:16:42.0300 2652 catchme - ok
15:16:42.0331 2652 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\NIS\1307010.005\ccSetx86.sys
15:16:42.0331 2652 ccSet_NIS - ok
15:16:42.0363 2652 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:16:42.0363 2652 cdfs - ok
15:16:42.0409 2652 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
15:16:42.0409 2652 cdrom - ok
15:16:42.0441 2652 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
15:16:42.0441 2652 CertPropSvc - ok
15:16:42.0473 2652 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
15:16:42.0473 2652 circlass - ok
15:16:42.0504 2652 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:16:42.0520 2652 CLFS - ok
15:16:42.0551 2652 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:16:42.0551 2652 clr_optimization_v2.0.50727_32 - ok
15:16:42.0660 2652 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:16:42.0676 2652 clr_optimization_v4.0.30319_32 - ok
15:16:42.0691 2652 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:16:42.0691 2652 CmBatt - ok
15:16:42.0722 2652 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
15:16:42.0722 2652 cmdide - ok
15:16:42.0785 2652 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
15:16:42.0785 2652 CNG - ok
15:16:42.0878 2652 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
15:16:42.0894 2652 Com4QLBEx - ok
15:16:42.0910 2652 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:16:42.0910 2652 Compbatt - ok
15:16:42.0941 2652 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:16:42.0941 2652 CompositeBus - ok
15:16:42.0956 2652 COMSysApp - ok
15:16:42.0972 2652 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
15:16:42.0972 2652 crcdisk - ok
15:16:43.0003 2652 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
15:16:43.0019 2652 CryptSvc - ok
15:16:43.0066 2652 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
15:16:43.0081 2652 CSC - ok
15:16:43.0112 2652 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
15:16:43.0128 2652 CscService - ok
15:16:43.0159 2652 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
15:16:43.0175 2652 DcomLaunch - ok
15:16:43.0206 2652 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
15:16:43.0206 2652 defragsvc - ok
15:16:43.0253 2652 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
15:16:43.0253 2652 DfsC - ok
15:16:43.0300 2652 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
15:16:43.0300 2652 Dhcp - ok
15:16:43.0315 2652 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:16:43.0315 2652 discache - ok
15:16:43.0331 2652 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
15:16:43.0331 2652 Disk - ok
15:16:43.0346 2652 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
15:16:43.0346 2652 dmvsc - ok
15:16:43.0362 2652 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
15:16:43.0378 2652 Dnscache - ok
15:16:43.0409 2652 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
15:16:43.0409 2652 dot3svc - ok
15:16:43.0424 2652 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
15:16:43.0440 2652 DPS - ok
15:16:43.0456 2652 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:16:43.0456 2652 drmkaud - ok
15:16:43.0502 2652 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:16:43.0502 2652 dtsoftbus01 - ok
15:16:43.0596 2652 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
15:16:43.0627 2652 DXGKrnl - ok
15:16:43.0643 2652 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
15:16:43.0643 2652 EapHost - ok
15:16:43.0814 2652 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
15:16:43.0861 2652 ebdrv - ok
15:16:43.0939 2652 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:16:43.0955 2652 eeCtrl - ok
15:16:44.0064 2652 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
15:16:44.0064 2652 EFS - ok
15:16:44.0251 2652 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
15:16:44.0282 2652 ehRecvr - ok
15:16:44.0298 2652 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
15:16:44.0298 2652 ehSched - ok
15:16:44.0392 2652 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
15:16:44.0407 2652 elxstor - ok
15:16:44.0438 2652 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:16:44.0454 2652 EraserUtilRebootDrv - ok
15:16:44.0454 2652 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
15:16:44.0470 2652 ErrDev - ok
15:16:44.0516 2652 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
15:16:44.0516 2652 EventSystem - ok
15:16:44.0548 2652 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:16:44.0548 2652 exfat - ok
15:16:44.0594 2652 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:16:44.0610 2652 fastfat - ok
15:16:44.0641 2652 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
15:16:44.0672 2652 Fax - ok
15:16:44.0672 2652 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
15:16:44.0688 2652 fdc - ok
15:16:44.0688 2652 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
15:16:44.0688 2652 fdPHost - ok
15:16:44.0704 2652 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
15:16:44.0704 2652 FDResPub - ok
15:16:44.0719 2652 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:16:44.0719 2652 FileInfo - ok
15:16:44.0735 2652 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:16:44.0735 2652 Filetrace - ok
15:16:44.0782 2652 FirebirdGuardianDefaultInstance (b9963c336a2bf054520dc09ce7c81476) C:\Program Files\FirebirdSQL\bin\fbguard.exe
15:16:44.0797 2652 FirebirdGuardianDefaultInstance - ok
15:16:44.0938 2652 FirebirdServerDefaultInstance (db8ee43c90536a07d4ba481079ae214c) C:\Program Files\FirebirdSQL\bin\fbserver.exe
15:16:44.0984 2652 FirebirdServerDefaultInstance - ok
15:16:45.0156 2652 FLEXnet Licensing Service (acefeea621dca62efb7a7eea59f5e91b) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:16:45.0187 2652 FLEXnet Licensing Service - ok
15:16:45.0312 2652 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
15:16:45.0312 2652 flpydisk - ok
15:16:45.0343 2652 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:16:45.0343 2652 FltMgr - ok
15:16:45.0421 2652 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
15:16:45.0437 2652 FontCache - ok
15:16:45.0468 2652 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:16:45.0468 2652 FontCache3.0.0.0 - ok
15:16:45.0484 2652 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:16:45.0484 2652 FsDepends - ok
15:16:45.0499 2652 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
15:16:45.0499 2652 Fs_Rec - ok
15:16:45.0530 2652 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) C:\Windows\system32\drivers\ftdibus.sys
15:16:45.0530 2652 FTDIBUS - ok
15:16:45.0577 2652 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
15:16:45.0577 2652 fvevol - ok
15:16:45.0593 2652 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
15:16:45.0608 2652 gagp30kx - ok
15:16:45.0624 2652 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:16:45.0624 2652 GEARAspiWDM - ok
15:16:45.0655 2652 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
15:16:45.0655 2652 GoogleDesktopManager-051210-111108 - ok
15:16:45.0718 2652 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
15:16:45.0733 2652 gpsvc - ok
15:16:45.0749 2652 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys
15:16:45.0764 2652 grmnusb - ok
15:16:45.0780 2652 GTIPCI21 (f3c9f09aa3eda29a1c841877e7e39158) C:\Windows\system32\DRIVERS\gtipci21.sys
15:16:45.0780 2652 GTIPCI21 - ok
15:16:45.0811 2652 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:16:45.0827 2652 gupdate - ok
15:16:45.0827 2652 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:16:45.0842 2652 gupdatem - ok
15:16:45.0858 2652 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:16:45.0874 2652 gusvc - ok
15:16:45.0889 2652 HBtnKey (c172f0d0329e46513b09e1fc60a27b9d) C:\Windows\system32\DRIVERS\cpqbttn.sys
15:16:45.0889 2652 HBtnKey - ok
15:16:45.0905 2652 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:16:45.0905 2652 hcw85cir - ok
15:16:45.0952 2652 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
15:16:45.0952 2652 HdAudAddService - ok
15:16:45.0983 2652 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:16:45.0983 2652 HDAudBus - ok
15:16:45.0998 2652 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
15:16:45.0998 2652 HidBatt - ok
15:16:46.0030 2652 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
15:16:46.0030 2652 HidBth - ok
15:16:46.0045 2652 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
15:16:46.0061 2652 HidIr - ok
15:16:46.0076 2652 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
15:16:46.0076 2652 hidserv - ok
15:16:46.0092 2652 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
15:16:46.0108 2652 HidUsb - ok
15:16:46.0123 2652 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
15:16:46.0123 2652 hkmsvc - ok
15:16:46.0154 2652 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
15:16:46.0170 2652 HomeGroupListener - ok
15:16:46.0186 2652 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
15:16:46.0201 2652 HomeGroupProvider - ok
15:16:46.0248 2652 HP LaserJet Service (d1e9cb573a9edf7be12e9c57f32e97f7) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
15:16:46.0248 2652 HP LaserJet Service - ok
15:16:46.0264 2652 hpdskflt (4ef10b866c62abbeaf7511cdd05a19be) C:\Windows\system32\DRIVERS\hpdskflt.sys
15:16:46.0264 2652 hpdskflt - ok
15:16:46.0279 2652 HPFXBULKLEDM (6f98a555acf3c1b68fcc1f50e0fd2091) C:\Windows\system32\drivers\hppcbulkio.sys
15:16:46.0279 2652 HPFXBULKLEDM - ok
15:16:46.0342 2652 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:16:46.0357 2652 hpqcxs08 - ok
15:16:46.0373 2652 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:16:46.0388 2652 hpqddsvc - ok
15:16:46.0404 2652 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
15:16:46.0420 2652 HpqKbFiltr - ok
15:16:46.0451 2652 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
15:16:46.0451 2652 hpqwmiex - ok
15:16:46.0482 2652 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
15:16:46.0482 2652 HpSAMD - ok
15:16:46.0560 2652 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
15:16:46.0591 2652 HPSLPSVC - ok
15:16:46.0607 2652 hpsrv (c0beb56ed79b59b7b33d0aa6c38a0ba6) C:\Windows\system32\Hpservice.exe
15:16:46.0607 2652 hpsrv - ok
15:16:46.0669 2652 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:16:46.0700 2652 HSF_DPV - ok
15:16:46.0747 2652 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:16:46.0763 2652 HSXHWAZL - ok
15:16:46.0934 2652 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
15:16:46.0966 2652 HTTP - ok
15:16:46.0981 2652 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
15:16:46.0981 2652 hwpolicy - ok
15:16:47.0012 2652 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
15:16:47.0012 2652 i8042prt - ok
15:16:47.0075 2652 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
15:16:47.0090 2652 iaStorV - ok
15:16:47.0153 2652 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:16:47.0184 2652 idsvc - ok
15:16:47.0309 2652 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120803.002\IDSvix86.sys
15:16:47.0309 2652 IDSVix86 - ok
15:16:47.0449 2652 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
15:16:47.0449 2652 iirsp - ok
15:16:47.0512 2652 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
15:16:47.0543 2652 IKEEXT - ok
15:16:47.0558 2652 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
15:16:47.0558 2652 intelide - ok
15:16:47.0590 2652 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:16:47.0590 2652 intelppm - ok
15:16:47.0605 2652 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
15:16:47.0605 2652 IPBusEnum - ok
15:16:47.0636 2652 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:16:47.0636 2652 IpFilterDriver - ok
15:16:47.0714 2652 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
15:16:47.0730 2652 iphlpsvc - ok
15:16:47.0746 2652 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
15:16:47.0746 2652 IPMIDRV - ok
15:16:47.0777 2652 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:16:47.0792 2652 IPNAT - ok
15:16:47.0855 2652 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
15:16:47.0886 2652 iPod Service - ok
15:16:47.0917 2652 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:16:47.0917 2652 IRENUM - ok
15:16:47.0933 2652 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
15:16:47.0933 2652 isapnp - ok
15:16:47.0980 2652 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
15:16:47.0980 2652 iScsiPrt - ok
15:16:48.0011 2652 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:16:48.0011 2652 kbdclass - ok
15:16:48.0026 2652 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
15:16:48.0026 2652 kbdhid - ok
15:16:48.0042 2652 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:16:48.0042 2652 KeyIso - ok
15:16:48.0073 2652 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
15:16:48.0073 2652 KSecDD - ok
15:16:48.0104 2652 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
15:16:48.0104 2652 KSecPkg - ok
15:16:48.0136 2652 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
15:16:48.0151 2652 KtmRm - ok
15:16:48.0182 2652 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
15:16:48.0182 2652 LanmanServer - ok
15:16:48.0214 2652 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
15:16:48.0214 2652 LanmanWorkstation - ok
15:16:48.0260 2652 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:16:48.0276 2652 LBTServ - ok
15:16:48.0323 2652 LEqdUsb (717e6714bca808f2a372e636aff3d15a) C:\Windows\system32\Drivers\LEqdUsb.Sys
15:16:48.0323 2652 LEqdUsb - ok
15:16:48.0338 2652 LHidEqd (2786f7b4003adff88ce28bc1800b5407) C:\Windows\system32\Drivers\LHidEqd.Sys
15:16:48.0338 2652 LHidEqd - ok
15:16:48.0354 2652 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:16:48.0354 2652 LHidFilt - ok
15:16:48.0385 2652 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:16:48.0385 2652 lltdio - ok
15:16:48.0416 2652 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
15:16:48.0432 2652 lltdsvc - ok
15:16:48.0448 2652 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
15:16:48.0448 2652 lmhosts - ok
15:16:48.0463 2652 lmimirr - ok
15:16:48.0479 2652 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:16:48.0479 2652 LMouFilt - ok
15:16:48.0510 2652 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
15:16:48.0510 2652 LSI_FC - ok
15:16:48.0541 2652 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
15:16:48.0557 2652 LSI_SAS - ok
15:16:48.0572 2652 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
15:16:48.0572 2652 LSI_SAS2 - ok
15:16:48.0604 2652 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
15:16:48.0604 2652 LSI_SCSI - ok
15:16:48.0619 2652 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:16:48.0635 2652 luafv - ok
15:16:48.0666 2652 LVUSBSta (9e9306063ecd8aa91b3fb76678d3cee2) C:\Windows\system32\drivers\LVUSBSta.sys
15:16:48.0666 2652 LVUSBSta - ok
15:16:48.0697 2652 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
15:16:48.0697 2652 MBAMProtector - ok
15:16:48.0806 2652 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:16:48.0822 2652 MBAMService - ok
15:16:48.0853 2652 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
15:16:48.0853 2652 Mcx2Svc - ok
15:16:48.0869 2652 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:16:48.0869 2652 mdmxsdk - ok
15:16:48.0884 2652 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
15:16:48.0884 2652 megasas - ok
15:16:48.0931 2652 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
15:16:48.0947 2652 MegaSR - ok
15:16:48.0962 2652 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:16:48.0962 2652 MMCSS - ok
15:16:48.0978 2652 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:16:48.0978 2652 Modem - ok
15:16:48.0994 2652 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:16:48.0994 2652 monitor - ok
15:16:49.0025 2652 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:16:49.0025 2652 mouclass - ok
15:16:49.0040 2652 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:16:49.0040 2652 mouhid - ok
15:16:49.0072 2652 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
15:16:49.0087 2652 mountmgr - ok
15:16:49.0118 2652 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:16:49.0118 2652 MozillaMaintenance - ok
15:16:49.0150 2652 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
15:16:49.0150 2652 mpio - ok
15:16:49.0165 2652 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:16:49.0181 2652 mpsdrv - ok
15:16:49.0290 2652 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
15:16:49.0306 2652 MpsSvc - ok
15:16:49.0321 2652 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
15:16:49.0337 2652 MRxDAV - ok
15:16:49.0352 2652 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:16:49.0368 2652 mrxsmb - ok
15:16:49.0399 2652 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:16:49.0415 2652 mrxsmb10 - ok
15:16:49.0430 2652 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:16:49.0430 2652 mrxsmb20 - ok
15:16:49.0462 2652 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
15:16:49.0477 2652 msahci - ok
15:16:49.0493 2652 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
15:16:49.0493 2652 msdsm - ok
15:16:49.0524 2652 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
15:16:49.0540 2652 MSDTC - ok
15:16:49.0555 2652 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:16:49.0555 2652 Msfs - ok
15:16:49.0571 2652 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:16:49.0571 2652 mshidkmdf - ok
15:16:49.0586 2652 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
15:16:49.0586 2652 msisadrv - ok
15:16:49.0618 2652 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
15:16:49.0618 2652 MSiSCSI - ok
15:16:49.0633 2652 msiserver - ok
15:16:49.0649 2652 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:16:49.0649 2652 MSKSSRV - ok
15:16:49.0664 2652 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:16:49.0664 2652 MSPCLOCK - ok
15:16:49.0680 2652 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:16:49.0680 2652 MSPQM - ok
15:16:49.0711 2652 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:16:49.0711 2652 MsRPC - ok
15:16:49.0727 2652 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
15:16:49.0727 2652 mssmbios - ok
15:16:49.0742 2652 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:16:49.0742 2652 MSTEE - ok
15:16:49.0758 2652 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
15:16:49.0758 2652 MTConfig - ok
15:16:49.0774 2652 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:16:49.0789 2652 Mup - ok
15:16:49.0820 2652 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
15:16:49.0836 2652 napagent - ok
15:16:49.0883 2652 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:16:49.0898 2652 NativeWifiP - ok
15:16:49.0961 2652 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120804.009\NAVENG.SYS
15:16:49.0961 2652 NAVENG - ok
15:16:50.0086 2652 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120804.009\NAVEX15.SYS
15:16:50.0086 2652 NAVEX15 - ok
15:16:50.0273 2652 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
15:16:50.0288 2652 NDIS - ok
15:16:50.0304 2652 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:16:50.0320 2652 NdisCap - ok
15:16:50.0335 2652 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:16:50.0335 2652 NdisTapi - ok
 
15:16:50.0366 2652 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
15:16:50.0366 2652 Ndisuio - ok
15:16:50.0382 2652 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
15:16:50.0398 2652 NdisWan - ok
15:16:50.0413 2652 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
15:16:50.0413 2652 NDProxy - ok
15:16:50.0429 2652 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
15:16:50.0429 2652 Net Driver HPZ12 - ok
15:16:50.0444 2652 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
15:16:50.0444 2652 Netaapl - ok
15:16:50.0460 2652 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:16:50.0460 2652 NetBIOS - ok
15:16:50.0507 2652 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
15:16:50.0507 2652 NetBT - ok
15:16:50.0522 2652 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:16:50.0522 2652 Netlogon - ok
15:16:50.0585 2652 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
15:16:50.0585 2652 Netman - ok
15:16:50.0663 2652 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:16:50.0678 2652 NetMsmqActivator - ok
15:16:50.0678 2652 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:16:50.0694 2652 NetPipeActivator - ok
15:16:50.0741 2652 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
15:16:50.0741 2652 netprofm - ok
15:16:50.0756 2652 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:16:50.0756 2652 NetTcpActivator - ok
15:16:50.0756 2652 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:16:50.0756 2652 NetTcpPortSharing - ok
15:16:50.0881 2652 NETw4v32 (38d720e0c8b0ecb9a019980265679798) C:\Windows\system32\DRIVERS\NETw4v32.sys
15:16:50.0928 2652 NETw4v32 - ok
15:16:51.0256 2652 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
15:16:51.0334 2652 netw5v32 - ok
15:16:51.0458 2652 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
15:16:51.0458 2652 nfrd960 - ok
15:16:51.0505 2652 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
15:16:51.0505 2652 NIS - ok
15:16:51.0552 2652 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
15:16:51.0552 2652 NlaSvc - ok
15:16:51.0568 2652 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:16:51.0568 2652 Npfs - ok
15:16:51.0583 2652 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
15:16:51.0583 2652 nsi - ok
15:16:51.0599 2652 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:16:51.0599 2652 nsiproxy - ok
15:16:51.0724 2652 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
15:16:51.0770 2652 Ntfs - ok
15:16:52.0051 2652 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:16:52.0051 2652 Null - ok
15:16:52.0082 2652 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
15:16:52.0082 2652 nvraid - ok
15:16:52.0114 2652 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
15:16:52.0114 2652 nvstor - ok
15:16:52.0145 2652 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
15:16:52.0145 2652 nv_agp - ok
15:16:52.0160 2652 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
15:16:52.0176 2652 ohci1394 - ok
15:16:52.0207 2652 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:16:52.0207 2652 ose - ok
15:16:52.0441 2652 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:16:52.0535 2652 osppsvc - ok
15:16:52.0660 2652 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:16:52.0675 2652 p2pimsvc - ok
15:16:52.0722 2652 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
15:16:52.0738 2652 p2psvc - ok
15:16:52.0784 2652 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:16:52.0784 2652 Parport - ok
15:16:52.0800 2652 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
15:16:52.0800 2652 partmgr - ok
15:16:52.0816 2652 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:16:52.0816 2652 Parvdm - ok
15:16:52.0847 2652 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
15:16:52.0847 2652 PcaSvc - ok
15:16:52.0878 2652 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
15:16:52.0894 2652 pci - ok
15:16:52.0894 2652 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
15:16:52.0909 2652 pciide - ok
15:16:52.0940 2652 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:16:52.0940 2652 pcmcia - ok
15:16:52.0972 2652 PCPitstop Scheduling (4afdda6adeb0df8a1aa0268ffb838649) C:\Program Files\CA\PCPitstopScheduleService.exe
15:16:52.0987 2652 PCPitstop Scheduling - ok
15:16:53.0003 2652 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:16:53.0003 2652 pcw - ok
15:16:53.0065 2652 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:16:53.0081 2652 PEAUTH - ok
15:16:53.0159 2652 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
15:16:53.0190 2652 PeerDistSvc - ok
15:16:53.0221 2652 pepifilter (d30eda6e1ab3c8c82f2ca085ab79040a) C:\Windows\system32\DRIVERS\lv302af.sys
15:16:53.0221 2652 pepifilter - ok
15:16:53.0440 2652 PID_PEPI (0da6c5e0c8da6cebe52daacfe7ae9de6) C:\Windows\system32\DRIVERS\LV302V32.SYS
15:16:53.0486 2652 PID_PEPI - ok
15:16:53.0908 2652 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
15:16:53.0954 2652 pla - ok
15:16:54.0095 2652 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
15:16:54.0110 2652 PlugPlay - ok
15:16:54.0142 2652 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
15:16:54.0142 2652 Pml Driver HPZ12 - ok
15:16:54.0173 2652 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
15:16:54.0173 2652 PNRPAutoReg - ok
15:16:54.0204 2652 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:16:54.0220 2652 PNRPsvc - ok
15:16:54.0266 2652 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
15:16:54.0266 2652 PolicyAgent - ok
15:16:54.0298 2652 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
15:16:54.0313 2652 Power - ok
15:16:54.0360 2652 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:16:54.0360 2652 PptpMiniport - ok
15:16:54.0376 2652 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
15:16:54.0376 2652 Processor - ok
15:16:54.0407 2652 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
15:16:54.0422 2652 ProfSvc - ok
15:16:54.0422 2652 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:16:54.0438 2652 ProtectedStorage - ok
15:16:54.0469 2652 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:16:54.0469 2652 Psched - ok
15:16:54.0563 2652 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
15:16:54.0594 2652 ql2300 - ok
15:16:54.0734 2652 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
15:16:54.0750 2652 ql40xx - ok
15:16:54.0781 2652 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
15:16:54.0781 2652 QWAVE - ok
15:16:54.0797 2652 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:16:54.0797 2652 QWAVEdrv - ok
15:16:55.0109 2652 R300 (7db96c2801a78513bdc133c25d07929e) C:\Windows\system32\DRIVERS\atikmdag.sys
15:16:55.0187 2652 R300 - ok
15:16:55.0312 2652 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:16:55.0312 2652 RasAcd - ok
15:16:55.0343 2652 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:16:55.0343 2652 RasAgileVpn - ok
15:16:55.0374 2652 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
15:16:55.0374 2652 RasAuto - ok
15:16:55.0405 2652 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:16:55.0405 2652 Rasl2tp - ok
15:16:55.0436 2652 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
15:16:55.0452 2652 RasMan - ok
15:16:55.0468 2652 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:16:55.0468 2652 RasPppoe - ok
15:16:55.0499 2652 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:16:55.0514 2652 RasSstp - ok
15:16:55.0546 2652 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
15:16:55.0561 2652 rdbss - ok
15:16:55.0577 2652 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:16:55.0577 2652 rdpbus - ok
15:16:55.0577 2652 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:16:55.0592 2652 RDPCDD - ok
15:16:55.0624 2652 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
15:16:55.0624 2652 RDPDR - ok
15:16:55.0655 2652 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:16:55.0655 2652 RDPENCDD - ok
15:16:55.0670 2652 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:16:55.0670 2652 RDPREFMP - ok
15:16:55.0702 2652 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
15:16:55.0702 2652 RDPWD - ok
15:16:55.0733 2652 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
15:16:55.0748 2652 rdyboost - ok
15:16:55.0764 2652 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
15:16:55.0764 2652 RemoteAccess - ok
15:16:55.0795 2652 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
15:16:55.0795 2652 RemoteRegistry - ok
15:16:55.0826 2652 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
15:16:55.0826 2652 RFCOMM - ok
15:16:55.0858 2652 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
15:16:55.0858 2652 RimUsb - ok
15:16:55.0904 2652 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
15:16:55.0904 2652 RimVSerPort - ok
15:16:55.0951 2652 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
15:16:55.0951 2652 ROOTMODEM - ok
15:16:55.0967 2652 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
15:16:55.0967 2652 RpcEptMapper - ok
15:16:55.0982 2652 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
15:16:55.0982 2652 RpcLocator - ok
15:16:56.0014 2652 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
15:16:56.0029 2652 RpcSs - ok
15:16:56.0045 2652 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:16:56.0060 2652 rspndr - ok
15:16:56.0076 2652 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
15:16:56.0076 2652 s3cap - ok
15:16:56.0092 2652 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:16:56.0092 2652 SamSs - ok
15:16:56.0123 2652 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
15:16:56.0123 2652 sbp2port - ok
15:16:56.0154 2652 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
15:16:56.0154 2652 SCardSvr - ok
15:16:56.0170 2652 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
15:16:56.0170 2652 scfilter - ok
15:16:56.0279 2652 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
15:16:56.0294 2652 Schedule - ok
15:16:56.0310 2652 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
15:16:56.0310 2652 SCPolicySvc - ok
15:16:56.0341 2652 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\DRIVERS\sdbus.sys
15:16:56.0357 2652 sdbus - ok
15:16:56.0372 2652 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
15:16:56.0388 2652 SDRSVC - ok
15:16:56.0435 2652 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:16:56.0450 2652 SeaPort - ok
15:16:56.0450 2652 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:16:56.0466 2652 secdrv - ok
15:16:56.0466 2652 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
15:16:56.0482 2652 seclogon - ok
15:16:56.0497 2652 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
15:16:56.0497 2652 SENS - ok
15:16:56.0513 2652 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
15:16:56.0528 2652 SensrSvc - ok
15:16:56.0544 2652 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
15:16:56.0544 2652 Serenum - ok
15:16:56.0575 2652 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
15:16:56.0575 2652 Serial - ok
15:16:56.0591 2652 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
15:16:56.0591 2652 sermouse - ok
15:16:56.0638 2652 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
15:16:56.0638 2652 SessionEnv - ok
15:16:56.0653 2652 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
15:16:56.0653 2652 sffdisk - ok
15:16:56.0669 2652 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
15:16:56.0669 2652 sffp_mmc - ok
15:16:56.0684 2652 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
15:16:56.0684 2652 sffp_sd - ok
15:16:56.0700 2652 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
15:16:56.0700 2652 sfloppy - ok
15:16:56.0778 2652 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
15:16:56.0778 2652 SharedAccess - ok
15:16:56.0825 2652 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
15:16:56.0840 2652 ShellHWDetection - ok
15:16:56.0856 2652 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
15:16:56.0856 2652 sisagp - ok
15:16:56.0872 2652 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
15:16:56.0887 2652 SiSRaid2 - ok
15:16:56.0903 2652 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
15:16:56.0918 2652 SiSRaid4 - ok
15:16:57.0106 2652 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:16:57.0168 2652 Skype C2C Service - ok
15:16:57.0246 2652 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files\Skype\Updater\Updater.exe
15:16:57.0262 2652 SkypeUpdate - ok
15:16:57.0386 2652 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:16:57.0386 2652 Smb - ok
15:16:57.0418 2652 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
15:16:57.0418 2652 SNMPTRAP - ok
15:16:57.0433 2652 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:16:57.0433 2652 spldr - ok
15:16:57.0480 2652 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
15:16:57.0496 2652 Spooler - ok
15:16:57.0667 2652 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
15:16:57.0745 2652 sppsvc - ok
15:16:57.0901 2652 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
15:16:57.0901 2652 sppuinotify - ok
15:16:57.0995 2652 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\Windows\System32\Drivers\NIS\1307010.005\SRTSP.SYS
15:16:58.0010 2652 SRTSP - ok
15:16:58.0042 2652 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\NIS\1307010.005\SRTSPX.SYS
15:16:58.0042 2652 SRTSPX - ok
15:16:58.0088 2652 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
15:16:58.0104 2652 srv - ok
15:16:58.0151 2652 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
15:16:58.0151 2652 srv2 - ok
15:16:58.0198 2652 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:16:58.0213 2652 SrvHsfHDA - ok
15:16:58.0291 2652 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
15:16:58.0307 2652 SrvHsfV92 - ok
15:16:58.0369 2652 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
15:16:58.0400 2652 SrvHsfWinac - ok
15:16:58.0416 2652 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
15:16:58.0416 2652 srvnet - ok
15:16:58.0447 2652 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
15:16:58.0463 2652 SSDPSRV - ok
15:16:58.0478 2652 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
15:16:58.0494 2652 SstpSvc - ok
15:16:58.0510 2652 Steam Client Service - ok
15:16:58.0525 2652 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
15:16:58.0525 2652 stexstor - ok
15:16:58.0541 2652 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
15:16:58.0541 2652 StillCam - ok
15:16:58.0619 2652 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
15:16:58.0634 2652 StiSvc - ok
15:16:58.0650 2652 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
15:16:58.0650 2652 storflt - ok
15:16:58.0666 2652 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
15:16:58.0666 2652 StorSvc - ok
15:16:58.0681 2652 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
15:16:58.0681 2652 storvsc - ok
15:16:58.0697 2652 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
15:16:58.0697 2652 swenum - ok
15:16:58.0744 2652 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
15:16:58.0744 2652 swprv - ok
15:16:58.0790 2652 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NIS\1307010.005\SYMDS.SYS
15:16:58.0806 2652 SymDS - ok
15:16:58.0884 2652 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\NIS\1307010.005\SYMEFA.SYS
15:16:58.0900 2652 SymEFA - ok
15:16:58.0946 2652 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS
15:16:58.0946 2652 SymEvent - ok
15:16:58.0978 2652 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\NIS\1307010.005\Ironx86.SYS
15:16:58.0993 2652 SymIRON - ok
15:16:59.0024 2652 SymNetS (3ee215d6fe821e3edf0f7134d9ae905a) C:\Windows\System32\Drivers\NIS\1307010.005\SYMNETS.SYS
15:16:59.0040 2652 SymNetS - ok
15:16:59.0071 2652 SynTP (3d6316279c3540aa268bf025f4621ef3) C:\Windows\system32\DRIVERS\SynTP.sys
15:16:59.0071 2652 SynTP - ok
15:16:59.0212 2652 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
15:16:59.0212 2652 SysMain - ok
15:16:59.0243 2652 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
15:16:59.0243 2652 TabletInputService - ok
15:16:59.0290 2652 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
15:16:59.0290 2652 TapiSrv - ok
15:16:59.0321 2652 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
15:16:59.0321 2652 TBS - ok
15:16:59.0430 2652 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
15:16:59.0461 2652 Tcpip - ok
15:16:59.0664 2652 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
15:16:59.0664 2652 TCPIP6 - ok
15:16:59.0820 2652 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
15:16:59.0820 2652 tcpipreg - ok
15:16:59.0836 2652 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
15:16:59.0836 2652 TDPIPE - ok
15:16:59.0851 2652 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
15:16:59.0851 2652 TDTCP - ok
15:16:59.0882 2652 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
15:16:59.0898 2652 tdx - ok
15:16:59.0914 2652 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
15:16:59.0914 2652 TermDD - ok
15:16:59.0960 2652 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
15:16:59.0976 2652 TermService - ok
15:16:59.0992 2652 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
15:17:00.0007 2652 Themes - ok
15:17:00.0023 2652 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:17:00.0023 2652 THREADORDER - ok
15:17:00.0070 2652 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
15:17:00.0085 2652 tifm21 - ok
15:17:00.0101 2652 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
15:17:00.0101 2652 TPM - ok
15:17:00.0132 2652 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
15:17:00.0132 2652 TrkWks - ok
15:17:00.0163 2652 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
15:17:00.0179 2652 TrustedInstaller - ok
15:17:00.0194 2652 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:17:00.0194 2652 tssecsrv - ok
15:17:00.0210 2652 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
15:17:00.0210 2652 TsUsbFlt - ok
15:17:00.0226 2652 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
15:17:00.0241 2652 TsUsbGD - ok
15:17:00.0272 2652 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
15:17:00.0272 2652 tunnel - ok
15:17:00.0288 2652 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
15:17:00.0288 2652 uagp35 - ok
15:17:00.0491 2652 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
15:17:00.0491 2652 udfs - ok
15:17:00.0616 2652 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
15:17:00.0616 2652 UI0Detect - ok
15:17:00.0631 2652 UIUSys - ok
15:17:00.0647 2652 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
15:17:00.0662 2652 uliagpkx - ok
15:17:00.0772 2652 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
15:17:00.0772 2652 umbus - ok
15:17:00.0818 2652 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
15:17:00.0818 2652 UmPass - ok
15:17:00.0850 2652 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
15:17:00.0850 2652 UmRdpService - ok
15:17:01.0052 2652 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
15:17:01.0068 2652 upnphost - ok
15:17:01.0146 2652 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
15:17:01.0146 2652 USBAAPL - ok
15:17:01.0208 2652 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
15:17:01.0208 2652 usbaudio - ok
15:17:01.0333 2652 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
15:17:01.0333 2652 usbccgp - ok
15:17:01.0364 2652 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
15:17:01.0380 2652 usbcir - ok
15:17:01.0474 2652 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
15:17:01.0474 2652 usbehci - ok
15:17:01.0630 2652 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
15:17:01.0645 2652 usbhub - ok
15:17:01.0676 2652 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
15:17:01.0676 2652 usbohci - ok
15:17:01.0692 2652 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:17:01.0692 2652 usbprint - ok
15:17:01.0708 2652 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
15:17:01.0708 2652 usbscan - ok
15:17:01.0754 2652 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\DRIVERS\usbser.sys
15:17:01.0754 2652 usbser - ok
15:17:01.0786 2652 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:17:01.0801 2652 USBSTOR - ok
15:17:01.0817 2652 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
15:17:01.0817 2652 usbuhci - ok
15:17:01.0832 2652 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
15:17:01.0832 2652 UxSms - ok
15:17:01.0848 2652 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:17:01.0848 2652 VaultSvc - ok
15:17:01.0879 2652 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
15:17:01.0895 2652 vdrvroot - ok
15:17:01.0926 2652 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
15:17:01.0942 2652 vds - ok
15:17:01.0957 2652 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:17:01.0957 2652 vga - ok
15:17:01.0973 2652 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:17:01.0973 2652 VgaSave - ok
15:17:02.0020 2652 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
15:17:02.0020 2652 vhdmp - ok
15:17:02.0035 2652 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
15:17:02.0051 2652 viaagp - ok
15:17:02.0066 2652 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
15:17:02.0066 2652 ViaC7 - ok
15:17:02.0082 2652 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
15:17:02.0082 2652 viaide - ok
15:17:02.0129 2652 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
15:17:02.0129 2652 vmbus - ok
15:17:02.0144 2652 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
15:17:02.0144 2652 VMBusHID - ok
15:17:02.0176 2652 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
15:17:02.0176 2652 volmgr - ok
15:17:02.0222 2652 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:17:02.0222 2652 volmgrx - ok
15:17:02.0269 2652 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
15:17:02.0285 2652 volsnap - ok
15:17:02.0316 2652 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
15:17:02.0316 2652 vsmraid - ok
15:17:02.0394 2652 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
15:17:02.0410 2652 VSS - ok
15:17:02.0425 2652 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
15:17:02.0441 2652 vwifibus - ok
15:17:02.0472 2652 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
15:17:02.0488 2652 W32Time - ok
15:17:02.0503 2652 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
15:17:02.0503 2652 WacomPen - ok
15:17:02.0519 2652 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:17:02.0519 2652 WANARP - ok
15:17:02.0534 2652 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:17:02.0534 2652 Wanarpv6 - ok
15:17:02.0628 2652 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
15:17:02.0659 2652 WatAdminSvc - ok
15:17:02.0862 2652 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
15:17:02.0893 2652 wbengine - ok
15:17:02.0924 2652 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
15:17:02.0924 2652 WbioSrvc - ok
15:17:02.0971 2652 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
15:17:02.0987 2652 wcncsvc - ok
15:17:03.0002 2652 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
15:17:03.0002 2652 WcsPlugInService - ok
15:17:03.0034 2652 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
15:17:03.0034 2652 Wd - ok
15:17:03.0112 2652 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:17:03.0112 2652 Wdf01000 - ok
15:17:03.0143 2652 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:17:03.0143 2652 WdiServiceHost - ok
15:17:03.0158 2652 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:17:03.0158 2652 WdiSystemHost - ok
15:17:03.0190 2652 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
15:17:03.0205 2652 WebClient - ok
15:17:03.0236 2652 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
15:17:03.0236 2652 Wecsvc - ok
15:17:03.0268 2652 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
15:17:03.0268 2652 wercplsupport - ok
15:17:03.0299 2652 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
15:17:03.0299 2652 WerSvc - ok
15:17:03.0314 2652 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:17:03.0314 2652 WfpLwf - ok
15:17:03.0330 2652 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:17:03.0330 2652 WIMMount - ok
15:17:03.0424 2652 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:17:03.0439 2652 winachsf - ok
15:17:03.0548 2652 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
15:17:03.0564 2652 WinDefend - ok
15:17:03.0580 2652 WinHttpAutoProxySvc - ok
15:17:03.0704 2652 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
15:17:03.0704 2652 Winmgmt - ok
15:17:03.0798 2652 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
15:17:03.0829 2652 WinRM - ok
15:17:03.0892 2652 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
15:17:03.0892 2652 WinUsb - ok
15:17:04.0001 2652 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
15:17:04.0048 2652 Wlansvc - ok
15:17:04.0204 2652 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:17:04.0235 2652 wlidsvc - ok
15:17:04.0360 2652 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:17:04.0360 2652 WmiAcpi - ok
15:17:04.0406 2652 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
15:17:04.0406 2652 wmiApSrv - ok
15:17:04.0469 2652 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:17:04.0500 2652 WMPNetworkSvc - ok
15:17:04.0594 2652 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
15:17:04.0609 2652 WPCSvc - ok
15:17:04.0625 2652 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
15:17:04.0625 2652 WPDBusEnum - ok
15:17:04.0672 2652 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:17:04.0672 2652 ws2ifsl - ok
15:17:04.0703 2652 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
15:17:04.0703 2652 wscsvc - ok
15:17:04.0718 2652 WSearch - ok
15:17:04.0874 2652 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
15:17:04.0921 2652 wuauserv - ok
15:17:05.0062 2652 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
15:17:05.0062 2652 WudfPf - ok
15:17:05.0093 2652 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:17:05.0108 2652 WUDFRd - ok
15:17:05.0124 2652 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
15:17:05.0124 2652 wudfsvc - ok
15:17:05.0171 2652 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
15:17:05.0171 2652 WwanSvc - ok
15:17:05.0186 2652 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
15:17:05.0186 2652 XAudio - ok
15:17:05.0264 2652 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe
15:17:05.0280 2652 XAudioService - ok
15:17:05.0296 2652 XDva391 - ok
15:17:05.0342 2652 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:17:05.0467 2652 \Device\Harddisk0\DR0 - ok
15:17:05.0483 2652 Boot (0x1200) (0e34d51976ccc4908a0f629353d0f5b4) \Device\Harddisk0\DR0\Partition0
15:17:05.0483 2652 \Device\Harddisk0\DR0\Partition0 - ok
15:17:05.0483 2652 Boot (0x1200) (63e7792658fb5c87a4cd189ea5879184) \Device\Harddisk0\DR0\Partition1
15:17:05.0483 2652 \Device\Harddisk0\DR0\Partition1 - ok
15:17:05.0483 2652 ============================================================
15:17:05.0483 2652 Scan finished
15:17:05.0483 2652 ============================================================
15:17:05.0498 3024 Detected object count: 0
15:17:05.0498 3024 Actual detected object count: 0
 
Here it is:

ComboFix 12-08-05.02 - Geoff 08/05/2012 15:25:58.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1876 [GMT -7:00]
Running from: c:\users\Geoff\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\install.exe
c:\program files\lol\LeagueOfLegends\0x0409.ini
c:\program files\lol\LeagueOfLegends\data1.cab
c:\program files\lol\LeagueOfLegends\data1.hdr
c:\program files\lol\LeagueOfLegends\data2.cab
c:\program files\lol\LeagueOfLegends\ISSetup.dll
c:\program files\lol\LeagueOfLegends\layout.bin
c:\program files\lol\LeagueOfLegends\setup.exe
c:\program files\lol\LeagueOfLegends\setup.ini
c:\program files\lol\LeagueOfLegends\setup.inx
c:\program files\lol\LeagueOfLegends\setup.isn
c:\users\Geoff\AppData\Local\assembly\tmp\2G4HICEB\__AssemblyInfo__.ini
c:\users\Geoff\AppData\Local\assembly\tmp\2G4HICEB\Google.Connect.Plugin.DLL
c:\users\Geoff\AppData\Local\assembly\tmp\3GQWI89E\__AssemblyInfo__.ini
c:\users\Geoff\AppData\Local\assembly\tmp\3GQWI89E\Interop.Office.DLL
c:\users\Geoff\AppData\Local\assembly\tmp\6Y9RUZCL\__AssemblyInfo__.ini
c:\users\Geoff\AppData\Local\assembly\tmp\B03ICXZO\__AssemblyInfo__.ini
c:\users\Geoff\AppData\Local\assembly\tmp\EIG7N6EQ\__AssemblyInfo__.ini
c:\users\Geoff\AppData\Local\assembly\tmp\ZJD09CGK\__AssemblyInfo__.ini
c:\users\Geoff\AppData\Local\Microsoft\Windows\Temporary Internet Files\{197DABC5-CECF-4467-8BF2-E91BCA98B8A3}.xps
c:\users\Geoff\videos\ac3filter_1_63b.exe
c:\users\Geoff\videos\DivXInstaller.exe
c:\users\Geoff\videos\GoogleEarthSetup.exe
c:\users\Geoff\videos\vlc-1.1.11-win32.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 22:38 . 2012-08-05 22:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 17:53 . 2012-08-05 17:53 -------- d-----w- C:\FRST
2012-08-04 23:45 . 2012-08-04 23:45 -------- d-----w- c:\users\Geoff\AppData\Roaming\Malwarebytes
2012-08-04 23:44 . 2012-08-04 23:44 -------- d-----w- c:\programdata\Malwarebytes
2012-08-04 23:44 . 2012-08-04 23:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-04 23:44 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-03 23:34 . 2012-08-04 02:27 -------- d-----w- c:\program files\Diablo III
2012-08-03 21:17 . 2012-08-03 21:17 -------- d-----w- c:\users\Geoff\AppData\Roaming\FixZeroAccess
2012-08-03 20:53 . 2012-08-04 03:58 -------- d-----w- c:\program files\Symantec
2012-08-03 20:53 . 2012-08-04 03:57 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-08-03 20:53 . 2012-08-03 21:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-08-03 20:52 . 2012-08-04 18:17 -------- d-----w- c:\windows\system32\drivers\NIS
2012-08-03 20:52 . 2012-08-03 20:52 -------- d-----w- c:\program files\Norton Internet Security
2012-08-03 20:49 . 2012-08-03 20:49 -------- d-----w- c:\program files\NortonInstaller
2012-08-03 20:13 . 2012-08-03 20:13 -------- d-----w- c:\users\Geoff\AppData\Roaming\SPE
2012-08-03 20:04 . 2012-08-03 23:33 -------- d-----w- c:\users\Geoff\AppData\Local\CrashDumps
2012-08-03 20:03 . 2012-08-03 21:15 -------- d-----w- c:\users\Geoff\AppData\Local\NPE
2012-08-03 20:03 . 2012-08-03 20:53 -------- d-----w- c:\programdata\Norton
2012-08-02 04:46 . 2012-08-02 04:46 1744912 ----a-w- c:\windows\system32\winsflt.dll
2012-08-02 04:46 . 2011-06-29 21:27 2760720 ----a-w- c:\windows\system32\svcprs32.exe
2012-08-02 04:46 . 2011-06-29 21:23 98320 ----a-w- c:\windows\system32\winsfinst.exe
2012-08-02 04:46 . 2011-06-29 21:22 4108304 ----a-w- c:\windows\system32\win32cpr.dll
2012-08-02 04:46 . 2011-06-29 21:20 3207184 ----a-w- c:\windows\system32\mdmcls32.exe
2012-08-02 04:46 . 2011-06-29 20:53 2990096 ----a-w- c:\windows\system32\winsflte.dll
2012-07-30 00:46 . 2002-01-01 21:02 7440 ----a-w- c:\windows\system32\sporder.dll
2012-07-30 00:46 . 2012-07-30 00:46 -------- d-----w- c:\program files\Common Files\InstallShield
2012-07-30 00:43 . 2012-07-30 00:43 -------- d-----w- c:\program files\Total Defense
2012-07-30 00:00 . 2012-08-03 21:04 -------- d-----w- c:\programdata\CA
2012-07-26 22:53 . 2012-07-26 22:53 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-26 15:28 . 2012-07-26 15:28 -------- d-----w- c:\users\Export
2012-07-25 01:02 . 2012-07-26 22:53 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-07-24 19:40 . 2012-07-24 19:40 -------- d-----w- c:\program files\GUMA92A.tmp
2012-07-24 19:01 . 2012-07-24 19:01 4024320 ----a-w- c:\program files\GUTF4C7.tmp
2012-07-24 19:01 . 2012-07-24 19:01 4024320 ----a-w- c:\program files\GUTF3DD.tmp
2012-07-24 19:01 . 2012-07-24 19:01 -------- d-----w- c:\program files\GUMF4C6.tmp
2012-07-24 19:01 . 2012-07-24 19:01 -------- d-----w- c:\program files\GUMF3CC.tmp
2012-07-10 04:07 . 2012-07-10 04:07 -------- d-----w- c:\programdata\FNP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 21:57 . 2012-04-12 21:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 21:57 . 2011-07-14 02:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-30 00:43 . 2012-07-30 00:43 9072 ----a-w- c:\windows\system32\drivers\28169
2012-06-03 19:50 . 2012-06-03 19:50 9072 ----a-w- c:\windows\system32\drivers\4284
2012-06-02 22:19 . 2012-06-18 22:05 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-18 22:05 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-18 22:05 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-18 22:05 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-18 22:05 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-18 22:05 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-18 22:05 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-18 22:05 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-18 22:05 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-08-02 14:56 . 2011-07-14 01:58 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-12-06 19:56 . 2011-12-06 19:56 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Geoff\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Geoff\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Geoff\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 22:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 22:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 22:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 22:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-12-06 30192]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Geoff\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-04-04 05:53 815512 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-04-04 05:53 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2012-03-13 12:37 3331872 ----a-w- c:\users\Geoff\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-31 03:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BIBLauncher]
2011-03-15 22:02 901600 ----a-w- c:\program files\Business-in-a-Box\BIBLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2009-05-27 00:46 1159168 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-07-25 17:08 2569616 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 18:26 114688 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-17 15:19 3671872 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKAiO2StatusMonitor]
2011-03-25 07:03 2421760 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-14 16:46 136176 ----atw- c:\users\Geoff\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2012-07-20 22:17 12218904 ----a-w- c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ida]
2011-09-01 22:43 27368 ----a-w- c:\program files\Ida\IdaLaunch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-11-16 17:27 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-26 00:42 54672 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 22:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-02-18 18:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-08-04 02:28 1353080 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 06:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolboxFX]
2010-10-25 21:40 58936 ----a-w- c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe
.
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 ArcGIS License Manager;ArcGIS License Manager;c:\program files\ArcGIS\License10.1\bin\lmgrd.exe [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\FirebirdSQL\bin\fbguard.exe [x]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\FirebirdSQL\bin\fbserver.exe [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [x]
R3 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\CA\PCPitstopScheduleService.exe [x]
R3 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
R4 Agent;Agent;c:\windows\agent.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1307010.005\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1307010.005\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307010.005\ccSetx86.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120803.002\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1307010.005\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1307010.005\SYMNETS.SYS [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 93718449
*Deregistered* - 93718449
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 21:57]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-24 19:32]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-24 19:32]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-168794860-1045125424-4017413192-1000Core.job
- c:\users\Geoff\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 16:46]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-168794860-1045125424-4017413192-1000UA.job
- c:\users\Geoff\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 16:46]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
FF - ProfilePath - c:\users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\2spvngjj.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&from=login
.
- - - - ORPHANS REMOVED - - - -
.
Notify-PFW - (no file)
MSConfigStartUp-ATICustomerCare - c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
HKLM_ActiveSetup-Neat ADF Scanner 2008 - reg copy HKLM\Software\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008
HKLM_ActiveSetup-Send To Neat - reg copy HKLM\Software\The Neat Company\Send To Neat HKCU\Software\The Neat Company\Send To Neat
AddRemove-eTrust Suite Personal - c:\program files\Total Defense\Internet Security Suite\caunst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2320)
c:\users\Geoff\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-08-05 15:41:48
ComboFix-quarantined-files.txt 2012-08-05 22:41
.
Pre-Run: 145,387,778,048 bytes free
Post-Run: 145,102,721,024 bytes free
.
- - End Of File - - 1E1A88D91CB7B654CD58F3E75E427583
 
Looks good :)

How is computer doing?

=================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

====================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.05.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Geoff :: OMNICRONPERSEI8 [administrator]

Protection: Enabled

8/5/2012 4:15:57 PM
mbam-log-2012-08-05 (16-15-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224371
Time elapsed: 4 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
You must log in or register to reply here.

Similar threads

C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
B
Solved MachineLearning/Anomalous.94%
2
Replies
29
Views
11K
Broni
Broni
L
  • Locked
Inactive Plagued by Unknown Malware
Replies
1
Views
1K
Broni
Broni

Latest posts

Back