dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
4337

speedtennis
@comcast.net

speedtennis

Anon

[Trojan] Laptop Infected with Audio Advertisements

mbam-log-201···-32).txt
1,982 bytes
MBAM log
AdwCleaner[S1].txt
1,357 bytes
AdwCleaner log
OTL.Txt
77,688 bytes
OTL.txt
Extras.Txt
90,634 bytes
Extras.txt
checkup.txt
1,013 bytes
checkup.txt
esetlog.txt
224 bytes
ESET online scan log
mbam-log-201···-45).txt
2,064 bytes
MBAM log from 4/27/2013
  
PC Laptop became slow and overheats quickly. Windows Explorer stops working. Computer shuts down. Constant audio "popups" of random advertisements and strange audio commentary, one of them in French language.

In the Manage Add-ons screen I noticed "Adobe Systems Incorporated - Shockwave Flash Object" and I disabled this add on.

I have followed all of the "Mandatory Steps" and completed all the scans including:

TFC - this seemed to finish but I had to force the close because even though it said completed, a green bar kept moving right and it would not exit.

Malwarebytes
AdwCleaner
OTL
Security Check
ESET Online Scan - this found two trojans

I am also attaching an MBAM log from 4/27/2013 (one day before I competed your FAQ steps) This log shows a trojan that was deleted.

Thank You!

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

LoPhatPhuud

MVM

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.28.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Brad :: BRAD-LAPTOP [administrator]

Protection: Enabled

4/28/2013 4:51:32 PM
mbam-log-2013-04-28 (16-51-32).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 609806
Time elapsed: 1 hour(s), 33 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
LoPhatPhuud

LoPhatPhuud to speedtennis

MVM

to speedtennis
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.27.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Brad :: BRAD-LAPTOP [administrator]

Protection: Enabled

4/27/2013 3:30:45 AM
mbam-log-2013-04-27 (03-30-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 297410
Time elapsed: 17 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Brad\AppData\Local\Temp\E4C6.tmp (Trojan.Agent.KB) -> Quarantined and deleted successfully.

(end)
LoPhatPhuud

LoPhatPhuud to speedtennis

MVM

to speedtennis
# AdwCleaner v2.300 - Logfile created 04/28/2013 at 18:33:44
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Brad - BRAD-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Brad\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Program Files (x86)\FunWebProducts
Folder Deleted : C:\Program Files (x86)\xfin_portal
Folder Deleted : C:\Users\Brad\AppData\LocalLow\xfin_portal
Folder Deleted : C:\Users\Brad\AppData\Roaming\iWin

***** [Registry] *****

Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [1230 octets] - [28/04/2013 18:33:44]

########## EOF - C:\AdwCleaner[S1].txt - [1290 octets] ##########
LoPhatPhuud

LoPhatPhuud to speedtennis

MVM

to speedtennis
OTL logfile created on: 4/28/2013 7:31:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brad\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 50.18% Memory free
5.49 Gb Paging File | 3.86 Gb Available in Paging File | 70.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.07 Gb Total Space | 124.27 Gb Free Space | 56.73% Space Free | Partition Type: NTFS
Drive D: | 13.52 Gb Total Space | 2.24 Gb Free Space | 16.60% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 95.72 Mb Free Space | 96.51% Space Free | Partition Type: FAT32

Computer Name: BRAD-LAPTOP | User Name: Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/04/28 19:29:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/06/15 20:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:64bit: - [2009/08/04 22:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/21 19:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 20:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 15:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/25 08:35:28 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013/03/12 16:14:16 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/06/15 20:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/21 19:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/02 15:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/05 20:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 20:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/06 22:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/06/02 22:42:42 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/05/21 19:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/03/29 00:28:38 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/03/29 00:28:25 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2012/03/29 00:06:25 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/25 21:17:48 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/02 16:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/04 23:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/21 19:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/23 00:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/04 23:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 19:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/03/09 08:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012/10/18 07:04:53 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121017.019\ex64.sys -- (NAVEX15)
DRV - [2012/10/18 07:04:53 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121017.019\eng64.sys -- (NAVENG)
DRV - [2012/09/23 10:09:01 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121017.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/31 16:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120928.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{A2585EB8-99B8-40E8-9551-4540340726B3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{C8D9133C-1599-484B-9CAF-E34C5A85BCA2}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{A2585EB8-99B8-40E8-9551-4540340726B3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{C8D9133C-1599-484B-9CAF-E34C5A85BCA2}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ksl.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 8A AD 14 7B 90 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/CQNOT/1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{A2585EB8-99B8-40E8-9551-4540340726B3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{C8D9133C-1599-484B-9CAF-E34C5A85BCA2}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKCU\..\SearchScopes\{FB48B168-84BB-CCE3-D32D-94102F37C5B0}: "URL" = http://apl.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z079&partner_id=314&product_id=677&affiliate_id=&channel=6-08172011&toolbar_id=30&toolbar_version=5.0.0.0&install_country=US&install_date=20110818&user_guid=56354D9048EE468E88467FA249D4DF3C&machine_id=ef133a8d04e022c865027277449439a7&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Brad\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/30 22:08:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012/12/13 20:22:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2012/12/13 20:22:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.34\coFFFw\

[2012/04/08 12:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2013/04/26 22:54:21 | 000,000,845 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ECADC12-EEED-47DD-8D26-116B098DC062}: DhcpNameServer = 40.5.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB8AE3E4-7CEA-4FA2-BBD3-A6D11F7F86E3}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/04/28 19:29:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2013/04/28 16:44:03 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Brad\Desktop\TFC.exe
[2013/04/27 03:21:43 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\Malwarebytes
[2013/04/27 03:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/27 03:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/27 03:21:05 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/27 03:21:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/27 03:19:08 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Brad\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/27 02:50:00 | 020,327,024 | ---- | C] (Microsoft Corporation) -- C:\Users\Brad\Desktop\Windows-KB890830-x64-V4.19.exe
[2013/04/27 02:47:10 | 019,622,496 | ---- | C] (Microsoft Corporation) -- C:\Users\Brad\Desktop\Windows-KB890830-V4.19.exe
[2013/04/27 01:54:51 | 070,490,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2013/04/11 03:02:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/11 03:02:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/11 03:01:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/11 03:01:58 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/11 03:01:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/11 03:01:58 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/11 03:01:58 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/11 03:01:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/11 03:01:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/11 03:01:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/11 03:01:57 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/11 03:01:57 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/11 03:01:55 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/11 03:01:55 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/11 03:01:55 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/10 16:17:48 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/04/10 16:17:48 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/04/10 16:17:48 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/04/10 16:17:48 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/04/10 16:17:48 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/04/10 16:17:47 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/04/10 16:17:39 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 16:17:38 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 16:17:38 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 16:17:37 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 16:17:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 16:17:37 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/04/28 19:35:03 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/28 19:35:03 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/28 19:31:56 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/28 19:31:56 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/28 19:31:56 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/28 19:29:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2013/04/28 19:25:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/28 18:38:40 | 2211,602,432 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/28 18:32:56 | 000,628,743 | ---- | M] () -- C:\Users\Brad\Desktop\adwcleaner.exe
[2013/04/28 18:19:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/28 16:44:03 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\TFC.exe
[2013/04/27 03:33:19 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBrad.job
[2013/04/27 03:21:12 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/27 03:19:08 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Brad\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/27 02:50:25 | 020,327,024 | ---- | M] (Microsoft Corporation) -- C:\Users\Brad\Desktop\Windows-KB890830-x64-V4.19.exe
[2013/04/27 02:47:23 | 019,622,496 | ---- | M] (Microsoft Corporation) -- C:\Users\Brad\Desktop\Windows-KB890830-V4.19.exe
[2013/04/26 22:54:21 | 000,000,845 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/04/11 07:42:58 | 000,353,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/01 19:48:44 | 070,490,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/04/28 18:32:22 | 000,628,743 | ---- | C] () -- C:\Users\Brad\Desktop\adwcleaner.exe
[2013/04/27 03:21:12 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/11 09:45:28 | 000,000,140 | ---- | C] () -- C:\ProgramData\oxy_reg.dse
[2012/06/27 11:06:27 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2012/03/23 14:35:56 | 000,377,826 | ---- | C] () -- C:\Users\Brad\.DLMSave_back.xml
[2012/03/23 14:35:56 | 000,377,826 | ---- | C] () -- C:\Users\Brad\.DLMSave.xml
[2012/03/23 14:34:27 | 000,001,238 | ---- | C] () -- C:\Users\Brad\.Setting.ini
[2012/01/29 13:53:12 | 000,000,455 | ---- | C] () -- C:\Windows\Disney.ini
[2011/03/12 16:09:10 | 000,001,854 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\GhostObjGAFix.xml
[2011/02/02 00:28:02 | 000,001,950 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\wklnhst.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2013/04/27 00:28:18 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\.minecraft
[2011/06/17 16:02:59 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\2monkeys
[2011/06/11 18:52:59 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Archibald's Adventures
[2011/06/08 20:14:26 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\dingogames
[2012/04/10 16:16:44 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\DriverCure
[2013/03/26 09:42:54 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Dropbox
[2012/12/13 18:27:26 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\ID Vault
[2011/10/30 21:09:57 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Namco
[2013/01/05 19:25:34 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Origin
[2011/06/08 12:15:03 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\PlayFirst
[2012/04/10 16:16:43 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\SpeedyPC Software
[2012/12/27 15:00:01 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\SPORE
[2013/03/26 09:43:07 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Spotify
[2011/02/02 00:28:10 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Template
[2012/05/12 11:18:01 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\WildTangent

[color=#E56717]========== Purity Check ==========[/color]
LoPhatPhuud

LoPhatPhuud to speedtennis

MVM

to speedtennis
OTL Extras logfile created on: 4/28/2013 7:31:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brad\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 50.18% Memory free
5.49 Gb Paging File | 3.86 Gb Available in Paging File | 70.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.07 Gb Total Space | 124.27 Gb Free Space | 56.73% Space Free | Partition Type: NTFS
Drive D: | 13.52 Gb Total Space | 2.24 Gb Free Space | 16.60% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 95.72 Mb Free Space | 96.51% Space Free | Partition Type: FAT32

Computer Name: BRAD-LAPTOP | User Name: Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{102F8C28-276C-4E79-82FE-E3D77227CBDC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1150D237-9CA1-4D20-94AB-EABA99E1FFC9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1910B48B-AFA1-4CFC-AA76-F57C91BF2652}" = lport=137 | protocol=17 | dir=in | app=system |
"{192EEFEA-22CB-4E8D-BE99-912DE67436BE}" = lport=445 | protocol=6 | dir=in | app=system |
"{2308FF9F-7582-4F9D-A1E1-111CE49C6761}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{260E03EA-3134-4B93-B6E3-1BD8DF195D26}" = rport=138 | protocol=17 | dir=out | app=system |
"{2686DA83-340D-44BA-9696-E4A21EF02D59}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2CA874DF-AD97-459B-8E51-8AA9D73D62AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{316F2F99-9460-4040-B84D-BEB2CB888DEE}" = rport=137 | protocol=17 | dir=out | app=system |
"{33A364E0-4CAB-45D8-A31C-92F3BBABE045}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{424182A6-F7A2-4B77-B4B6-CD9A68B60436}" = lport=139 | protocol=6 | dir=in | app=system |
"{4365731E-754D-4E3B-A367-278D76AC1D6F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{813FEF9A-74D2-4D14-A206-F9F557FDD7AA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{88F3E4E4-E16F-4752-AE6A-EAB43AFA5189}" = rport=445 | protocol=6 | dir=out | app=system |
"{8F8CFAE3-7E6E-43A4-B733-88BDD1BF2915}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95BA040F-95C7-4FB0-83BE-2613B26E149B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A817FECD-82DF-496D-8A9E-3DC13BDA6197}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B338D8A5-8FFC-474C-B42D-B7178D8BB01E}" = rport=139 | protocol=6 | dir=out | app=system |
"{BA2DA058-FD21-49EE-9500-40EE7A2326D2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE53EC56-6CF8-4C95-B40D-50BAE1827ED1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C61E5FCE-352D-4751-9E58-39D918BBD550}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA07E9B2-0DFE-41EB-9EB6-1525BACC335E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED3361B7-3AF5-4B00-BC32-50EDD3BEB51B}" = lport=138 | protocol=17 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{091A5DB2-FC74-4233-AE5A-BEB0DE49C807}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{126E5338-86F9-4247-BC24-031813EE87B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A10BA16-82C6-4B87-92F9-6F226B5E57D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1A47D16C-220C-4BE9-81FB-76087BA0C076}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{21DEBC48-51E9-4EBE-8CB4-3A166F798E32}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2D99E626-F859-4703-9352-F7FCEB487360}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{369094F9-F715-46F4-97D8-1B9145F6E864}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3863BA09-0FCD-4A09-A5FF-7335B0A58C5F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3FFB22F8-F64D-41D6-9827-9FC2E9942DFE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{48D2E1FA-67C0-4EC2-AEF9-712586434F8E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C819DC4-CA5E-4693-B953-89C5D813354C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{4F9D6110-4554-4DE0-A54D-CAABA36F122E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5D9F4E49-6237-48F1-9C31-86DF372B8868}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{5E18CAA5-FCA1-4D31-93B4-67D63A9A3E45}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5F4D5738-1D46-4F61-A7E7-FCE79BA4038E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{676B7E55-13BE-4BC8-9926-3CAFAA782265}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{7A832D8C-6FBE-4BBB-9381-5E779418E40C}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{7E18774D-A8D5-495A-AC5B-C64BB0287094}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{850F39F1-A080-441A-91FA-6019DEC6D79E}" = protocol=6 | dir=out | app=system |
"{8A98F43E-38F6-4245-BD18-5B8DE46CE872}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{973BC663-664C-41FD-8C58-D14ECD93A649}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{9D2A1757-E019-4AF6-96AB-9AB53BF1D353}" = protocol=6 | dir=in | app=c:\users\brad\appdata\roaming\dropbox\bin\dropbox.exe |
"{9E3DDD66-4BAF-417E-8EBA-554AEC7E796A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AF8F2598-D139-4AAD-A2C5-61034C92794B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B851FC03-7FAA-4FC0-9B2A-7AC6B2C47C85}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B9270A52-75C4-48AD-920E-EA817A368F2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C9EF5BB2-8B94-4CDB-9A9B-351701F8F148}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DE156C0F-2E36-403F-84F3-6EFF7E45E12E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E42A22FF-B2A3-4C7B-B118-B00D53598C8E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4816A7F-2391-4F7F-82ED-B00881340C29}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EC6F6307-893E-46AE-9ACB-120E3DA617BE}" = protocol=17 | dir=in | app=c:\users\brad\appdata\roaming\dropbox\bin\dropbox.exe |
"{EE7B3AF4-AE1E-4B88-A4EB-450C33B7AC9D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F091803A-643C-4F26-A177-75EE965491AC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F5B49A6F-EBAE-4E78-A851-50263575C858}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{19622432-6181-413A-8E7C-3F258D3104C0}C:\users\carter\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\carter\appdata\local\akamai\netsession_win.exe |
"TCP Query User{390F610A-9719-4AF5-86CD-BE715E1576E3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{625FC3C0-34E7-457F-B282-33BFC1DC8B2A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{8FEE38D5-01EC-4B42-A700-EAC85035C00C}C:\users\brad\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\brad\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{9AC5E06E-9099-4DDF-A773-76C899986D4E}C:\users\carter\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\carter\appdata\local\akamai\netsession_win.exe |
"TCP Query User{C685C7F4-D8A4-457D-8D62-6EC3E9356147}C:\users\brad\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\brad\appdata\roaming\spotify\spotify.exe |
"UDP Query User{38ABA35B-B6CE-4A9B-9083-C053388DD4B5}C:\users\brad\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\brad\appdata\roaming\spotify\spotify.exe |
"UDP Query User{6279E5AA-C9A5-4B93-AFA4-0639B8DAC008}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{9F5DD717-49DB-4C15-9300-EC309547F52A}C:\users\carter\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\carter\appdata\local\akamai\netsession_win.exe |
"UDP Query User{DA837986-0767-4C3B-9B92-D10BE6E7967E}C:\users\brad\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\brad\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{ED7B4397-9FDA-4E1F-830D-EC44A2AFA214}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{F50E608C-1E1F-4E8B-9763-BB5E2A8A170B}C:\users\carter\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\carter\appdata\local\akamai\netsession_win.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416038FF}" = Java(TM) 6 Update 38 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}" = ATI Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E787AC54-0E56-A6DF-7BDB-AAC360813B6C}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07E49BC1-24FF-4D7A-AC74-727BE95801AF}" = LightScribe System Software
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0868BCEA-C983-1450-3ACB-79411138ACB0}" = Catalyst Control Center Core Implementation
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0FA359BD-666B-5135-B712-852F21504E96}" = Catalyst Control Center Graphics Previews Vista
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{152C18DA-4270-FAF2-DE48-8A7286BD1FB1}" = CCC Help Japanese
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21B5704D-788D-F083-A5E0-94B0390889F5}" = Catalyst Control Center InstallProxy
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216038FF}" = Java(TM) 6 Update 38
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FC32740-5BF8-F11E-1257-80A41497B9F1}" = Catalyst Control Center Graphics Light
"{337E0592-9B00-AF1D-B10C-16225B981C96}" = CCC Help Thai
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{36214841-EA3C-DA47-7F29-E6A16231702E}" = CCC Help Dutch
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BC080DE-CF23-E18E-0678-47CA2E70C1CD}" = Catalyst Control Center Graphics Full New
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47365A91-7A32-5C08-927C-17F27D9F0E50}" = Catalyst Control Center Graphics Previews Common
"{47BD6184-519F-C649-6A5C-58234406B62C}" = CCC Help Italian
"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B57F6F3-5577-7158-A8F7-9E71547F8B7C}" = CCC Help Finnish
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{5708788D-EC95-7D4A-C0D8-CB393C9E90AC}" = CCC Help Hungarian
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{675ABEBC-DBA1-FF26-52BF-697FF5012CA1}" = CCC Help Spanish
"{68910580-F9FF-91E0-8AFE-86D49DD07AE4}" = CCC Help Russian
"{6B57CF04-5182-9DED-CCD4-84DAC76784D4}" = CCC Help Swedish
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71B7E1DE-4913-5E2E-2B83-B90C3BB308BA}" = ccc-core-static
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DA2FB1E-31A5-54A6-91AC-9EDCA6258F40}" = CCC Help French
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8DF8417C-07F9-22AA-019E-7F761437BFAC}" = CCC Help Polish
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90E03F32-42EC-A16D-8146-A4E2F0FC9588}" = CCC Help English
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91B36C7F-0796-5A98-D1BA-C29C8D24396F}" = CCC Help Portuguese
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A0A47CD2-749A-97BD-C4AE-862EFA38CAC1}" = CCC Help Danish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A44CD09A-6D0F-08EC-8B80-6FD5EF62598B}" = CCC Help Czech
"{A5786D80-1FAE-577A-C448-9C61274E9F7B}" = CCC Help Turkish
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.4 MUI
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF6B5CC8-55F5-55BC-2E2A-2B192EA79E16}" = CCC Help Greek
"{C2AFB298-CD06-BCF0-16CD-FB506E07B262}" = CCC Help Norwegian
"{C2FFBCE8-3A0D-154C-EE84-47B189E79D60}" = CCC Help German
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CB71B7E6-3156-2DB6-3800-6B853D5D6EF6}" = Catalyst Control Center Graphics Full Existing
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8029B62-C3D6-E02D-A98E-07AFEA8CDF79}" = Catalyst Control Center Localization All
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{EC1F6690-DE55-4B9E-C556-EE1558EAB7A5}" = CCC Help Chinese Standard
"{EC83C809-3943-830A-ED5C-C569267E4804}" = CCC Help Korean
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F06365EC-061E-48C3-B761-E1816658D618}" = 3DVIA player 5.0.0.20
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F696BBD9-A383-4F54-155B-451A15482C89}" = CCC Help Chinese Traditional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Akamai" = Akamai NetSession Interface Service
"Arthur's Wilderness Rescue" = Arthur's Wilderness Rescue
"eMusic Download Manager 5.0.5" = eMusic Download Manager
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"N360" = Norton 360
"Origin" = Origin
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winnie the Pooh Toddler" = Disney's Winnie the Pooh Toddler
"WTA-027bf7a2-3e63-4613-81ca-0d3f999bc0c8" = Flip or Flop
"WTA-154b1637-cb92-442b-9b23-b5909af558a2" = Dam Beavers
"WTA-1cb68d75-5508-4948-bcab-11054748dde0" = World of Goo
"WTA-1d36b07e-20a2-4580-83ba-28236a268e8b" = Frogs vs. Storks
"WTA-2b4e9e2a-10a7-4306-aaaf-9a1896854295" = 1 Penguin 100 Cases
"WTA-35d41c78-4087-44d3-bb18-14a65158981e" = Banana Bugs (TM)
"WTA-394592f1-f12d-4a00-86a0-32bf5298ca43" = Eets
"WTA-3c370827-9643-4e62-843b-eb3450ab776c" = Crazy Machines 2
"WTA-41fd88f3-f8f4-440a-8336-1186763523d6" = Dynomite
"WTA-42c8610b-fde9-45cb-8e30-3948731d41d8" = Aaaaa! - A Reckless Disregard for Gravity
"WTA-47476a85-fa2c-4582-9d78-3b072bed5bda" = Chicken Invaders 4: Ultimate Omelette
"WTA-5af018ed-dce5-4404-84f1-766770f1a56a" = Plant Tycoon
"WTA-5e399671-6771-4ab5-a755-2c5eb419e675" = Super Granny
"WTA-664676e3-ba26-48f3-854a-055bb94903ce" = Tasty Planet: Back for Seconds
"WTA-73524e05-ba00-43fa-abc6-471e6c151b54" = Blasterball 2: Holidays
"WTA-7b11161d-5afb-4d5f-aa80-c139a6494311" = Balloon Blast
"WTA-89dcc604-f252-47c6-a374-de04ca6658a8" = Farm 2
"WTA-8b68deb0-b7a5-4170-b64f-7cf40fcce602" = Blasterball 2: Remix
"WTA-a2c54740-6088-4766-8983-b38e96caa82d" = Zuma's Revenge
"WTA-a4141e47-e1de-45e1-8014-ae86c2f4ee92" = Tasty Planet
"WTA-a9352ef5-77db-40b0-b85b-75304148deaa" = NagiQ
"WTA-af844151-0386-40da-8366-863f25be18be" = Crickler Crosswords
"WTA-c16aabe6-8c8c-4b77-a0be-dfc9545908d1" = Namco All-Stars: PAC-MAN
"WTA-ca13ca94-a1ea-45c8-938e-fec9e258a24d" = Archibald's Adventures
"WTA-d367e99c-7003-4786-b679-f489ea27ba6c" = Lemonade Tycoon 2
"WTA-d3e6a346-ea5c-49f7-902c-e1bee1e5a557" = Astroslugs
"WTA-d705d148-649a-47f7-b7d5-23e4d0697ac4" = Crazy Machines - The Inventor's Workshop
"WTA-edda0858-ffe6-4246-b0d9-ed540fb4edc0" = Super Yum Yum: Puzzle Adventures
"WTA-eedc5e11-3b55-4674-b167-f1ec6cea8be8" = Blasterball 3
"YTdetect" = Yahoo! Detect

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 4/26/2013 6:42:05 PM | Computer Name = Brad-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000094 Fault offset: 0x000000000001845b Faulting process id: 0x130 Faulting
application start time: 0x01ce42c185776c57 Faulting application path: C:\Windows\system32\svchost.exe
Faulting
module path: unknown Report Id: 844477d3-aec2-11e2-8f33-c80aa90f29ed

Error - 4/26/2013 7:51:42 PM | Computer Name = Brad-Laptop | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16476 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: bb8 Start
Time: 01ce42d8a6793e4c Termination Time: 5 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 4/26/2013 8:04:17 PM | Computer Name = Brad-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time
stamp: 0x4eeb033f Exception code: 0xc0000005 Fault offset: 0x00000000000058a2 Faulting
process id: 0x128 Faulting application start time: 0x01ce42dab96871e1 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\msvcrt.dll
Report
Id: 00661f92-aece-11e2-963f-c217feac2e11

Error - 4/26/2013 8:08:32 PM | Computer Name = Brad-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000094 Fault offset: 0x000000000001845b Faulting process id: 0xbdc Faulting
application start time: 0x01ce42dac619a834 Faulting application path: C:\Windows\system32\svchost.exe
Faulting
module path: unknown Report Id: 97fa7941-aece-11e2-963f-c217feac2e11

Error - 4/26/2013 11:42:30 PM | Computer Name = Brad-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time
stamp: 0x4eeb033f Exception code: 0xc0000005 Fault offset: 0x00000000000058a2 Faulting
process id: 0x130 Faulting application start time: 0x01ce42f931eb2c88 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\msvcrt.dll
Report
Id: 7c525cad-aeec-11e2-984a-c217feac2e11

Error - 4/27/2013 12:04:36 AM | Computer Name = Brad-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time
stamp: 0x4eeb033f Exception code: 0xc0000005 Fault offset: 0x00000000000058a2 Faulting
process id: 0x140 Faulting application start time: 0x01ce42fc4b45af7d Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\msvcrt.dll
Report
Id: 92ad9a84-aeef-11e2-88f0-c217feac2e11

Error - 4/27/2013 2:22:55 AM | Computer Name = Brad-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x0000000000016664 Faulting process id: 0x17c Faulting
application start time: 0x01ce430edfd8b805 Faulting application path: C:\Windows\system32\svchost.exe
Faulting
module path: unknown Report Id: e52040c4-af02-11e2-b082-c80aa90f29ed

Error - 4/27/2013 2:27:24 AM | Computer Name = Brad-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000004e4b4 Faulting
process id: 0x10c0 Faulting application start time: 0x01ce430fcbdc5013 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 8599d5f3-af03-11e2-b082-c80aa90f29ed

Error - 4/27/2013 6:25:32 AM | Computer Name = Brad-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: MSHTML.dll, version: 9.0.8112.16476, time
stamp: 0x5127144f Exception code: 0xc0000005 Fault offset: 0x00000000003bda04 Faulting
process id: 0x128 Faulting application start time: 0x01ce4331361f939e Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: c9b57e37-af24-11e2-9cda-c217feac2e11

Error - 4/28/2013 6:48:33 PM | Computer Name = Brad-Laptop | Source = Application Hang | ID = 1002
Description = The program TFC.exe version 3.1.9.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 3bc Start Time:
01ce4461f4c44304 Termination Time: 20 Application Path: C:\Users\Brad\Desktop\TFC.exe

Report
Id:

Error - 4/28/2013 9:43:10 PM | Computer Name = Brad-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: MSHTML.dll, version: 9.0.8112.16476, time
stamp: 0x5127144f Exception code: 0xc0000005 Fault offset: 0x00000000003bda04 Faulting
process id: 0x178 Faulting application start time: 0x01ce4478803e273e Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: 2594b273-b06e-11e2-9a24-c80aa90f29ed

[ Hewlett-Packard Events ]
Error - 10/18/2012 11:19:19 AM | Computer Name = Brad-Laptop | Source = HPSF.exe | ID = 4000
Description =

Error - 10/18/2012 11:21:35 AM | Computer Name = Brad-Laptop | Source = HPSF.exe | ID = 4000
Description =

Error - 10/18/2012 11:22:27 AM | Computer Name = Brad-Laptop | Source = HPSF.exe | ID = 4000
Description =

Error - 10/18/2012 11:25:54 AM | Computer Name = Brad-Laptop | Source = HPSF.exe | ID = 4000
Description =

Error - 10/18/2012 12:34:17 PM | Computer Name = Brad-Laptop | Source = HPSF.exe | ID = 4000
Description =

Error - 10/20/2012 12:32:15 PM | Computer Name = Brad-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2812 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 10/27/2012 12:06:32 PM | Computer Name = Brad-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2812 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()

Error - 11/3/2012 12:04:13 PM | Computer Name = Brad-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2812 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 11/10/2012 1:48:34 PM | Computer Name = Brad-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2812 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()

Error - 11/17/2012 1:14:36 PM | Computer Name = Brad-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2812 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

[ System Events ]
Error - 4/28/2013 9:46:37 PM | Computer Name = Brad-Laptop | Source = Service Control Manager | ID = 7031
Description = The System Event Notification Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 4/28/2013 9:46:37 PM | Computer Name = Brad-Laptop | Source = Service Control Manager | ID = 7031
Description = The Shell Hardware Detection service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 4/28/2013 9:46:37 PM | Computer Name = Brad-Laptop | Source = Service Control Manager | ID = 7031
Description = The Themes service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 4/28/2013 9:46:37 PM | Computer Name = Brad-Laptop | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 4/28/2013 9:46:37 PM | Computer Name = Brad-Laptop | Source = Service Control Manager | ID = 7031
Description = The Windows Update service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 4/28/2013 9:47:37 PM | Computer Name = Brad-Laptop | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Server service, but this action
failed with the following error: %%1056

Error - 4/28/2013 9:48:40 PM | Computer Name = Brad-Laptop | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Computer Browser service,
but this action failed with the following error: %%1056

Error - 4/28/2013 9:48:40 PM | Computer Name = Brad-Laptop | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 4/28/2013 9:48:40 PM | Computer Name = Brad-Laptop | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Multimedia Class Scheduler
service, but this action failed with the following error: %%1056

Error - 4/28/2013 9:55:35 PM | Computer Name = Brad-Laptop | Source = bowser | ID = 8003
Description =
LoPhatPhuud

LoPhatPhuud to speedtennis

MVM

to speedtennis
Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Norton 360
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.75.0.1300
Java(TM) 6 Update 38
[color=red]Java version out of Date![/color]
Adobe Reader 9 [color=red]Adobe Reader out of Date![/color]
[u]````````Process Check: objlist.exe by Laurent````````[/u]
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 8%
[u]````````````````````End of Log``````````````````````[/u]
LoPhatPhuud

LoPhatPhuud to speedtennis

MVM

to speedtennis
C:\Users\Brad\AppData\LocalLow\E3E9.tmp a variant of Win64/Olmarik.AY trojan cleaned by deleting - quarantined
C:\Users\Brad\AppData\LocalLow\E3EA.tmp a variant of Win64/Olmarik.AY trojan cleaned by deleting - quarantined
LoPhatPhuud

1 recommendation

LoPhatPhuud to speedtennis

MVM

to speedtennis
Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications

speedtennis
@comcast.net

speedtennis

Anon

sarscan.log
9,019 bytes
sarscan.log
I downloaded the Sophos AntiRootkit, but when I double clicked I got this error message "The dependency service or group failed to start".

So I restarted my laptop. After Windows started up and I signed in, the audio ads started up again.

But I was able to run the Anti-root kit this time. And after about 5 minutes of scanning, the audio ads stopped; but they may start up again.

The scan finished after about 90 minutes. Attached is the log.

Thanks

lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone

lilhurricane

Numquam oblita


Sophos Anti-Rootkit Version 1.5.4 (c) 2009 Sophos Plc
Started logging on 4/29/2013 at 10:30:52 AM
User "Brad" on computer "BRAD-LAPTOP"
Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private.dll
Hidden: file C:\Users\Dallin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U7XQ7USL\05781;rv=1;×tamp=1351433921303;eid1=2;ecn1=0;etm1=8;eid3=12;ecn3=0;etm3=8;eid4=13;ecn4=1;etm4=0;eid7=990977;ecn7=0;etm7=8;eid9=991003;ecn9=1;etm9=0;[1].gif
Hidden: file C:\Users\Brad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1CO8KMA0\4=52738474;kvc5=93737767;kvc11=1288748;kvc13=160x600;kvssw=160;kvssh=600;kvst=1366392945651;misc=1366392949701;kvc6=;kvc7=;kvc8=;kvc9=;kvc10=1;kvc12=;kvc14=[1].js
Hidden: file C:\Users\Brad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7SL1ZOXS\c4=53479777;kvc5=95041756;kvc11=791399;kvc13=160x600;kvssw=160;kvssh=600;kvst=1365097174698;misc=1365097178697;kvc6=;kvc7=;kvc8=;kvc9=;kvc10=1;kvc12=;kvc14=[1].js
Hidden: file C:\Users\Brad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1CO8KMA0\c4=53479777;kvc5=95041756;kvc11=791399;kvc13=160x600;kvssw=160;kvssh=600;kvst=1366740740045;misc=1366740744043;kvc6=;kvc7=;kvc8=;kvc9=;kvc10=1;kvc12=;kvc14=[1].js
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIEW6X59\ts=20130429123303%3Bui=bT6czubersqeRO-8cX1T1MvdrIkZjbWif5u3JDQE_g1c3saBPStpSaJRRgEeg4pyWHGDyAoKJyXVOh7xphpDbw%3Bdct=;ord=1367253183[1].htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZGOVDTY\ts=20130429123230%3Bui=bT6czubersqeRO-8cX1T1MvdrIkZjbWif5u3JDQE_g2EBKNHIEXsxaq3QkBuM0X4gAXkomhpzHmiUgqS52k88A%3Bdct=;ord=1367253150[1].htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIEW6X59\ts=20130429123234%3Bui=bT6czubersqeRO-8cX1T1BqcAhSVi9aQk3AjHnjsdexuZyb1BncQlNIiTr4-OUFNd1MW-XRZdAsrK gPA4jmBVA%3Bdct=;ord=1367253154[1].htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIEW6X59\ts=20130429123303%3Bui=bT6czubersqeRO-8cX1T1MvdrIkZjbWif5u3JDQE_g1z4DoOpY_BvLC-6Jzi3KI6_BZmpCpW02lBcr8JP4O_Aw%3Bdct=;ord=1367253183[1].htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1D6T2BMD\ts=20130429123310%3Bui=bT6czubersqeRO-8cX1T1MvdrIkZjbWif5u3JDQE_g1z4DoOpY_BvLC-6Jzi3KI6M3rOOL2bSj7HkHMRYT9z0A%3Bdct=;ord=1367253190[1].htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZGOVDTY\ts=20130429123317%3Bui=bT6czubersqeRO-8cX1T1OJz3wjeETgvkYaCMARHJ_svV2Ix-EU1kdwpdQiNV-eGmODfC_ESrnOGbxAWEZCO6w%3Bdct=;ord=1367253197[1].htm
Hidden: file C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZA1JSLK\ts=20130429123354%3Bui=bT6czubersqeRO-8cX1T1MGliX9az6mruI6XA_p5KP8pRW0rndyOrUr6TZyUtc-Dhz7jytYZkeWTTaTrKPlMUw%3Bdct=;ord=1367253234[1].htm
Hidden: file C:\Users\Brad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1CO8KMA0\4917;grp=595387;grp=1843082;grp=4314930;grp=125930;sjt=5476;sjt=8901;sjt=3367;sjt=9706;sjt=8625;fos=101406;fos=101443;dcopt=ist;extra=null;s=0;ord=960223838[1].js
Hidden: file C:\Users\Dallin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G1QJ2DC0\41;ko=0;cid=50996587;rid=50966936;rv=1;×tamp=1351434103079;eid1=2;ecn1=0;etm1=17;eid2=12;ecn2=0;etm2=17;eid3=13;ecn3=1;etm3=0;eid4=18;ecn4=1;etm4=0;[1].gif
Hidden: file C:\Users\Dallin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U7XQ7USL\05781;rv=1;×tamp=1351433905605;eid1=2;ecn1=1;etm1=1;eid2=11;ecn2=1;etm2=0;eid3=12;ecn3=1;etm3=0;eid4=990976;ecn4=1;etm4=0;eid5=990977;ecn5=1;etm5=0;[1].gif
Hidden: file C:\Users\Carter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XMMCERJJ\UQdjy_wQbGA_aJxsOisXQa5fadWVru8hQDaxMxijU5wMLgnAq9KFlzLw0g2oL7cm0LpjZ1lReNMKZtsdE90lmEoeU4m3ve MeQzcJ2rf6j58MXiPj-Ruev2nX5Mm6y8_RNAk-rxG0CUjGmQ5AnpIjUw==[1].mp3
Hidden: file C:\Users\Dallin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G1QJ2DC0\ownloads;sz=300x250;tile=1;plat=pc;dc_dedup=1;kcr=us;kga=-1;kgg=-1;klg=en;kmyd=ad_creative_1;kr=F;kt=K;kw=pokemon+season+1+episode+3;ord=4880599736919951[1].htm
Hidden: file C:\Users\Dallin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9C8RPMBH\ownloads;sz=300x250;tile=1;plat=pc;dc_dedup=1;kcr=us;kga=-1;kgg=-1;klg=en;kmyd=ad_creative_1;kr=F;kt=K;kw=pokemon+episode+3+sypnosys;ord=3635836530616322[1].htm
Hidden: file C:\Users\Dallin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G1QJ2DC0\ownloads;sz=300x250;tile=1;plat=pc;dc_dedup=1;kcr=us;kga=-1;kgg=-1;klg=en;kmyd=ad_creative_1;kr=F;kt=K;kw=pokemon+season+1+episode+3;ord=3848876158025009[1].htm
Hidden: file C:\Users\Carter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CKK0DXRX\UQdjy_wQbGA_aJxsOisXQa5fadWVru8hQDaxMxijU5wMLgnAq9KFlzLw0g2oL7cm0LpjZ1lReNMKZtsdE90lmEoeU4m3ve MeQzcJ2rf6j58MXiPj-Ruev2nX5Mm6y8_RNAk-rxG0CUjGmQ5AnpIjUw==[1].mp3
Hidden: file C:\Users\Carter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BMHGMZJF\JbCwdPHmRYEBHDyY9gV4FAu4LfXdzGqzIgmhLxUNFXevFIrY0FbHzZM8ZPAVzg6bHUa5k7bujYa4f5qjPj Oco9Gi30CcKf5e04MuCe46lC2SlQWCnyuQlO_8aoZVFnODaZnOQtJYfpWWCKzM0S66YGg==[1].xml
Hidden: file C:\Users\Carter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XMMCERJJ\ZtWHpSYlFzcXhlMVpfb0pzVFBfRnJBc3FVSy1ZcXhGakFFS8ABw6hWyAGlsuzp0ifaASQ3YjZhNTBhOS00 ODQ0LTQ4ZDUtOTM1ZS1kZTEwZjYzOTZmZTPoAWQ%3Bredirecturl2%3D;ord=263480471[1].htm
Hidden: file C:\Users\Carter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XMMCERJJ\hytomedia%2526beacon%253D1%2526guid%253D1362263659511dc1b90bc0dd7%2526ref%253Dhttp%25253A%25252F%25252Fmediaservices-d.openxenterprise.com%25252Fw%25252F1[1].js
Hidden: file C:\Users\Carter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3CVLJ75\btg=bv.b89;btg=bv.b22;btg=bv.b79;btg=bv.b13;btg=bv.b56;btg=bv.c3;btg=bv.b7;btg=bv.c38;btg=bv.c15;btg=bv.c29;btg=bv.sa;btg=bv.se;btg=bv.sc;btg=bv.sf;btg=bv[1].js
Hidden: file C:\Users\Carter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3CVLJ75\GIusbxZiKG9WFkpIzK4ydx0wjB7r-zkvHQkrMPgKXk3dCQ;tpr=0;spd=1;dct=http___eec.pixel.prod2.invitemedia.com_pixel_returnType=redirect&key=Click&b=rp105.ovq.wiz[1].htm
Hidden: file C:\Users\Brad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0HR7FWXL\4=52738472;kvc5=93737767;kvc11=1288748;kvc13=160x600;kvssw=160;kvssh=600;kvst=1363099885657;misc=1363099889649;kvc6=;kvc7=;kvc8=;kvc9=;kvc10=1;kvc12=;kvc14=[1].js
Hidden: file C:\Users\Brad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0G38IODO\Svpm%26bb7%3D679%26pc7%3D679%26ld7%3D679%26t7%3D1355551287471%26sc8%3DqLoader%26bb8%3D1179%26be8%3D1180%26pc8%3D1180%26ld8%3D1180%26t8%3D1355551287972_1726[1].gif
Hidden: file C:\Users\Brad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0G38IODO\t%22%3A2334%2C%22k%22%3A%22vpi%22%7D_2334,j_%7B%22w%22%3A1349%2C%22h%22%3A628%2C%22x%22%3A0%2C%22y%22%3A188%2C%22t%22%3A2416%2C%22k%22%3A%22vpi%22%7D_2416[1].gif
Hidden: file C:\Users\Brad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0G38IODO\ty%3D2%26rc%3D0%26hob%3D13%26hoe%3D14%26ld%3D3050%26t%3D1355551304847%26ctb%3D1%26csmtags%3Diss-on-time%7Cnonredirect%7Cue_tofc%26viz%3Dvisible%3A13_3051[1].gif
Hidden: file C:\Users\Brad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7SL1ZOXS\vc4=316531541;kvc5=430694688;kvc11=;kvc13=;kvssw=300;kvssh=250;kvst=1364015604631;misc=1364015608647;kvc6=;kvc7=;kvc8=;kvc9=;kvc10=1;kvc12=p151931413;kvc14=[1].js
Hidden: file C:\Users\Carter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CKK0DXRX\0_12301_13494_14212_12594_14424_15324_15998_12289_12290_15925_12306_12311_12312_12766_12768_12303_12286_12284_12304_12299_12287_12285_12596_12913_12305_12942[1]
Hidden: file C:\Users\Carter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CKK0DXRX\0_12301_13494_14212_12594_14424_15324_15998_12289_12290_15925_12306_12311_12312_12766_12768_12303_12286_12284_12304_12299_12287_12285_12596_12913_12305_12942[2]
Info: Starting disk scan of D: (NTFS).
Info: Starting disk scan of E: (FAT).
Stopped logging on 4/29/2013 at 12:03:02 PM

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

1 recommendation

LoPhatPhuud to speedtennis

MVM

to speedtennis
Thanks, the Sophos AntiRooykit program was inconclusive.Let's try MBAR.

Please download »www.malwarebytes.org/pro ··· ts/mbar/ and save it to your desktop.

[*]Be sure to print out and follow the insttructions here:
»www.bleepingcomputer.com ··· rootkit/

[*]Caution: This is a beta version so also read the disclaimer and back upall your data before using.
[*]When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
[*]Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
[*]If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
[*]Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
[*]Copy and paste the contents of these two log files in your next reply.

speedtennis
@comcast.net

speedtennis

Anon

system-log.txt
52,478 bytes
system-log.txt
mbar-log-201···-18).txt
2,332 bytes
1st mbar log
mbar-log-201···-54).txt
1,876 bytes
2nd mbar log
I successfully ran the Malwarebytes Anti-Rootkit.

Attached are the logs. The first scan cleaned two malware files. The second scan came up clean: "No malware found!"

Also... I have noticed when I open "My Computer" in Windows Explorer, sometimes a green bar loads across the menu bar on top. Its happened a few times over the last couple of days while I've had this malware or trojan... this is not normal behavior.

Thank you LoPhat!

lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone

lilhurricane

Numquam oblita

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_38

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.094000 GHz
Memory total: 2948804608, free: 1042628608

------------ Kernel report ------------
04/29/2013 20:48:31
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\lsi_sas.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\HpSAMD.sys
\SystemRoot\system32\DRIVERS\adp94xx.sys
\SystemRoot\system32\DRIVERS\adpahci.sys
\SystemRoot\system32\DRIVERS\adpu320.sys
\SystemRoot\system32\drivers\amdsata.sys
\SystemRoot\system32\DRIVERS\amdsbs.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\DRIVERS\arc.sys
\SystemRoot\system32\DRIVERS\arcsas.sys
\SystemRoot\system32\DRIVERS\elxstor.sys
\SystemRoot\system32\DRIVERS\iirsp.sys
\SystemRoot\system32\DRIVERS\lsi_fc.sys
\SystemRoot\system32\DRIVERS\lsi_sas2.sys
\SystemRoot\system32\DRIVERS\lsi_scsi.sys
\SystemRoot\system32\DRIVERS\megasas.sys
\SystemRoot\system32\DRIVERS\MegaSR.sys
\SystemRoot\system32\DRIVERS\nfrd960.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\DRIVERS\ql2300.sys
\SystemRoot\system32\DRIVERS\ql40xx.sys
\SystemRoot\system32\DRIVERS\SiSRaid2.sys
\SystemRoot\system32\DRIVERS\sisraid4.sys
\SystemRoot\system32\DRIVERS\stexstor.sys
\SystemRoot\system32\DRIVERS\vsmraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\0604000.009\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121017.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\Wldap32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imagehlp.dll
\Windows\System32\advapi32.dll
\Windows\System32\ole32.dll
\Windows\System32\urlmon.dll
\Windows\System32\user32.dll
\Windows\System32\difxapi.dll
\Windows\System32\wininet.dll
\Windows\System32\shell32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\comdlg32.dll
\Windows\System32\iertutil.dll
\Windows\System32\gdi32.dll
\Windows\System32\imm32.dll
\Windows\System32\psapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\msctf.dll
\Windows\System32\ws2_32.dll
\Windows\System32\nsi.dll
\Windows\System32\lpk.dll
\Windows\System32\oleaut32.dll
\Windows\System32\normaliz.dll
\Windows\System32\msvcrt.dll
\Windows\System32\shlwapi.dll
\Windows\System32\sechost.dll
\Windows\System32\setupapi.dll
\Windows\System32\usp10.dll
----------- End -----------
>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8003136060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80030d9680
Lower Device Driver Name: \00000351\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.04.29.09
Downloaded database version: v2013.04.25.01
Initializing...
Done!
>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8003136060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003136b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003136060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80030d9680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \00000351\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00d4ddd10, 0xfffffa8003136060, 0xfffffa8002850790
Lower DeviceData: 0xfffff8a00c6c5f30, 0xfffffa80030d9680, 0xfffffa80052445e0
>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
>>
Device number: 0, partition: 2
>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
MBR buffers are not equal
MBR is forged! [0c09dbfb6e001608950df0db533ee0d1]
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E48393F7

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 407552
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 409600 Numsec = 459413504

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 459823104 Numsec = 28360704

Partition 3 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 488183808 Numsec = 211312

Replacement MBR for a drive 0 found
MBR infection found on drive 0
Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
>>
Device number: 0, partition: 2
>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_38

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.094000 GHz
Memory total: 2948804608, free: 1816059904

Removal queue found; removal started
Removal finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_38

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.094000 GHz
Memory total: 2948804608, free: 1902755840

------------ Kernel report ------------
04/29/2013 21:11:56
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\lsi_sas.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\HpSAMD.sys
\SystemRoot\system32\DRIVERS\adp94xx.sys
\SystemRoot\system32\DRIVERS\adpahci.sys
\SystemRoot\system32\DRIVERS\adpu320.sys
\SystemRoot\system32\drivers\amdsata.sys
\SystemRoot\system32\DRIVERS\amdsbs.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\DRIVERS\arc.sys
\SystemRoot\system32\DRIVERS\arcsas.sys
\SystemRoot\system32\DRIVERS\elxstor.sys
\SystemRoot\system32\DRIVERS\iirsp.sys
\SystemRoot\system32\DRIVERS\lsi_fc.sys
\SystemRoot\system32\DRIVERS\lsi_sas2.sys
\SystemRoot\system32\DRIVERS\lsi_scsi.sys
\SystemRoot\system32\DRIVERS\megasas.sys
\SystemRoot\system32\DRIVERS\MegaSR.sys
\SystemRoot\system32\DRIVERS\nfrd960.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\DRIVERS\ql2300.sys
\SystemRoot\system32\DRIVERS\ql40xx.sys
\SystemRoot\system32\DRIVERS\SiSRaid2.sys
\SystemRoot\system32\DRIVERS\sisraid4.sys
\SystemRoot\system32\DRIVERS\stexstor.sys
\SystemRoot\system32\DRIVERS\vsmraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\0604000.009\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121017.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\Wldap32.dll
\Windows\System32\shell32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\oleaut32.dll
\Windows\System32\psapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\wininet.dll
\Windows\System32\gdi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\advapi32.dll
\Windows\System32\ole32.dll
\Windows\System32\lpk.dll
\Windows\System32\difxapi.dll
\Windows\System32\imm32.dll
\Windows\System32\kernel32.dll
\Windows\System32\msctf.dll
\Windows\System32\setupapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\normaliz.dll
\Windows\System32\usp10.dll
\Windows\System32\comdlg32.dll
\Windows\System32\urlmon.dll
\Windows\System32\sechost.dll
\Windows\System32\user32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\nsi.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8003134060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80030d8060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Initializing...
Done!
>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8003134060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003134b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003134060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80030d8060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a002d69fe0, 0xfffffa8003134060, 0xfffffa800232c790
Lower DeviceData: 0xfffff8a00d34c7a0, 0xfffffa80030d8060, 0xfffffa8005218090
>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
>>
Device number: 0, partition: 2
>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E48393F7

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 407552
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 409600 Numsec = 459413504

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 459823104 Numsec = 28360704

Partition 3 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 488183808 Numsec = 211312

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
lilhurricane

lilhurricane

Numquam oblita

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.29.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Brad :: BRAD-LAPTOP [administrator]

4/29/2013 9:04:18 PM
mbar-log-2013-04-29 (21-04-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 32211
Time elapsed: 13 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam (Unknown Rootkit MBR Infection) -> Delete on reboot.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_488396908_user.mbam (Forged physical sector) -> Delete on reboot.

(end)
lilhurricane

lilhurricane

Numquam oblita

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.29.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Brad :: BRAD-LAPTOP [administrator]

4/29/2013 9:26:54 PM
mbar-log-2013-04-29 (21-26-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 32202
Time elapsed: 14 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

1 recommendation

LoPhatPhuud to speedtennis

MVM

to speedtennis
When loading secure websites (») the address bar in Internet Explorer turns green. I am assuming this is what you are seeing.

Now, back to the logs...

MBAR was negative I want to review a new OTL log. Please run OTL again, and post the new log in this thread. Note that there will not be a new Extras log.

speedtennis
@comcast.net

speedtennis

Anon

Regarding the green loading bar, I am not referring to Internet Explorer. It happens when I click Start > Computer. The bar on top of the window (that says "Computer") loads green from left to right at random times. Never seen this before.

Now I will run the OTC log.

You stated MBAR was negative, but I just want to make sure you saw both mbar logs, one of them removed 2 Malware files, and the other was clean.

Thanks again! I will post the new OTL log soon.
speedtennis

speedtennis

Anon

OTL2.Txt
84,352 bytes
Here is the OTL log.

lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone

lilhurricane to speedtennis

Numquam oblita

to speedtennis
OTL logfile created on: 4/30/2013 1:25:02 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brad\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 74.10% Memory free
5.49 Gb Paging File | 4.43 Gb Available in Paging File | 80.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.07 Gb Total Space | 125.36 Gb Free Space | 57.22% Space Free | Partition Type: NTFS
Drive D: | 13.52 Gb Total Space | 2.24 Gb Free Space | 16.60% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 95.72 Mb Free Space | 96.51% Space Free | Partition Type: FAT32

Computer Name: BRAD-LAPTOP | User Name: Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/04/28 19:29:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/06/15 20:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:64bit: - [2009/08/04 22:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/21 19:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 20:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 15:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2013/04/10 00:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/25 08:35:28 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013/03/12 16:14:16 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/06/15 20:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/21 19:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/02 15:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/05 20:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 20:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/06 22:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/06/02 22:42:42 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/05/21 19:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/03/29 00:28:38 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/03/29 00:28:25 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2012/03/29 00:06:25 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/25 21:17:48 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/05/26 10:39:08 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\3CF1.tmp -- (MEMSWEEP2)
DRV:64bit: - [2010/03/02 16:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/04 23:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/21 19:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/23 00:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/04 23:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 19:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/03/09 08:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012/10/18 07:04:53 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121017.019\ex64.sys -- (NAVEX15)
DRV - [2012/10/18 07:04:53 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121017.019\eng64.sys -- (NAVENG)
DRV - [2012/09/23 10:09:01 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121017.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/31 16:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120928.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{A2585EB8-99B8-40E8-9551-4540340726B3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{C8D9133C-1599-484B-9CAF-E34C5A85BCA2}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{A2585EB8-99B8-40E8-9551-4540340726B3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{C8D9133C-1599-484B-9CAF-E34C5A85BCA2}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ksl.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 8A AD 14 7B 90 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/CQNOT/1
IE - HKCU\..\SearchScopes,DefaultScope = {A2585EB8-99B8-40E8-9551-4540340726B3}
IE - HKCU\..\SearchScopes\{A2585EB8-99B8-40E8-9551-4540340726B3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{C8D9133C-1599-484B-9CAF-E34C5A85BCA2}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKCU\..\SearchScopes\{FB48B168-84BB-CCE3-D32D-94102F37C5B0}: "URL" = http://apl.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z079&partner_id=314&product_id=677&affiliate_id=&channel=6-08172011&toolbar_id=30&toolbar_version=5.0.0.0&install_country=US&install_date=20110818&user_guid=56354D9048EE468E88467FA249D4DF3C&machine_id=ef133a8d04e022c865027277449439a7&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Brad\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/30 22:08:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012/12/13 20:22:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2012/12/13 20:22:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.34\coFFFw\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/28 21:06:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/04/08 12:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Extensions
[2013/04/28 21:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/10 00:58:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/04/10 00:57:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/04/10 00:57:54 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/04/26 22:54:21 | 000,000,845 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ECADC12-EEED-47DD-8D26-116B098DC062}: DhcpNameServer = 40.5.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB8AE3E4-7CEA-4FA2-BBD3-A6D11F7F86E3}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/04/29 20:46:44 | 000,000,000 | ---D | C] -- C:\Users\Brad\Desktop\mbar
[2013/04/29 10:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2013/04/29 10:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2013/04/29 09:57:49 | 086,581,736 | ---- | C] (Sophos Limited) -- C:\Users\Brad\Desktop\Sophos Virus Removal Tool.exe
[2013/04/28 21:10:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/04/28 21:06:44 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\Mozilla
[2013/04/28 21:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/04/28 21:06:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/04/28 21:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/28 19:29:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2013/04/28 16:44:03 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Brad\Desktop\TFC.exe
[2013/04/27 03:21:43 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\Malwarebytes
[2013/04/27 03:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/27 03:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/27 03:21:05 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/27 03:21:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/27 03:19:08 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Brad\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/27 02:50:00 | 020,327,024 | ---- | C] (Microsoft Corporation) -- C:\Users\Brad\Desktop\Windows-KB890830-x64-V4.19.exe
[2013/04/27 02:47:10 | 019,622,496 | ---- | C] (Microsoft Corporation) -- C:\Users\Brad\Desktop\Windows-KB890830-V4.19.exe
[2013/04/27 01:54:51 | 070,490,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2013/04/11 03:02:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/11 03:02:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/11 03:01:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/11 03:01:58 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/11 03:01:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/11 03:01:58 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/11 03:01:58 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/11 03:01:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/11 03:01:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/11 03:01:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/11 03:01:57 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/11 03:01:57 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/11 03:01:55 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/11 03:01:55 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/11 03:01:55 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/10 16:17:48 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/04/10 16:17:48 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/04/10 16:17:48 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/04/10 16:17:48 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/04/10 16:17:48 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/04/10 16:17:47 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/04/10 16:17:39 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 16:17:38 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 16:17:38 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 16:17:37 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 16:17:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 16:17:37 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/04/30 13:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/30 13:13:56 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/30 13:13:56 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/30 13:10:52 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/30 13:10:52 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/30 13:10:52 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/30 13:06:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/30 13:06:24 | 2211,602,432 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/29 20:39:00 | 000,001,202 | ---- | M] () -- C:\Users\Brad\Desktop\mbar-1.05.0.1001.zip - Shortcut.lnk
[2013/04/29 10:13:53 | 001,376,832 | ---- | M] () -- C:\Users\Brad\Desktop\sar_15_sfx.exe
[2013/04/29 09:58:37 | 086,581,736 | ---- | M] (Sophos Limited) -- C:\Users\Brad\Desktop\Sophos Virus Removal Tool.exe
[2013/04/28 21:06:29 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/28 20:33:14 | 000,890,825 | ---- | M] () -- C:\Users\Brad\Desktop\SecurityCheck.exe
[2013/04/28 19:29:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2013/04/28 18:32:56 | 000,628,743 | ---- | M] () -- C:\Users\Brad\Desktop\adwcleaner.exe
[2013/04/28 16:44:03 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\TFC.exe
[2013/04/27 03:33:19 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBrad.job
[2013/04/27 03:21:12 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/27 03:19:08 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Brad\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/27 02:50:25 | 020,327,024 | ---- | M] (Microsoft Corporation) -- C:\Users\Brad\Desktop\Windows-KB890830-x64-V4.19.exe
[2013/04/27 02:47:23 | 019,622,496 | ---- | M] (Microsoft Corporation) -- C:\Users\Brad\Desktop\Windows-KB890830-V4.19.exe
[2013/04/26 22:54:21 | 000,000,845 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/04/11 07:42:58 | 000,353,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/01 19:48:44 | 070,490,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/04/29 20:39:00 | 000,001,202 | ---- | C] () -- C:\Users\Brad\Desktop\mbar-1.05.0.1001.zip - Shortcut.lnk
[2013/04/29 10:13:53 | 001,376,832 | ---- | C] () -- C:\Users\Brad\Desktop\sar_15_sfx.exe
[2013/04/28 21:06:29 | 000,001,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/04/28 21:06:29 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/28 20:33:13 | 000,890,825 | ---- | C] () -- C:\Users\Brad\Desktop\SecurityCheck.exe
[2013/04/28 18:32:22 | 000,628,743 | ---- | C] () -- C:\Users\Brad\Desktop\adwcleaner.exe
[2013/04/27 03:21:12 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/11 09:45:28 | 000,000,140 | ---- | C] () -- C:\ProgramData\oxy_reg.dse
[2012/06/27 11:06:27 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2012/03/23 14:35:56 | 000,377,826 | ---- | C] () -- C:\Users\Brad\.DLMSave_back.xml
[2012/03/23 14:35:56 | 000,377,826 | ---- | C] () -- C:\Users\Brad\.DLMSave.xml
[2012/03/23 14:34:27 | 000,001,238 | ---- | C] () -- C:\Users\Brad\.Setting.ini
[2012/01/29 13:53:12 | 000,000,455 | ---- | C] () -- C:\Windows\Disney.ini
[2011/03/12 16:09:10 | 000,001,854 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\GhostObjGAFix.xml
[2011/02/02 00:28:02 | 000,001,950 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\wklnhst.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2013/04/27 00:28:18 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\.minecraft
[2011/06/17 16:02:59 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\2monkeys
[2011/06/11 18:52:59 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Archibald's Adventures
[2011/06/08 20:14:26 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\dingogames
[2012/04/10 16:16:44 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\DriverCure
[2013/03/26 09:42:54 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Dropbox
[2012/12/13 18:27:26 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\ID Vault
[2011/10/30 21:09:57 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Namco
[2013/01/05 19:25:34 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Origin
[2011/06/08 12:15:03 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\PlayFirst
[2012/04/10 16:16:43 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\SpeedyPC Software
[2012/12/27 15:00:01 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\SPORE
[2013/03/26 09:43:07 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Spotify
[2011/02/02 00:28:10 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Template
[2012/05/12 11:18:01 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\WildTangent

[color=#E56717]========== Purity Check ==========[/color]

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

LoPhatPhuud to speedtennis

MVM

to speedtennis
Sorry for the confusion on the MBAR logs.I saw both and was referring to the last one that was clean.

One of the items that MBAR removed mention a forged physical sector. I want to be sure that is not affecting us.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop
Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.



  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
  • If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.



  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  • Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If 'Suspicious' objects are detected, Skip will be the default selection.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.


speedtennis
@comcast.net

speedtennis

Anon

I downloaded TDSSKiller.exe from your second link, because the first link opened a Kaspersky website where I could find nothing labeled TDSS.

I ran the scan and it found the following:

Hidden file
Service: Akamai
Suspicious Object, medium risk

However there is no "cure" option to select; only three options: 1.skip 2.save to quarantine 3.delete

Which should I choose?

Thanks

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

LoPhatPhuud to speedtennis

MVM

to speedtennis
Go ahead and selete the 'Delete' opption.

Be sure to post the log in this thread.

lpp

PS: For reference, here is the correct link to the TDSSKiller page. Links are in item 1 on that page.

»support.kaspersky.com/53 ··· el=88446

speedtennis
@comcast.net

speedtennis

Anon

TDSSKiller.2···_log.txt
270,222 bytes
TDSSKiller log (two scans)
Here is the TDSS log.

FYI, I had to run the scan again, because I accidentally selected "Skip" after the first scan.

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

LoPhatPhuud to speedtennis

MVM

to speedtennis
20:23:01.0033 3900 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:23:01.0641 3900 ============================================================
20:23:01.0641 3900 Current date / time: 2013/04/30 20:23:01.0641
20:23:01.0641 3900 SystemInfo:
20:23:01.0641 3900
20:23:01.0641 3900 OS Version: 6.1.7601 ServicePack: 1.0
20:23:01.0641 3900 Product type: Workstation
20:23:01.0641 3900 ComputerName: BRAD-LAPTOP
20:23:01.0641 3900 UserName: Brad
20:23:01.0641 3900 Windows directory: C:\Windows
20:23:01.0641 3900 System windows directory: C:\Windows
20:23:01.0641 3900 Running under WOW64
20:23:01.0641 3900 Processor architecture: Intel x64
20:23:01.0641 3900 Number of processors: 2
20:23:01.0641 3900 Page size: 0x1000
20:23:01.0641 3900 Boot type: Normal boot
20:23:01.0641 3900 ============================================================
20:23:02.0749 3900 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:23:02.0749 3900 ============================================================
20:23:02.0749 3900 \Device\Harddisk0\DR0:
20:23:02.0749 3900 MBR partitions:
20:23:02.0749 3900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:23:02.0749 3900 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B621800
20:23:02.0749 3900 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1B685800, BlocksNum 0x1B0C000
20:23:02.0749 3900 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
20:23:02.0749 3900 ============================================================
20:23:02.0764 3900 C: \Device\Harddisk0\DR0\Partition2
20:23:02.0811 3900 D: \Device\Harddisk0\DR0\Partition3
20:23:02.0827 3900 E: \Device\Harddisk0\DR0\Partition4
20:23:02.0827 3900 ============================================================
20:23:02.0827 3900 Initialize success
20:23:02.0827 3900 ============================================================
20:23:48.0475 0364 ============================================================
20:23:48.0475 0364 Scan started
20:23:48.0475 0364 Mode: Manual;
20:23:48.0475 0364 ============================================================
20:23:49.0738 0364 ================ Scan system memory ========================
20:23:49.0738 0364 System memory - ok
20:23:49.0738 0364 ================ Scan services =============================
20:23:49.0941 0364 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:23:49.0941 0364 1394ohci - ok
20:23:50.0003 0364 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:23:50.0003 0364 ACPI - ok
20:23:50.0035 0364 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:23:50.0035 0364 AcpiPmi - ok
20:23:50.0253 0364 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:23:50.0269 0364 AdobeFlashPlayerUpdateSvc - ok
20:23:50.0315 0364 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:23:50.0331 0364 adp94xx - ok
20:23:50.0378 0364 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:23:50.0378 0364 adpahci - ok
20:23:50.0393 0364 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:23:50.0409 0364 adpu320 - ok
20:23:50.0440 0364 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:23:50.0440 0364 AeLookupSvc - ok
20:23:50.0534 0364 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
20:23:50.0534 0364 AESTFilters - ok
20:23:50.0596 0364 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:23:50.0612 0364 AFD - ok
20:23:50.0674 0364 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
20:23:50.0674 0364 AgereModemAudio - ok
20:23:50.0737 0364 [ AF4748EF93416159459769A24A0053AF ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
20:23:50.0752 0364 AgereSoftModem - ok
20:23:50.0815 0364 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:23:50.0815 0364 agp440 - ok
20:23:51.0017 0364 [ C7074BD8D4B8F564859ED373433030AE ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll
20:23:51.0017 0364 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
20:23:51.0017 0364 Akamai ( HiddenFile.Multi.Generic ) - warning
20:23:51.0017 0364 Akamai - detected HiddenFile.Multi.Generic (1)
20:23:51.0095 0364 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:23:51.0095 0364 ALG - ok
20:23:51.0127 0364 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:23:51.0127 0364 aliide - ok
20:23:51.0205 0364 [ BCC32BF5EBB5DFD4380FA053D3651949 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:23:51.0220 0364 AMD External Events Utility - ok
20:23:51.0220 0364 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:23:51.0220 0364 amdide - ok
20:23:51.0283 0364 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:23:51.0283 0364 AmdK8 - ok
20:23:51.0314 0364 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:23:51.0314 0364 AmdPPM - ok
20:23:51.0329 0364 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:23:51.0329 0364 amdsata - ok
20:23:51.0361 0364 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:23:51.0376 0364 amdsbs - ok
20:23:51.0392 0364 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:23:51.0392 0364 amdxata - ok
20:23:51.0454 0364 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:23:51.0470 0364 AppID - ok
20:23:51.0501 0364 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:23:51.0501 0364 AppIDSvc - ok
20:23:51.0548 0364 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:23:51.0548 0364 Appinfo - ok
20:23:51.0657 0364 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:23:51.0657 0364 Apple Mobile Device - ok
20:23:51.0704 0364 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:23:51.0704 0364 arc - ok
20:23:51.0735 0364 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:23:51.0735 0364 arcsas - ok
20:23:51.0782 0364 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:23:51.0782 0364 AsyncMac - ok
20:23:51.0829 0364 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:23:51.0829 0364 atapi - ok
20:23:51.0922 0364 [ F8633CDD09647A64EE8DB550630427FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:23:51.0953 0364 athr - ok
20:23:52.0109 0364 [ A29087680A1C3B049E3C05438E8FF2B8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:23:52.0172 0364 atikmdag - ok
20:23:52.0219 0364 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
20:23:52.0219 0364 AtiPcie - ok
20:23:52.0281 0364 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:23:52.0297 0364 AudioEndpointBuilder - ok
20:23:52.0312 0364 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:23:52.0312 0364 AudioSrv - ok
20:23:52.0359 0364 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:23:52.0375 0364 AxInstSV - ok
20:23:52.0421 0364 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:23:52.0437 0364 b06bdrv - ok
20:23:52.0484 0364 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:23:52.0484 0364 b57nd60a - ok
20:23:52.0546 0364 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:23:52.0546 0364 BDESVC - ok
20:23:52.0562 0364 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:23:52.0562 0364 Beep - ok
20:23:52.0624 0364 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:23:52.0640 0364 BFE - ok
20:23:52.0827 0364 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120928.001\BHDrvx64.sys
20:23:52.0843 0364 BHDrvx64 - ok
20:23:52.0889 0364 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:23:52.0905 0364 BITS - ok
20:23:52.0952 0364 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:23:52.0952 0364 blbdrive - ok
20:23:53.0061 0364 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:23:53.0061 0364 Bonjour Service - ok
20:23:53.0123 0364 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:23:53.0123 0364 bowser - ok
20:23:53.0170 0364 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:23:53.0170 0364 BrFiltLo - ok
20:23:53.0217 0364 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:23:53.0217 0364 BrFiltUp - ok
20:23:53.0264 0364 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:23:53.0264 0364 Browser - ok
20:23:53.0295 0364 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:23:53.0311 0364 Brserid - ok
20:23:53.0342 0364 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:23:53.0342 0364 BrSerWdm - ok
20:23:53.0373 0364 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:23:53.0373 0364 BrUsbMdm - ok
20:23:53.0404 0364 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:23:53.0404 0364 BrUsbSer - ok
20:23:53.0435 0364 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:23:53.0451 0364 BTHMODEM - ok
20:23:53.0482 0364 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:23:53.0482 0364 bthserv - ok
20:23:53.0576 0364 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys
20:23:53.0576 0364 ccSet_N360 - ok
20:23:53.0591 0364 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:23:53.0591 0364 cdfs - ok
20:23:53.0638 0364 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:23:53.0638 0364 cdrom - ok
20:23:53.0701 0364 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:23:53.0701 0364 CertPropSvc - ok
20:23:53.0732 0364 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:23:53.0747 0364 circlass - ok
20:23:53.0763 0364 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:23:53.0779 0364 CLFS - ok
20:23:53.0841 0364 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:23:53.0841 0364 clr_optimization_v2.0.50727_32 - ok
20:23:53.0903 0364 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:23:53.0903 0364 clr_optimization_v2.0.50727_64 - ok
20:23:53.0997 0364 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:23:54.0013 0364 clr_optimization_v4.0.30319_32 - ok
20:23:54.0059 0364 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:23:54.0059 0364 clr_optimization_v4.0.30319_64 - ok
20:23:54.0091 0364 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:23:54.0091 0364 CmBatt - ok
20:23:54.0137 0364 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:23:54.0137 0364 cmdide - ok
20:23:54.0184 0364 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:23:54.0200 0364 CNG - ok
20:23:54.0262 0364 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
20:23:54.0262 0364 Com4QLBEx - ok
20:23:54.0293 0364 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:23:54.0309 0364 Compbatt - ok
20:23:54.0356 0364 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:23:54.0356 0364 CompositeBus - ok
20:23:54.0387 0364 COMSysApp - ok
20:23:54.0418 0364 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:23:54.0418 0364 crcdisk - ok
20:23:54.0449 0364 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:23:54.0449 0364 CryptSvc - ok
20:23:54.0512 0364 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:23:54.0527 0364 DcomLaunch - ok
20:23:54.0559 0364 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:23:54.0559 0364 defragsvc - ok
20:23:54.0605 0364 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:23:54.0621 0364 DfsC - ok
20:23:54.0652 0364 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:23:54.0652 0364 Dhcp - ok
20:23:54.0668 0364 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:23:54.0668 0364 discache - ok
20:23:54.0715 0364 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:23:54.0715 0364 Disk - ok
20:23:54.0761 0364 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:23:54.0777 0364 Dnscache - ok
20:23:54.0824 0364 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:23:54.0824 0364 dot3svc - ok
20:23:54.0871 0364 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:23:54.0871 0364 DPS - ok
20:23:54.0917 0364 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:23:54.0917 0364 drmkaud - ok
20:23:54.0980 0364 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:23:54.0995 0364 DXGKrnl - ok
20:23:55.0058 0364 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:23:55.0058 0364 EapHost - ok
20:23:55.0151 0364 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:23:55.0198 0364 ebdrv - ok
20:23:55.0261 0364 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:23:55.0276 0364 eeCtrl - ok
20:23:55.0307 0364 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:23:55.0323 0364 EFS - ok
20:23:55.0417 0364 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:23:55.0432 0364 ehRecvr - ok
20:23:55.0463 0364 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:23:55.0463 0364 ehSched - ok
20:23:55.0526 0364 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:23:55.0541 0364 elxstor - ok
20:23:55.0604 0364 EraserUtilRebootDrv - ok
20:23:55.0635 0364 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:23:55.0635 0364 ErrDev - ok
20:23:55.0713 0364 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:23:55.0713 0364 EventSystem - ok
20:23:55.0744 0364 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:23:55.0744 0364 exfat - ok
20:23:55.0775 0364 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:23:55.0775 0364 fastfat - ok
20:23:55.0853 0364 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:23:55.0869 0364 Fax - ok
20:23:55.0900 0364 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:23:55.0900 0364 fdc - ok
20:23:55.0947 0364 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:23:55.0947 0364 fdPHost - ok
20:23:55.0963 0364 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:23:55.0963 0364 FDResPub - ok
20:23:55.0978 0364 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:23:55.0978 0364 FileInfo - ok
20:23:55.0994 0364 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:23:55.0994 0364 Filetrace - ok
20:23:56.0009 0364 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:23:56.0009 0364 flpydisk - ok
20:23:56.0041 0364 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:23:56.0056 0364 FltMgr - ok
20:23:56.0103 0364 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
20:23:56.0119 0364 FontCache - ok
20:23:56.0181 0364 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:23:56.0181 0364 FontCache3.0.0.0 - ok
20:23:56.0197 0364 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:23:56.0212 0364 FsDepends - ok
20:23:56.0228 0364 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:23:56.0243 0364 Fs_Rec - ok
20:23:56.0290 0364 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:23:56.0290 0364 fvevol - ok
20:23:56.0337 0364 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:23:56.0337 0364 gagp30kx - ok
20:23:56.0446 0364 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
20:23:56.0446 0364 GamesAppService - ok
20:23:56.0493 0364 [ AF4DEE5531395DEE72B35B36C9671FD0 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:23:56.0493 0364 GEARAspiWDM - ok
20:23:56.0555 0364 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:23:56.0571 0364 gpsvc - ok
20:23:56.0602 0364 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:23:56.0602 0364 hcw85cir - ok
20:23:56.0649 0364 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:23:56.0665 0364 HdAudAddService - ok
20:23:56.0680 0364 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:23:56.0680 0364 HDAudBus - ok
20:23:56.0711 0364 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:23:56.0711 0364 HidBatt - ok
20:23:56.0743 0364 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:23:56.0743 0364 HidBth - ok
20:23:56.0758 0364 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:23:56.0758 0364 HidIr - ok
20:23:56.0789 0364 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:23:56.0789 0364 hidserv - ok
20:23:56.0836 0364 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:23:56.0836 0364 HidUsb - ok
20:23:56.0883 0364 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:23:56.0883 0364 hkmsvc - ok
20:23:56.0930 0364 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:23:56.0930 0364 HomeGroupListener - ok
20:23:56.0977 0364 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:23:56.0992 0364 HomeGroupProvider - ok
20:23:57.0086 0364 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
20:23:57.0086 0364 HP Support Assistant Service - ok
20:23:57.0133 0364 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
20:23:57.0133 0364 HpqKbFiltr - ok
20:23:57.0242 0364 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
20:23:57.0257 0364 hpqwmiex - ok
20:23:57.0320 0364 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:23:57.0320 0364 HpSAMD - ok
20:23:57.0398 0364 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:23:57.0413 0364 HTTP - ok
20:23:57.0445 0364 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:23:57.0445 0364 hwpolicy - ok
20:23:57.0507 0364 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:23:57.0523 0364 i8042prt - ok
20:23:57.0569 0364 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:23:57.0585 0364 iaStorV - ok
20:23:57.0663 0364 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:23:57.0663 0364 IDriverT - ok
20:23:57.0772 0364 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:23:57.0772 0364 idsvc - ok
20:23:57.0866 0364 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121017.001\IDSvia64.sys
20:23:57.0881 0364 IDSVia64 - ok
20:23:58.0053 0364 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:23:58.0147 0364 igfx - ok
20:23:58.0178 0364 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:23:58.0178 0364 iirsp - ok
20:23:58.0240 0364 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:23:58.0256 0364 IKEEXT - ok
20:23:58.0287 0364 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:23:58.0287 0364 intelide - ok
20:23:58.0318 0364 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:23:58.0318 0364 intelppm - ok
20:23:58.0349 0364 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:23:58.0349 0364 IPBusEnum - ok
20:23:58.0381 0364 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:23:58.0381 0364 IpFilterDriver - ok
20:23:58.0412 0364 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:23:58.0427 0364 iphlpsvc - ok
20:23:58.0474 0364 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:23:58.0474 0364 IPMIDRV - ok
20:23:58.0505 0364 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:23:58.0505 0364 IPNAT - ok
20:23:58.0583 0364 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:23:58.0599 0364 iPod Service - ok
20:23:58.0630 0364 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:23:58.0630 0364 IRENUM - ok
20:23:58.0677 0364 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:23:58.0677 0364 isapnp - ok
20:23:58.0708 0364 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:23:58.0708 0364 iScsiPrt - ok
20:23:58.0739 0364 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:23:58.0739 0364 kbdclass - ok
20:23:58.0771 0364 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:23:58.0771 0364 kbdhid - ok
20:23:58.0802 0364 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:23:58.0802 0364 KeyIso - ok
20:23:58.0833 0364 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:23:58.0833 0364 KSecDD - ok
20:23:58.0880 0364 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:23:58.0880 0364 KSecPkg - ok
20:23:58.0911 0364 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:23:58.0911 0364 ksthunk - ok
20:23:58.0942 0364 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:23:58.0942 0364 KtmRm - ok
20:23:58.0989 0364 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:23:58.0989 0364 LanmanServer - ok
20:23:59.0036 0364 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:23:59.0036 0364 LanmanWorkstation - ok
20:23:59.0098 0364 [ 07B1888209C54B675FFCCBDE9F06D2C6 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:23:59.0098 0364 LightScribeService - ok
20:23:59.0114 0364 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:23:59.0114 0364 lltdio - ok
20:23:59.0145 0364 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:23:59.0145 0364 lltdsvc - ok
20:23:59.0161 0364 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:23:59.0161 0364 lmhosts - ok
20:23:59.0223 0364 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:23:59.0223 0364 LSI_FC - ok
20:23:59.0254 0364 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:23:59.0254 0364 LSI_SAS - ok
20:23:59.0270 0364 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:23:59.0270 0364 LSI_SAS2 - ok
20:23:59.0285 0364 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:23:59.0285 0364 LSI_SCSI - ok
20:23:59.0332 0364 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:23:59.0332 0364 luafv - ok
LoPhatPhuud

LoPhatPhuud to speedtennis

MVM

to speedtennis
20:23:59.0395 0364 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:23:59.0395 0364 MBAMProtector - ok
20:23:59.0457 0364 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:23:59.0457 0364 MBAMScheduler - ok
20:23:59.0488 0364 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:23:59.0488 0364 MBAMService - ok
20:23:59.0519 0364 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:23:59.0535 0364 Mcx2Svc - ok
20:23:59.0551 0364 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:23:59.0551 0364 megasas - ok
20:23:59.0582 0364 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:23:59.0597 0364 MegaSR - ok
20:23:59.0660 0364 [ D70476AD02D6FD75282B196D3B58831D ] MEMSWEEP2 C:\Windows\system32\3CF1.tmp
20:23:59.0660 0364 MEMSWEEP2 - ok
20:23:59.0691 0364 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:23:59.0691 0364 MMCSS - ok
20:23:59.0722 0364 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:23:59.0722 0364 Modem - ok
20:23:59.0769 0364 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:23:59.0769 0364 monitor - ok
20:23:59.0800 0364 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:23:59.0800 0364 mouclass - ok
20:23:59.0863 0364 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:23:59.0878 0364 mouhid - ok
20:23:59.0925 0364 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:23:59.0925 0364 mountmgr - ok
20:24:00.0003 0364 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:24:00.0003 0364 MozillaMaintenance - ok
20:24:00.0050 0364 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:24:00.0050 0364 mpio - ok
20:24:00.0081 0364 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:24:00.0097 0364 mpsdrv - ok
20:24:00.0159 0364 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:24:00.0175 0364 MpsSvc - ok
20:24:00.0206 0364 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:24:00.0206 0364 MRxDAV - ok
20:24:00.0253 0364 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:24:00.0253 0364 mrxsmb - ok
20:24:00.0299 0364 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:24:00.0299 0364 mrxsmb10 - ok
20:24:00.0331 0364 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:24:00.0331 0364 mrxsmb20 - ok
20:24:00.0377 0364 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:24:00.0377 0364 msahci - ok
20:24:00.0393 0364 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:24:00.0393 0364 msdsm - ok
20:24:00.0409 0364 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:24:00.0409 0364 MSDTC - ok
20:24:00.0455 0364 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:24:00.0455 0364 Msfs - ok
20:24:00.0471 0364 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:24:00.0471 0364 mshidkmdf - ok
20:24:00.0471 0364 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:24:00.0471 0364 msisadrv - ok
20:24:00.0533 0364 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:24:00.0533 0364 MSiSCSI - ok
20:24:00.0549 0364 msiserver - ok
20:24:00.0580 0364 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:24:00.0580 0364 MSKSSRV - ok
20:24:00.0580 0364 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:24:00.0580 0364 MSPCLOCK - ok
20:24:00.0596 0364 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:24:00.0596 0364 MSPQM - ok
20:24:00.0643 0364 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:24:00.0658 0364 MsRPC - ok
20:24:00.0705 0364 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:24:00.0705 0364 mssmbios - ok
20:24:00.0721 0364 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:24:00.0721 0364 MSTEE - ok
20:24:00.0752 0364 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:24:00.0752 0364 MTConfig - ok
20:24:00.0799 0364 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:24:00.0814 0364 Mup - ok
20:24:00.0923 0364 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
20:24:00.0923 0364 N360 - ok
20:24:00.0986 0364 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:24:00.0986 0364 napagent - ok
20:24:01.0048 0364 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:24:01.0064 0364 NativeWifiP - ok
20:24:01.0142 0364 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121017.019\ENG64.SYS
20:24:01.0142 0364 NAVENG - ok
20:24:01.0251 0364 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121017.019\EX64.SYS
20:24:01.0251 0364 NAVEX15 - ok
20:24:01.0313 0364 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:24:01.0329 0364 NDIS - ok
20:24:01.0376 0364 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:24:01.0376 0364 NdisCap - ok
20:24:01.0407 0364 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:24:01.0407 0364 NdisTapi - ok
20:24:01.0469 0364 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:24:01.0469 0364 Ndisuio - ok
20:24:01.0516 0364 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:24:01.0532 0364 NdisWan - ok
20:24:01.0579 0364 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:24:01.0579 0364 NDProxy - ok
20:24:01.0594 0364 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:24:01.0594 0364 NetBIOS - ok
20:24:01.0641 0364 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:24:01.0641 0364 NetBT - ok
20:24:01.0657 0364 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:24:01.0657 0364 Netlogon - ok
20:24:01.0719 0364 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:24:01.0719 0364 Netman - ok
20:24:01.0750 0364 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:24:01.0750 0364 netprofm - ok
20:24:01.0781 0364 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:24:01.0781 0364 NetTcpPortSharing - ok
20:24:01.0922 0364 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
20:24:01.0969 0364 netw5v64 - ok
20:24:02.0000 0364 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:24:02.0000 0364 nfrd960 - ok
20:24:02.0031 0364 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:24:02.0047 0364 NlaSvc - ok
20:24:02.0078 0364 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:24:02.0078 0364 Npfs - ok
20:24:02.0078 0364 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:24:02.0078 0364 nsi - ok
20:24:02.0093 0364 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:24:02.0109 0364 nsiproxy - ok
20:24:02.0187 0364 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:24:02.0203 0364 Ntfs - ok
20:24:02.0234 0364 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:24:02.0234 0364 Null - ok
20:24:02.0249 0364 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:24:02.0249 0364 nvraid - ok
20:24:02.0296 0364 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:24:02.0296 0364 nvstor - ok
20:24:02.0312 0364 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:24:02.0312 0364 nv_agp - ok
20:24:02.0405 0364 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:24:02.0421 0364 odserv - ok
20:24:02.0468 0364 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:24:02.0468 0364 ohci1394 - ok
20:24:02.0499 0364 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:24:02.0499 0364 ose - ok
20:24:02.0530 0364 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:24:02.0530 0364 p2pimsvc - ok
20:24:02.0546 0364 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:24:02.0561 0364 p2psvc - ok
20:24:02.0577 0364 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:24:02.0577 0364 Parport - ok
20:24:02.0608 0364 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:24:02.0608 0364 partmgr - ok
20:24:02.0624 0364 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:24:02.0624 0364 PcaSvc - ok
20:24:02.0671 0364 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:24:02.0671 0364 pci - ok
20:24:02.0686 0364 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:24:02.0686 0364 pciide - ok
20:24:02.0717 0364 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:24:02.0717 0364 pcmcia - ok
20:24:02.0749 0364 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:24:02.0749 0364 pcw - ok
20:24:02.0780 0364 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:24:02.0780 0364 PEAUTH - ok
20:24:02.0873 0364 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:24:02.0873 0364 PerfHost - ok
20:24:02.0951 0364 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:24:02.0967 0364 pla - ok
20:24:03.0014 0364 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:24:03.0029 0364 PlugPlay - ok
20:24:03.0045 0364 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:24:03.0061 0364 PNRPAutoReg - ok
20:24:03.0076 0364 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:24:03.0076 0364 PNRPsvc - ok
20:24:03.0107 0364 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:24:03.0123 0364 PolicyAgent - ok
20:24:03.0154 0364 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:24:03.0170 0364 Power - ok
20:24:03.0217 0364 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:24:03.0217 0364 PptpMiniport - ok
20:24:03.0248 0364 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:24:03.0248 0364 Processor - ok
20:24:03.0310 0364 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:24:03.0310 0364 ProfSvc - ok
20:24:03.0326 0364 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:24:03.0341 0364 ProtectedStorage - ok
20:24:03.0388 0364 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:24:03.0388 0364 Psched - ok
20:24:03.0466 0364 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:24:03.0497 0364 ql2300 - ok
20:24:03.0497 0364 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:24:03.0497 0364 ql40xx - ok
20:24:03.0529 0364 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:24:03.0529 0364 QWAVE - ok
20:24:03.0544 0364 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:24:03.0544 0364 QWAVEdrv - ok
20:24:03.0560 0364 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:24:03.0560 0364 RasAcd - ok
20:24:03.0607 0364 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:24:03.0607 0364 RasAgileVpn - ok
20:24:03.0622 0364 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:24:03.0622 0364 RasAuto - ok
20:24:03.0669 0364 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:24:03.0669 0364 Rasl2tp - ok
20:24:03.0685 0364 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:24:03.0685 0364 RasMan - ok
20:24:03.0700 0364 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:24:03.0700 0364 RasPppoe - ok
20:24:03.0716 0364 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:24:03.0731 0364 RasSstp - ok
20:24:03.0778 0364 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:24:03.0778 0364 rdbss - ok
20:24:03.0809 0364 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:24:03.0809 0364 rdpbus - ok
20:24:03.0841 0364 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:24:03.0841 0364 RDPCDD - ok
20:24:03.0872 0364 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:24:03.0872 0364 RDPENCDD - ok
20:24:03.0887 0364 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:24:03.0887 0364 RDPREFMP - ok
20:24:03.0934 0364 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:24:03.0934 0364 RDPWD - ok
20:24:03.0981 0364 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:24:03.0997 0364 rdyboost - ok
20:24:04.0028 0364 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:24:04.0028 0364 RemoteAccess - ok
20:24:04.0075 0364 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:24:04.0075 0364 RemoteRegistry - ok
20:24:04.0153 0364 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
20:24:04.0153 0364 RichVideo - ok
20:24:04.0199 0364 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
20:24:04.0199 0364 RimUsb - ok
20:24:04.0231 0364 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:24:04.0231 0364 RpcEptMapper - ok
20:24:04.0246 0364 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:24:04.0246 0364 RpcLocator - ok
20:24:04.0293 0364 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:24:04.0293 0364 RpcSs - ok
20:24:04.0340 0364 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:24:04.0340 0364 rspndr - ok
20:24:04.0371 0364 RSUSBSTOR - ok
20:24:04.0418 0364 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:24:04.0418 0364 RTL8167 - ok
20:24:04.0449 0364 RtsUIR - ok
20:24:04.0465 0364 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:24:04.0465 0364 SamSs - ok
20:24:04.0511 0364 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:24:04.0511 0364 sbp2port - ok
20:24:04.0527 0364 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:24:04.0527 0364 SCardSvr - ok
20:24:04.0574 0364 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:24:04.0574 0364 scfilter - ok
20:24:04.0636 0364 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:24:04.0652 0364 Schedule - ok
20:24:04.0699 0364 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:24:04.0699 0364 SCPolicySvc - ok
20:24:04.0745 0364 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
20:24:04.0745 0364 sdbus - ok
20:24:04.0792 0364 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:24:04.0792 0364 SDRSVC - ok
20:24:04.0839 0364 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:24:04.0839 0364 secdrv - ok
20:24:04.0886 0364 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:24:04.0886 0364 seclogon - ok
20:24:04.0917 0364 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:24:04.0933 0364 SENS - ok
20:24:04.0933 0364 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:24:04.0933 0364 SensrSvc - ok
20:24:04.0964 0364 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:24:04.0964 0364 Serenum - ok
20:24:04.0979 0364 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:24:04.0979 0364 Serial - ok
20:24:05.0011 0364 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:24:05.0026 0364 sermouse - ok
20:24:05.0089 0364 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:24:05.0089 0364 SessionEnv - ok
20:24:05.0135 0364 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:24:05.0135 0364 sffdisk - ok
20:24:05.0151 0364 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:24:05.0151 0364 sffp_mmc - ok
20:24:05.0182 0364 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:24:05.0182 0364 sffp_sd - ok
20:24:05.0198 0364 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:24:05.0198 0364 sfloppy - ok
20:24:05.0245 0364 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:24:05.0245 0364 SharedAccess - ok
20:24:05.0291 0364 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:24:05.0291 0364 ShellHWDetection - ok
20:24:05.0338 0364 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:24:05.0338 0364 SiSRaid2 - ok
20:24:05.0354 0364 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:24:05.0354 0364 SiSRaid4 - ok
20:24:05.0385 0364 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:24:05.0385 0364 Smb - ok
20:24:05.0447 0364 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:24:05.0447 0364 SNMPTRAP - ok
20:24:05.0463 0364 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:24:05.0463 0364 spldr - ok
20:24:05.0510 0364 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:24:05.0525 0364 Spooler - ok
20:24:05.0635 0364 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:24:05.0666 0364 sppsvc - ok
20:24:05.0697 0364 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:24:05.0697 0364 sppuinotify - ok
20:24:05.0837 0364 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS
20:24:05.0853 0364 SRTSP - ok
20:24:05.0915 0364 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS
20:24:05.0915 0364 SRTSPX - ok
20:24:05.0978 0364 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:24:05.0978 0364 srv - ok
20:24:05.0993 0364 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:24:06.0009 0364 srv2 - ok
20:24:06.0040 0364 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:24:06.0040 0364 SrvHsfHDA - ok
20:24:06.0087 0364 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:24:06.0103 0364 SrvHsfV92 - ok
20:24:06.0134 0364 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:24:06.0134 0364 SrvHsfWinac - ok
20:24:06.0165 0364 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:24:06.0165 0364 srvnet - ok
20:24:06.0212 0364 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:24:06.0212 0364 SSDPSRV - ok
20:24:06.0227 0364 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:24:06.0227 0364 SstpSvc - ok
20:24:06.0321 0364 [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
20:24:06.0337 0364 STacSV - ok
20:24:06.0352 0364 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:24:06.0352 0364 stexstor - ok
20:24:06.0415 0364 [ ED1722F43CE61409EF68340402D6267D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
20:24:06.0430 0364 STHDA - ok
20:24:06.0477 0364 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:24:06.0493 0364 stisvc - ok
20:24:06.0539 0364 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:24:06.0539 0364 swenum - ok
20:24:06.0571 0364 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:24:06.0571 0364 swprv - ok
20:24:06.0649 0364 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS
20:24:06.0664 0364 SymDS - ok
20:24:06.0727 0364 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS
20:24:06.0742 0364 SymEFA - ok
20:24:06.0805 0364 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:24:06.0805 0364 SymEvent - ok
20:24:06.0836 0364 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS
20:24:06.0851 0364 SymIRON - ok
20:24:06.0867 0364 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS
20:24:06.0867 0364 SymNetS - ok
20:24:06.0929 0364 [ 924D711941956F7420A4925592BE8253 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:24:06.0929 0364 SynTP - ok
20:24:07.0007 0364 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:24:07.0039 0364 SysMain - ok
20:24:07.0070 0364 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:24:07.0070 0364 TabletInputService - ok
20:24:07.0101 0364 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:24:07.0101 0364 TapiSrv - ok
20:24:07.0117 0364 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:24:07.0132 0364 TBS - ok
20:24:07.0210 0364 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:24:07.0241 0364 Tcpip - ok
20:24:07.0273 0364 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:24:07.0288 0364 TCPIP6 - ok
20:24:07.0319 0364 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:24:07.0319 0364 tcpipreg - ok
20:24:07.0366 0364 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:24:07.0366 0364 TDPIPE - ok
20:24:07.0413 0364 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:24:07.0413 0364 TDTCP - ok
20:24:07.0444 0364 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:24:07.0444 0364 tdx - ok
20:24:07.0475 0364 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:24:07.0475 0364 TermDD - ok
20:24:07.0538 0364 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:24:07.0553 0364 TermService - ok
20:24:07.0600 0364 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:24:07.0600 0364 Themes - ok
20:24:07.0631 0364 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:24:07.0647 0364 THREADORDER - ok
20:24:07.0663 0364 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:24:07.0663 0364 TrkWks - ok
20:24:07.0709 0364 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:24:07.0709 0364 TrustedInstaller - ok
20:24:07.0756 0364 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:24:07.0756 0364 tssecsrv - ok
20:24:07.0803 0364 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:24:07.0803 0364 TsUsbFlt - ok
20:24:07.0865 0364 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:24:07.0865 0364 tunnel - ok
20:24:07.0897 0364 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:24:07.0897 0364 uagp35 - ok
20:24:07.0943 0364 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:24:07.0959 0364 udfs - ok
20:24:08.0006 0364 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:24:08.0006 0364 UI0Detect - ok
20:24:08.0021 0364 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:24:08.0021 0364 uliagpkx - ok
20:24:08.0068 0364 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:24:08.0068 0364 umbus - ok
20:24:08.0084 0364 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:24:08.0084 0364 UmPass - ok
20:24:08.0099 0364 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:24:08.0115 0364 upnphost - ok
20:24:08.0162 0364 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:24:08.0162 0364 USBAAPL64 - ok
20:24:08.0177 0364 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:24:08.0177 0364 usbccgp - ok
20:24:08.0209 0364 USBCCID - ok
20:24:08.0255 0364 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:24:08.0255 0364 usbcir - ok
20:24:08.0271 0364 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:24:08.0271 0364 usbehci - ok
20:24:08.0318 0364 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
20:24:08.0333 0364 usbfilter - ok
20:24:08.0365 0364 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:24:08.0380 0364 usbhub - ok
20:24:08.0443 0364 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:24:08.0443 0364 usbohci - ok
20:24:08.0489 0364 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:24:08.0489 0364 usbprint - ok
20:24:08.0536 0364 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:24:08.0536 0364 usbscan - ok
20:24:08.0567 0364 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:24:08.0567 0364 USBSTOR - ok
20:24:08.0599 0364 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:24:08.0599 0364 usbuhci - ok
20:24:08.0661 0364 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:24:08.0661 0364 usbvideo - ok
20:24:08.0708 0364 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:24:08.0708 0364 UxSms - ok
20:24:08.0708 0364 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:24:08.0723 0364 VaultSvc - ok
20:24:08.0755 0364 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:24:08.0755 0364 vdrvroot - ok
20:24:08.0801 0364 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:24:08.0817 0364 vds - ok
20:24:08.0833 0364 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:24:08.0833 0364 vga - ok
20:24:08.0864 0364 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:24:08.0864 0364 VgaSave - ok
20:24:08.0879 0364 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:24:08.0895 0364 vhdmp - ok
20:24:08.0926 0364 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:24:08.0926 0364 viaide - ok
20:24:08.0942 0364 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:24:08.0942 0364 volmgr - ok
20:24:08.0989 0364 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:24:09.0004 0364 volmgrx - ok
20:24:09.0020 0364 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:24:09.0020 0364 volsnap - ok
20:24:09.0067 0364 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:24:09.0067 0364 vsmraid - ok
20:24:09.0145 0364 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:24:09.0176 0364 VSS - ok
20:24:09.0191 0364 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:24:09.0191 0364 vwifibus - ok
20:24:09.0223 0364 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:24:09.0223 0364 vwififlt - ok
20:24:09.0269 0364 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:24:09.0269 0364 vwifimp - ok
20:24:09.0301 0364 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:24:09.0316 0364 W32Time - ok
20:24:09.0347 0364 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:24:09.0347 0364 WacomPen - ok
20:24:09.0410 0364 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:24:09.0410 0364 WANARP - ok
20:24:09.0410 0364 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:24:09.0410 0364 Wanarpv6 - ok
20:24:09.0488 0364 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:24:09.0503 0364 WatAdminSvc - ok
20:24:09.0581 0364 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:24:09.0597 0364 wbengine - ok
20:24:09.0628 0364 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:24:09.0628 0364 WbioSrvc - ok
20:24:09.0675 0364 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:24:09.0691 0364 wcncsvc - ok
20:24:09.0706 0364 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:24:09.0706 0364 WcsPlugInService - ok
20:24:09.0737 0364 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:24:09.0737 0364 Wd - ok
20:24:09.0769 0364 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:24:09.0784 0364 Wdf01000 - ok
20:24:09.0800 0364 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:24:09.0800 0364 WdiServiceHost - ok
20:24:09.0800 0364 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:24:09.0800 0364 WdiSystemHost - ok
20:24:09.0847 0364 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:24:09.0847 0364 WebClient - ok
20:24:09.0862 0364 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:24:09.0862 0364 Wecsvc - ok
20:24:09.0893 0364 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:24:09.0893 0364 wercplsupport - ok
20:24:09.0925 0364 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:24:09.0925 0364 WerSvc - ok
20:24:09.0987 0364 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:24:09.0987 0364 WfpLwf - ok
20:24:10.0018 0364 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:24:10.0018 0364 WIMMount - ok
20:24:10.0034 0364 WinDefend - ok
20:24:10.0049 0364 WinHttpAutoProxySvc - ok
20:24:10.0096 0364 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:24:10.0112 0364 Winmgmt - ok
20:24:10.0190 0364 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:24:10.0221 0364 WinRM - ok
20:24:10.0299 0364 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:24:10.0299 0364 WinUsb - ok
20:24:10.0346 0364 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:24:10.0361 0364 Wlansvc - ok
20:24:10.0377 0364 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:24:10.0377 0364 WmiAcpi - ok
20:24:10.0408 0364 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:24:10.0408 0364 wmiApSrv - ok
20:24:10.0455 0364 WMPNetworkSvc - ok
20:24:10.0471 0364 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:24:10.0471 0364 WPCSvc - ok
20:24:10.0502 0364 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:24:10.0517 0364 WPDBusEnum - ok
20:24:10.0549 0364 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:24:10.0549 0364 ws2ifsl - ok
20:24:10.0564 0364 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:24:10.0580 0364 wscsvc - ok
20:24:10.0580 0364 WSearch - ok
20:24:10.0689 0364 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:24:10.0720 0364 wuauserv - ok
20:24:10.0767 0364 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:24:10.0767 0364 WudfPf - ok
20:24:10.0798 0364 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:24:10.0814 0364 WUDFRd - ok
20:24:10.0829 0364 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:24:10.0845 0364 wudfsvc - ok
20:24:10.0876 0364 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:24:10.0876 0364 WwanSvc - ok
20:24:10.0939 0364 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
20:24:10.0954 0364 yukonw7 - ok
LoPhatPhuud

LoPhatPhuud to speedtennis

MVM

to speedtennis
20:24:10.0985 0364 ================ Scan global ===============================
20:24:11.0017 0364 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:24:11.0063 0364 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:24:11.0079 0364 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:24:11.0110 0364 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:24:11.0126 0364 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:24:11.0126 0364 [Global] - ok
20:24:11.0126 0364 ================ Scan MBR ==================================
20:24:11.0141 0364 [ D9C369DDA37A0CC44A095EF41713790A ] \Device\Harddisk0\DR0
20:24:11.0422 0364 \Device\Harddisk0\DR0 - ok
20:24:11.0422 0364 ================ Scan VBR ==================================
20:24:11.0422 0364 [ FD5CA236198950CE02F626C1E98FEAF1 ] \Device\Harddisk0\DR0\Partition1
20:24:11.0422 0364 \Device\Harddisk0\DR0\Partition1 - ok
20:24:11.0438 0364 [ 4D649CAD17182D4089A68ABA2A801DF4 ] \Device\Harddisk0\DR0\Partition2
20:24:11.0438 0364 \Device\Harddisk0\DR0\Partition2 - ok
20:24:11.0469 0364 [ 5DBA71C2637E1D57C497B8228631FCE4 ] \Device\Harddisk0\DR0\Partition3
20:24:11.0469 0364 \Device\Harddisk0\DR0\Partition3 - ok
20:24:11.0485 0364 [ 5CE24594F658978876A7D22727C3A726 ] \Device\Harddisk0\DR0\Partition4
20:24:11.0485 0364 \Device\Harddisk0\DR0\Partition4 - ok
20:24:11.0485 0364 ============================================================
20:24:11.0485 0364 Scan finished
20:24:11.0485 0364 ============================================================
20:24:11.0500 3972 Detected object count: 1
20:24:11.0500 3972 Actual detected object count: 1
20:39:59.0529 3972 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:39:59.0529 3972 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
09:02:12.0470 1524 ============================================================
09:02:12.0470 1524 Scan started
09:02:12.0470 1524 Mode: Manual;
09:02:12.0470 1524 ============================================================
09:02:14.0030 1524 ================ Scan system memory ========================
09:02:14.0030 1524 System memory - ok
09:02:14.0030 1524 ================ Scan services =============================
09:02:14.0171 1524 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:02:14.0171 1524 1394ohci - ok
09:02:14.0218 1524 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:02:14.0218 1524 ACPI - ok
09:02:14.0233 1524 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:02:14.0233 1524 AcpiPmi - ok
09:02:14.0389 1524 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:02:14.0389 1524 AdobeFlashPlayerUpdateSvc - ok
09:02:14.0436 1524 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:02:14.0436 1524 adp94xx - ok
09:02:14.0452 1524 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:02:14.0452 1524 adpahci - ok
09:02:14.0467 1524 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:02:14.0467 1524 adpu320 - ok
09:02:14.0483 1524 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:02:14.0498 1524 AeLookupSvc - ok
09:02:14.0576 1524 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
09:02:14.0576 1524 AESTFilters - ok
09:02:14.0623 1524 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:02:14.0623 1524 AFD - ok
09:02:14.0670 1524 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
09:02:14.0670 1524 AgereModemAudio - ok
09:02:14.0701 1524 [ AF4748EF93416159459769A24A0053AF ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
09:02:14.0701 1524 AgereSoftModem - ok
09:02:14.0748 1524 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:02:14.0748 1524 agp440 - ok
09:02:14.0873 1524 [ C7074BD8D4B8F564859ED373433030AE ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll
09:02:14.0873 1524 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
09:02:14.0888 1524 Akamai ( HiddenFile.Multi.Generic ) - warning
09:02:14.0888 1524 Akamai - detected HiddenFile.Multi.Generic (1)
09:02:14.0920 1524 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:02:14.0920 1524 ALG - ok
09:02:14.0966 1524 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:02:14.0966 1524 aliide - ok
09:02:14.0998 1524 [ BCC32BF5EBB5DFD4380FA053D3651949 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:02:14.0998 1524 AMD External Events Utility - ok
09:02:14.0998 1524 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:02:14.0998 1524 amdide - ok
09:02:15.0029 1524 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:02:15.0029 1524 AmdK8 - ok
09:02:15.0060 1524 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:02:15.0060 1524 AmdPPM - ok
09:02:15.0060 1524 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:02:15.0060 1524 amdsata - ok
09:02:15.0091 1524 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:02:15.0091 1524 amdsbs - ok
09:02:15.0107 1524 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:02:15.0107 1524 amdxata - ok
09:02:15.0138 1524 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:02:15.0138 1524 AppID - ok
09:02:15.0169 1524 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:02:15.0185 1524 AppIDSvc - ok
09:02:15.0216 1524 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:02:15.0216 1524 Appinfo - ok
09:02:15.0310 1524 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:02:15.0310 1524 Apple Mobile Device - ok
09:02:15.0341 1524 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
09:02:15.0341 1524 arc - ok
09:02:15.0356 1524 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:02:15.0356 1524 arcsas - ok
09:02:15.0403 1524 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:02:15.0403 1524 AsyncMac - ok
09:02:15.0450 1524 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:02:15.0450 1524 atapi - ok
09:02:15.0512 1524 [ F8633CDD09647A64EE8DB550630427FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
09:02:15.0528 1524 athr - ok
09:02:15.0653 1524 [ A29087680A1C3B049E3C05438E8FF2B8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:02:15.0684 1524 atikmdag - ok
09:02:15.0700 1524 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
09:02:15.0700 1524 AtiPcie - ok
09:02:15.0746 1524 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:02:15.0746 1524 AudioEndpointBuilder - ok
09:02:15.0762 1524 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:02:15.0762 1524 AudioSrv - ok
09:02:15.0793 1524 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:02:15.0793 1524 AxInstSV - ok
09:02:15.0824 1524 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:02:15.0824 1524 b06bdrv - ok
09:02:15.0856 1524 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:02:15.0871 1524 b57nd60a - ok
09:02:15.0887 1524 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:02:15.0887 1524 BDESVC - ok
09:02:15.0902 1524 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:02:15.0902 1524 Beep - ok
09:02:15.0949 1524 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:02:15.0949 1524 BFE - ok
09:02:16.0105 1524 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120928.001\BHDrvx64.sys
09:02:16.0105 1524 BHDrvx64 - ok
09:02:16.0168 1524 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
09:02:16.0168 1524 BITS - ok
09:02:16.0199 1524 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:02:16.0199 1524 blbdrive - ok
09:02:16.0261 1524 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:02:16.0261 1524 Bonjour Service - ok
09:02:16.0308 1524 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:02:16.0308 1524 bowser - ok
09:02:16.0324 1524 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:02:16.0324 1524 BrFiltLo - ok
09:02:16.0355 1524 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:02:16.0355 1524 BrFiltUp - ok
09:02:16.0402 1524 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:02:16.0402 1524 Browser - ok
09:02:16.0433 1524 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:02:16.0448 1524 Brserid - ok
09:02:16.0495 1524 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:02:16.0495 1524 BrSerWdm - ok
09:02:16.0526 1524 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:02:16.0526 1524 BrUsbMdm - ok
09:02:16.0558 1524 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:02:16.0558 1524 BrUsbSer - ok
09:02:16.0589 1524 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:02:16.0589 1524 BTHMODEM - ok
09:02:16.0604 1524 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:02:16.0604 1524 bthserv - ok
09:02:16.0682 1524 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys
09:02:16.0682 1524 ccSet_N360 - ok
09:02:16.0699 1524 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:02:16.0699 1524 cdfs - ok
09:02:16.0730 1524 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
09:02:16.0730 1524 cdrom - ok
09:02:16.0777 1524 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:02:16.0777 1524 CertPropSvc - ok
09:02:16.0793 1524 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:02:16.0793 1524 circlass - ok
09:02:16.0808 1524 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:02:16.0808 1524 CLFS - ok
09:02:16.0886 1524 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:02:16.0886 1524 clr_optimization_v2.0.50727_32 - ok
09:02:16.0933 1524 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:02:16.0933 1524 clr_optimization_v2.0.50727_64 - ok
09:02:17.0011 1524 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:02:17.0011 1524 clr_optimization_v4.0.30319_32 - ok
09:02:17.0073 1524 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:02:17.0073 1524 clr_optimization_v4.0.30319_64 - ok
09:02:17.0089 1524 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:02:17.0089 1524 CmBatt - ok
09:02:17.0136 1524 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:02:17.0136 1524 cmdide - ok
09:02:17.0183 1524 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:02:17.0183 1524 CNG - ok
09:02:17.0214 1524 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
09:02:17.0214 1524 Com4QLBEx - ok
09:02:17.0229 1524 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:02:17.0229 1524 Compbatt - ok
09:02:17.0276 1524 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:02:17.0276 1524 CompositeBus - ok
09:02:17.0276 1524 COMSysApp - ok
09:02:17.0292 1524 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:02:17.0292 1524 crcdisk - ok
09:02:17.0339 1524 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:02:17.0339 1524 CryptSvc - ok
09:02:17.0385 1524 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:02:17.0385 1524 DcomLaunch - ok
09:02:17.0417 1524 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:02:17.0417 1524 defragsvc - ok
09:02:17.0463 1524 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:02:17.0463 1524 DfsC - ok
09:02:17.0510 1524 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:02:17.0510 1524 Dhcp - ok
09:02:17.0526 1524 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:02:17.0526 1524 discache - ok
09:02:17.0541 1524 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:02:17.0541 1524 Disk - ok
09:02:17.0588 1524 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:02:17.0588 1524 Dnscache - ok
09:02:17.0635 1524 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:02:17.0635 1524 dot3svc - ok
09:02:17.0682 1524 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:02:17.0682 1524 DPS - ok
09:02:17.0697 1524 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:02:17.0697 1524 drmkaud - ok
09:02:17.0744 1524 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:02:17.0744 1524 DXGKrnl - ok
09:02:17.0791 1524 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:02:17.0791 1524 EapHost - ok
09:02:17.0869 1524 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:02:17.0900 1524 ebdrv - ok
09:02:17.0947 1524 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
09:02:17.0947 1524 eeCtrl - ok
09:02:17.0994 1524 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:02:17.0994 1524 EFS - ok
09:02:18.0056 1524 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:02:18.0072 1524 ehRecvr - ok
09:02:18.0087 1524 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:02:18.0103 1524 ehSched - ok
09:02:18.0119 1524 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:02:18.0119 1524 elxstor - ok
09:02:18.0150 1524 EraserUtilRebootDrv - ok
09:02:18.0181 1524 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:02:18.0181 1524 ErrDev - ok
09:02:18.0228 1524 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:02:18.0228 1524 EventSystem - ok
09:02:18.0259 1524 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:02:18.0259 1524 exfat - ok
09:02:18.0290 1524 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:02:18.0290 1524 fastfat - ok
09:02:18.0337 1524 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:02:18.0337 1524 Fax - ok
09:02:18.0368 1524 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:02:18.0368 1524 fdc - ok
09:02:18.0399 1524 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:02:18.0399 1524 fdPHost - ok
09:02:18.0415 1524 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:02:18.0415 1524 FDResPub - ok
09:02:18.0431 1524 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:02:18.0431 1524 FileInfo - ok
09:02:18.0431 1524 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:02:18.0431 1524 Filetrace - ok
09:02:18.0446 1524 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:02:18.0446 1524 flpydisk - ok
09:02:18.0462 1524 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:02:18.0477 1524 FltMgr - ok
09:02:18.0524 1524 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
09:02:18.0540 1524 FontCache - ok
09:02:18.0602 1524 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:02:18.0602 1524 FontCache3.0.0.0 - ok
09:02:18.0618 1524 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:02:18.0633 1524 FsDepends - ok
09:02:18.0649 1524 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:02:18.0649 1524 Fs_Rec - ok
09:02:18.0680 1524 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:02:18.0680 1524 fvevol - ok
09:02:18.0696 1524 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:02:18.0696 1524 gagp30kx - ok
09:02:18.0774 1524 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
09:02:18.0774 1524 GamesAppService - ok
09:02:18.0805 1524 [ AF4DEE5531395DEE72B35B36C9671FD0 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:02:18.0805 1524 GEARAspiWDM - ok
09:02:18.0852 1524 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:02:18.0852 1524 gpsvc - ok
09:02:18.0867 1524 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:02:18.0867 1524 hcw85cir - ok
09:02:18.0914 1524 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:02:18.0914 1524 HdAudAddService - ok
09:02:18.0945 1524 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:02:18.0945 1524 HDAudBus - ok
09:02:18.0961 1524 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:02:18.0961 1524 HidBatt - ok
09:02:18.0992 1524 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:02:18.0992 1524 HidBth - ok
09:02:18.0992 1524 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:02:18.0992 1524 HidIr - ok
09:02:19.0023 1524 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:02:19.0023 1524 hidserv - ok
09:02:19.0039 1524 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:02:19.0039 1524 HidUsb - ok
09:02:19.0070 1524 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:02:19.0070 1524 hkmsvc - ok
09:02:19.0117 1524 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:02:19.0117 1524 HomeGroupListener - ok
09:02:19.0164 1524 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:02:19.0164 1524 HomeGroupProvider - ok
09:02:19.0226 1524 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
09:02:19.0226 1524 HP Support Assistant Service - ok
09:02:19.0226 1524 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
09:02:19.0226 1524 HpqKbFiltr - ok
09:02:19.0320 1524 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
09:02:19.0320 1524 hpqwmiex - ok
09:02:19.0367 1524 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:02:19.0367 1524 HpSAMD - ok
09:02:19.0413 1524 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:02:19.0429 1524 HTTP - ok
09:02:19.0476 1524 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:02:19.0476 1524 hwpolicy - ok
09:02:19.0523 1524 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:02:19.0523 1524 i8042prt - ok
09:02:19.0554 1524 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:02:19.0554 1524 iaStorV - ok
09:02:19.0663 1524 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:02:19.0663 1524 IDriverT - ok
09:02:19.0725 1524 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:02:19.0725 1524 idsvc - ok
09:02:19.0803 1524 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121017.001\IDSvia64.sys
09:02:19.0803 1524 IDSVia64 - ok
09:02:19.0928 1524 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:02:19.0991 1524 igfx - ok
09:02:20.0022 1524 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:02:20.0022 1524 iirsp - ok
09:02:20.0069 1524 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:02:20.0084 1524 IKEEXT - ok
09:02:20.0100 1524 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:02:20.0100 1524 intelide - ok
09:02:20.0115 1524 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:02:20.0115 1524 intelppm - ok
09:02:20.0147 1524 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:02:20.0147 1524 IPBusEnum - ok
09:02:20.0178 1524 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:02:20.0178 1524 IpFilterDriver - ok
09:02:20.0225 1524 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:02:20.0225 1524 iphlpsvc - ok
09:02:20.0256 1524 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:02:20.0256 1524 IPMIDRV - ok
09:02:20.0303 1524 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:02:20.0303 1524 IPNAT - ok
09:02:20.0365 1524 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:02:20.0381 1524 iPod Service - ok
09:02:20.0396 1524 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:02:20.0396 1524 IRENUM - ok
09:02:20.0396 1524 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:02:20.0396 1524 isapnp - ok
09:02:20.0412 1524 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:02:20.0427 1524 iScsiPrt - ok
09:02:20.0443 1524 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:02:20.0443 1524 kbdclass - ok
09:02:20.0459 1524 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:02:20.0459 1524 kbdhid - ok
09:02:20.0474 1524 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:02:20.0474 1524 KeyIso - ok
09:02:20.0521 1524 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:02:20.0521 1524 KSecDD - ok
09:02:20.0568 1524 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:02:20.0568 1524 KSecPkg - ok
09:02:20.0583 1524 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:02:20.0583 1524 ksthunk - ok
09:02:20.0615 1524 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:02:20.0630 1524 KtmRm - ok
09:02:20.0661 1524 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:02:20.0661 1524 LanmanServer - ok
09:02:20.0724 1524 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:02:20.0724 1524 LanmanWorkstation - ok
09:02:20.0755 1524 [ 07B1888209C54B675FFCCBDE9F06D2C6 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
09:02:20.0755 1524 LightScribeService - ok
09:02:20.0755 1524 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:02:20.0771 1524 lltdio - ok
09:02:20.0786 1524 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:02:20.0786 1524 lltdsvc - ok
09:02:20.0802 1524 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:02:20.0802 1524 lmhosts - ok
09:02:20.0833 1524 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:02:20.0833 1524 LSI_FC - ok
09:02:20.0864 1524 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:02:20.0864 1524 LSI_SAS - ok
09:02:20.0880 1524 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:02:20.0880 1524 LSI_SAS2 - ok
09:02:20.0895 1524 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:02:20.0911 1524 LSI_SCSI - ok
09:02:20.0927 1524 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:02:20.0927 1524 luafv - ok
09:02:20.0973 1524 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:02:20.0973 1524 MBAMProtector - ok
09:02:21.0005 1524 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:02:21.0020 1524 MBAMScheduler - ok
09:02:21.0036 1524 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:02:21.0036 1524 MBAMService - ok
09:02:21.0067 1524 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:02:21.0083 1524 Mcx2Svc - ok
09:02:21.0098 1524 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:02:21.0098 1524 megasas - ok
09:02:21.0145 1524 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:02:21.0145 1524 MegaSR - ok
09:02:21.0317 1524 [ D70476AD02D6FD75282B196D3B58831D ] MEMSWEEP2 C:\Windows\system32\3CF1.tmp
09:02:21.0332 1524 MEMSWEEP2 - ok
09:02:21.0379 1524 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:02:21.0379 1524 MMCSS - ok
09:02:21.0395 1524 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:02:21.0395 1524 Modem - ok
09:02:21.0410 1524 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:02:21.0410 1524 monitor - ok
09:02:21.0426 1524 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:02:21.0426 1524 mouclass - ok
09:02:21.0441 1524 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:02:21.0441 1524 mouhid - ok
09:02:21.0488 1524 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:02:21.0488 1524 mountmgr - ok
09:02:21.0535 1524 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:02:21.0535 1524 MozillaMaintenance - ok
09:02:21.0566 1524 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:02:21.0566 1524 mpio - ok
09:02:21.0597 1524 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:02:21.0597 1524 mpsdrv - ok
09:02:21.0644 1524 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:02:21.0660 1524 MpsSvc - ok
09:02:21.0691 1524 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:02:21.0691 1524 MRxDAV - ok
09:02:21.0738 1524 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:02:21.0738 1524 mrxsmb - ok
09:02:21.0785 1524 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:02:21.0785 1524 mrxsmb10 - ok
09:02:21.0800 1524 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:02:21.0800 1524 mrxsmb20 - ok
09:02:21.0847 1524 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:02:21.0847 1524 msahci - ok
09:02:21.0863 1524 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:02:21.0863 1524 msdsm - ok
09:02:21.0878 1524 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:02:21.0878 1524 MSDTC - ok
09:02:21.0909 1524 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:02:21.0909 1524 Msfs - ok
09:02:21.0909 1524 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:02:21.0909 1524 mshidkmdf - ok
09:02:21.0925 1524 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:02:21.0925 1524 msisadrv - ok
09:02:21.0956 1524 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:02:21.0956 1524 MSiSCSI - ok
09:02:21.0972 1524 msiserver - ok
09:02:21.0987 1524 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:02:21.0987 1524 MSKSSRV - ok
09:02:22.0003 1524 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:02:22.0003 1524 MSPCLOCK - ok
09:02:22.0019 1524 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:02:22.0019 1524 MSPQM - ok
09:02:22.0050 1524 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:02:22.0065 1524 MsRPC - ok
09:02:22.0065 1524 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:02:22.0065 1524 mssmbios - ok
09:02:22.0081 1524 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:02:22.0081 1524 MSTEE - ok
09:02:22.0112 1524 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:02:22.0112 1524 MTConfig - ok
09:02:22.0128 1524 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:02:22.0128 1524 Mup - ok
09:02:22.0206 1524 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
09:02:22.0206 1524 N360 - ok
09:02:22.0253 1524 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:02:22.0268 1524 napagent - ok
09:02:22.0299 1524 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:02:22.0299 1524 NativeWifiP - ok
09:02:22.0346 1524 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121017.019\ENG64.SYS
09:02:22.0346 1524 NAVENG - ok
09:02:22.0409 1524 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121017.019\EX64.SYS
09:02:22.0440 1524 NAVEX15 - ok
09:02:22.0487 1524 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:02:22.0502 1524 NDIS - ok
09:02:22.0533 1524 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:02:22.0533 1524 NdisCap - ok
09:02:22.0565 1524 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:02:22.0565 1524 NdisTapi - ok
09:02:22.0596 1524 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:02:22.0596 1524 Ndisuio - ok
09:02:22.0643 1524 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:02:22.0643 1524 NdisWan - ok
09:02:22.0674 1524 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:02:22.0674 1524 NDProxy - ok
09:02:22.0689 1524 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:02:22.0689 1524 NetBIOS - ok
09:02:22.0736 1524 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:02:22.0736 1524 NetBT - ok
09:02:22.0752 1524 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:02:22.0752 1524 Netlogon - ok
09:02:22.0799 1524 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:02:22.0799 1524 Netman - ok
09:02:22.0814 1524 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:02:22.0830 1524 netprofm - ok
09:02:22.0845 1524 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:02:22.0845 1524 NetTcpPortSharing - ok
09:02:22.0955 1524 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
09:02:23.0017 1524 netw5v64 - ok
09:02:23.0048 1524 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:02:23.0048 1524 nfrd960 - ok
09:02:23.0064 1524 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:02:23.0064 1524 NlaSvc - ok
09:02:23.0095 1524 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:02:23.0095 1524 Npfs - ok
09:02:23.0111 1524 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:02:23.0111 1524 nsi - ok
09:02:23.0126 1524 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:02:23.0126 1524 nsiproxy - ok
09:02:23.0204 1524 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:02:23.0220 1524 Ntfs - ok
09:02:23.0235 1524 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:02:23.0235 1524 Null - ok
09:02:23.0251 1524 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:02:23.0251 1524 nvraid - ok
09:02:23.0298 1524 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:02:23.0298 1524 nvstor - ok
09:02:23.0329 1524 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:02:23.0329 1524 nv_agp - ok
LoPhatPhuud

LoPhatPhuud to speedtennis

MVM

to speedtennis
09:02:23.0391 1524 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:02:23.0407 1524 odserv - ok
09:02:23.0438 1524 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:02:23.0438 1524 ohci1394 - ok
09:02:23.0469 1524 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:02:23.0469 1524 ose - ok
09:02:23.0501 1524 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:02:23.0516 1524 p2pimsvc - ok
09:02:23.0547 1524 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:02:23.0547 1524 p2psvc - ok
09:02:23.0563 1524 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:02:23.0563 1524 Parport - ok
09:02:23.0594 1524 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:02:23.0594 1524 partmgr - ok
09:02:23.0625 1524 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:02:23.0625 1524 PcaSvc - ok
09:02:23.0672 1524 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:02:23.0672 1524 pci - ok
09:02:23.0688 1524 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:02:23.0688 1524 pciide - ok
09:02:23.0719 1524 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:02:23.0719 1524 pcmcia - ok
09:02:23.0750 1524 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:02:23.0750 1524 pcw - ok
09:02:23.0766 1524 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:02:23.0766 1524 PEAUTH - ok
09:02:23.0859 1524 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:02:23.0859 1524 PerfHost - ok
09:02:23.0922 1524 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:02:23.0937 1524 pla - ok
09:02:23.0969 1524 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:02:23.0984 1524 PlugPlay - ok
09:02:24.0015 1524 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:02:24.0015 1524 PNRPAutoReg - ok
09:02:24.0031 1524 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:02:24.0031 1524 PNRPsvc - ok
09:02:24.0047 1524 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:02:24.0047 1524 PolicyAgent - ok
09:02:24.0093 1524 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:02:24.0093 1524 Power - ok
09:02:24.0125 1524 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:02:24.0140 1524 PptpMiniport - ok
09:02:24.0156 1524 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:02:24.0156 1524 Processor - ok
09:02:24.0187 1524 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:02:24.0187 1524 ProfSvc - ok
09:02:24.0203 1524 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:02:24.0203 1524 ProtectedStorage - ok
09:02:24.0249 1524 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:02:24.0249 1524 Psched - ok
09:02:24.0296 1524 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:02:24.0312 1524 ql2300 - ok
09:02:24.0327 1524 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:02:24.0327 1524 ql40xx - ok
09:02:24.0359 1524 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:02:24.0359 1524 QWAVE - ok
09:02:24.0374 1524 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:02:24.0390 1524 QWAVEdrv - ok
09:02:24.0390 1524 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:02:24.0390 1524 RasAcd - ok
09:02:24.0421 1524 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:02:24.0421 1524 RasAgileVpn - ok
09:02:24.0437 1524 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:02:24.0437 1524 RasAuto - ok
09:02:24.0483 1524 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:02:24.0483 1524 Rasl2tp - ok
09:02:24.0499 1524 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:02:24.0499 1524 RasMan - ok
09:02:24.0515 1524 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:02:24.0515 1524 RasPppoe - ok
09:02:24.0546 1524 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:02:24.0561 1524 RasSstp - ok
09:02:24.0608 1524 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:02:24.0608 1524 rdbss - ok
09:02:24.0624 1524 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:02:24.0624 1524 rdpbus - ok
09:02:24.0639 1524 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:02:24.0639 1524 RDPCDD - ok
09:02:24.0655 1524 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:02:24.0655 1524 RDPENCDD - ok
09:02:24.0686 1524 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:02:24.0686 1524 RDPREFMP - ok
09:02:24.0733 1524 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:02:24.0733 1524 RDPWD - ok
09:02:24.0764 1524 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:02:24.0764 1524 rdyboost - ok
09:02:24.0795 1524 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:02:24.0811 1524 RemoteAccess - ok
09:02:24.0827 1524 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:02:24.0827 1524 RemoteRegistry - ok
09:02:24.0889 1524 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
09:02:24.0889 1524 RichVideo - ok
09:02:24.0920 1524 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
09:02:24.0920 1524 RimUsb - ok
09:02:24.0951 1524 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:02:24.0951 1524 RpcEptMapper - ok
09:02:24.0967 1524 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:02:24.0967 1524 RpcLocator - ok
09:02:24.0998 1524 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:02:25.0014 1524 RpcSs - ok
09:02:25.0029 1524 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:02:25.0029 1524 rspndr - ok
09:02:25.0045 1524 RSUSBSTOR - ok
09:02:25.0076 1524 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
09:02:25.0076 1524 RTL8167 - ok
09:02:25.0076 1524 RtsUIR - ok
09:02:25.0092 1524 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:02:25.0092 1524 SamSs - ok
09:02:25.0123 1524 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:02:25.0123 1524 sbp2port - ok
09:02:25.0154 1524 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:02:25.0154 1524 SCardSvr - ok
09:02:25.0185 1524 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:02:25.0185 1524 scfilter - ok
09:02:25.0232 1524 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:02:25.0248 1524 Schedule - ok
09:02:25.0295 1524 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:02:25.0295 1524 SCPolicySvc - ok
09:02:25.0341 1524 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
09:02:25.0341 1524 sdbus - ok
09:02:25.0373 1524 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:02:25.0388 1524 SDRSVC - ok
09:02:25.0419 1524 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:02:25.0419 1524 secdrv - ok
09:02:25.0435 1524 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:02:25.0435 1524 seclogon - ok
09:02:25.0482 1524 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
09:02:25.0497 1524 SENS - ok
09:02:25.0529 1524 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:02:25.0529 1524 SensrSvc - ok
09:02:25.0560 1524 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:02:25.0560 1524 Serenum - ok
09:02:25.0591 1524 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:02:25.0591 1524 Serial - ok
09:02:25.0638 1524 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:02:25.0638 1524 sermouse - ok
09:02:25.0685 1524 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:02:25.0685 1524 SessionEnv - ok
09:02:25.0731 1524 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:02:25.0731 1524 sffdisk - ok
09:02:25.0747 1524 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:02:25.0747 1524 sffp_mmc - ok
09:02:25.0778 1524 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:02:25.0778 1524 sffp_sd - ok
09:02:25.0778 1524 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:02:25.0778 1524 sfloppy - ok
09:02:25.0841 1524 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:02:25.0856 1524 SharedAccess - ok
09:02:25.0887 1524 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:02:25.0903 1524 ShellHWDetection - ok
09:02:25.0919 1524 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:02:25.0919 1524 SiSRaid2 - ok
09:02:25.0934 1524 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:02:25.0934 1524 SiSRaid4 - ok
09:02:25.0950 1524 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:02:25.0950 1524 Smb - ok
09:02:25.0997 1524 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:02:25.0997 1524 SNMPTRAP - ok
09:02:25.0997 1524 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:02:25.0997 1524 spldr - ok
09:02:26.0043 1524 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:02:26.0059 1524 Spooler - ok
09:02:26.0153 1524 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:02:26.0199 1524 sppsvc - ok
09:02:26.0215 1524 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:02:26.0231 1524 sppuinotify - ok
09:02:26.0309 1524 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS
09:02:26.0324 1524 SRTSP - ok
09:02:26.0340 1524 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS
09:02:26.0340 1524 SRTSPX - ok
09:02:26.0387 1524 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:02:26.0387 1524 srv - ok
09:02:26.0418 1524 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:02:26.0418 1524 srv2 - ok
09:02:26.0449 1524 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
09:02:26.0449 1524 SrvHsfHDA - ok
09:02:26.0496 1524 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
09:02:26.0511 1524 SrvHsfV92 - ok
09:02:26.0558 1524 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
09:02:26.0574 1524 SrvHsfWinac - ok
09:02:26.0589 1524 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:02:26.0589 1524 srvnet - ok
09:02:26.0621 1524 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:02:26.0621 1524 SSDPSRV - ok
09:02:26.0636 1524 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:02:26.0636 1524 SstpSvc - ok
09:02:26.0714 1524 [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
09:02:26.0714 1524 STacSV - ok
09:02:26.0745 1524 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:02:26.0745 1524 stexstor - ok
09:02:26.0777 1524 [ ED1722F43CE61409EF68340402D6267D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
09:02:26.0777 1524 STHDA - ok
09:02:26.0823 1524 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:02:26.0839 1524 stisvc - ok
09:02:26.0870 1524 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:02:26.0870 1524 swenum - ok
09:02:26.0901 1524 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:02:26.0917 1524 swprv - ok
09:02:26.0964 1524 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS
09:02:26.0964 1524 SymDS - ok
09:02:26.0995 1524 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS
09:02:27.0011 1524 SymEFA - ok
09:02:27.0026 1524 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
09:02:27.0026 1524 SymEvent - ok
09:02:27.0042 1524 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS
09:02:27.0042 1524 SymIRON - ok
09:02:27.0057 1524 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS
09:02:27.0057 1524 SymNetS - ok
09:02:27.0120 1524 [ 924D711941956F7420A4925592BE8253 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:02:27.0120 1524 SynTP - ok
09:02:27.0182 1524 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:02:27.0198 1524 SysMain - ok
09:02:27.0245 1524 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:02:27.0245 1524 TabletInputService - ok
09:02:27.0260 1524 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:02:27.0260 1524 TapiSrv - ok
09:02:27.0291 1524 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:02:27.0291 1524 TBS - ok
09:02:27.0354 1524 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:02:27.0385 1524 Tcpip - ok
09:02:27.0401 1524 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:02:27.0416 1524 TCPIP6 - ok
09:02:27.0463 1524 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:02:27.0463 1524 tcpipreg - ok
09:02:27.0494 1524 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:02:27.0494 1524 TDPIPE - ok
09:02:27.0525 1524 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:02:27.0525 1524 TDTCP - ok
09:02:27.0572 1524 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:02:27.0572 1524 tdx - ok
09:02:27.0588 1524 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:02:27.0588 1524 TermDD - ok
09:02:27.0635 1524 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:02:27.0650 1524 TermService - ok
09:02:27.0666 1524 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:02:27.0666 1524 Themes - ok
09:02:27.0713 1524 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:02:27.0713 1524 THREADORDER - ok
09:02:27.0728 1524 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:02:27.0728 1524 TrkWks - ok
09:02:27.0791 1524 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:02:27.0791 1524 TrustedInstaller - ok
09:02:27.0837 1524 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:02:27.0837 1524 tssecsrv - ok
09:02:27.0869 1524 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:02:27.0869 1524 TsUsbFlt - ok
09:02:27.0931 1524 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:02:27.0931 1524 tunnel - ok
09:02:27.0947 1524 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:02:27.0962 1524 uagp35 - ok
09:02:27.0993 1524 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:02:27.0993 1524 udfs - ok
09:02:28.0025 1524 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:02:28.0025 1524 UI0Detect - ok
09:02:28.0056 1524 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:02:28.0056 1524 uliagpkx - ok
09:02:28.0087 1524 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
09:02:28.0087 1524 umbus - ok
09:02:28.0103 1524 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:02:28.0103 1524 UmPass - ok
09:02:28.0134 1524 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:02:28.0134 1524 upnphost - ok
09:02:28.0181 1524 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
09:02:28.0181 1524 USBAAPL64 - ok
09:02:28.0196 1524 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:02:28.0196 1524 usbccgp - ok
09:02:28.0196 1524 USBCCID - ok
09:02:28.0243 1524 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:02:28.0243 1524 usbcir - ok
09:02:28.0259 1524 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:02:28.0259 1524 usbehci - ok
09:02:28.0274 1524 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
09:02:28.0274 1524 usbfilter - ok
09:02:28.0305 1524 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:02:28.0305 1524 usbhub - ok
09:02:28.0321 1524 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:02:28.0321 1524 usbohci - ok
09:02:28.0337 1524 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:02:28.0337 1524 usbprint - ok
09:02:28.0368 1524 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:02:28.0383 1524 usbscan - ok
09:02:28.0415 1524 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:02:28.0415 1524 USBSTOR - ok
09:02:28.0430 1524 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:02:28.0430 1524 usbuhci - ok
09:02:28.0446 1524 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:02:28.0446 1524 usbvideo - ok
09:02:28.0477 1524 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:02:28.0477 1524 UxSms - ok
09:02:28.0493 1524 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:02:28.0493 1524 VaultSvc - ok
09:02:28.0508 1524 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:02:28.0508 1524 vdrvroot - ok
09:02:28.0555 1524 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:02:28.0555 1524 vds - ok
09:02:28.0571 1524 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:02:28.0586 1524 vga - ok
09:02:28.0586 1524 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:02:28.0586 1524 VgaSave - ok
09:02:28.0633 1524 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:02:28.0633 1524 vhdmp - ok
09:02:28.0680 1524 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:02:28.0680 1524 viaide - ok
09:02:28.0680 1524 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:02:28.0680 1524 volmgr - ok
09:02:28.0727 1524 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:02:28.0727 1524 volmgrx - ok
09:02:28.0742 1524 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:02:28.0758 1524 volsnap - ok
09:02:28.0773 1524 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:02:28.0773 1524 vsmraid - ok
09:02:28.0851 1524 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:02:28.0867 1524 VSS - ok
09:02:28.0883 1524 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:02:28.0883 1524 vwifibus - ok
09:02:28.0898 1524 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:02:28.0898 1524 vwififlt - ok
09:02:28.0945 1524 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:02:28.0945 1524 vwifimp - ok
09:02:28.0961 1524 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:02:28.0976 1524 W32Time - ok
09:02:28.0992 1524 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:02:28.0992 1524 WacomPen - ok
09:02:29.0039 1524 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:02:29.0054 1524 WANARP - ok
09:02:29.0054 1524 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:02:29.0054 1524 Wanarpv6 - ok
09:02:29.0101 1524 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:02:29.0117 1524 WatAdminSvc - ok
09:02:29.0179 1524 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:02:29.0195 1524 wbengine - ok
09:02:29.0226 1524 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:02:29.0226 1524 WbioSrvc - ok
09:02:29.0273 1524 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:02:29.0273 1524 wcncsvc - ok
09:02:29.0288 1524 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:02:29.0288 1524 WcsPlugInService - ok
09:02:29.0319 1524 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:02:29.0319 1524 Wd - ok
09:02:29.0351 1524 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:02:29.0366 1524 Wdf01000 - ok
09:02:29.0382 1524 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:02:29.0382 1524 WdiServiceHost - ok
09:02:29.0382 1524 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:02:29.0382 1524 WdiSystemHost - ok
09:02:29.0429 1524 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:02:29.0429 1524 WebClient - ok
09:02:29.0475 1524 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:02:29.0475 1524 Wecsvc - ok
09:02:29.0491 1524 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:02:29.0507 1524 wercplsupport - ok
09:02:29.0538 1524 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:02:29.0553 1524 WerSvc - ok
09:02:29.0600 1524 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:02:29.0600 1524 WfpLwf - ok
09:02:29.0631 1524 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:02:29.0631 1524 WIMMount - ok
09:02:29.0647 1524 WinDefend - ok
09:02:29.0647 1524 WinHttpAutoProxySvc - ok
09:02:29.0694 1524 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:02:29.0694 1524 Winmgmt - ok
09:02:29.0756 1524 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:02:29.0787 1524 WinRM - ok
09:02:29.0819 1524 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:02:29.0819 1524 WinUsb - ok
09:02:29.0850 1524 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:02:29.0865 1524 Wlansvc - ok
09:02:29.0881 1524 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:02:29.0881 1524 WmiAcpi - ok
09:02:29.0912 1524 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:02:29.0912 1524 wmiApSrv - ok
09:02:29.0928 1524 WMPNetworkSvc - ok
09:02:29.0943 1524 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:02:29.0943 1524 WPCSvc - ok
09:02:29.0975 1524 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:02:29.0990 1524 WPDBusEnum - ok
09:02:30.0006 1524 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:02:30.0006 1524 ws2ifsl - ok
09:02:30.0021 1524 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
09:02:30.0021 1524 wscsvc - ok
09:02:30.0037 1524 WSearch - ok
09:02:30.0115 1524 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:02:30.0131 1524 wuauserv - ok
09:02:30.0177 1524 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:02:30.0177 1524 WudfPf - ok
09:02:30.0193 1524 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:02:30.0193 1524 WUDFRd - ok
09:02:30.0209 1524 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:02:30.0224 1524 wudfsvc - ok
09:02:30.0240 1524 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:02:30.0255 1524 WwanSvc - ok
09:02:30.0287 1524 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
09:02:30.0287 1524 yukonw7 - ok
09:02:30.0302 1524 ================ Scan global ===============================
09:02:30.0333 1524 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:02:30.0380 1524 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
09:02:30.0380 1524 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
09:02:30.0411 1524 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:02:30.0427 1524 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:02:30.0443 1524 [Global] - ok
09:02:30.0443 1524 ================ Scan MBR ==================================
09:02:30.0443 1524 [ D9C369DDA37A0CC44A095EF41713790A ] \Device\Harddisk0\DR0
09:02:30.0692 1524 \Device\Harddisk0\DR0 - ok
09:02:30.0692 1524 ================ Scan VBR ==================================
09:02:30.0692 1524 [ FD5CA236198950CE02F626C1E98FEAF1 ] \Device\Harddisk0\DR0\Partition1
09:02:30.0692 1524 \Device\Harddisk0\DR0\Partition1 - ok
09:02:30.0708 1524 [ 4D649CAD17182D4089A68ABA2A801DF4 ] \Device\Harddisk0\DR0\Partition2
09:02:30.0708 1524 \Device\Harddisk0\DR0\Partition2 - ok
09:02:30.0739 1524 [ 5DBA71C2637E1D57C497B8228631FCE4 ] \Device\Harddisk0\DR0\Partition3
09:02:30.0739 1524 \Device\Harddisk0\DR0\Partition3 - ok
09:02:30.0755 1524 [ 5CE24594F658978876A7D22727C3A726 ] \Device\Harddisk0\DR0\Partition4
09:02:30.0755 1524 \Device\Harddisk0\DR0\Partition4 - ok
09:02:30.0755 1524 ============================================================
09:02:30.0755 1524 Scan finished
09:02:30.0755 1524 ============================================================
09:02:30.0770 2576 Detected object count: 1
09:02:30.0770 2576 Actual detected object count: 1
09:02:45.0481 2576 c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll - copied to quarantine
09:02:45.0481 2576 HKLM\SYSTEM\ControlSet001\services\Akamai - will be deleted on reboot
09:02:45.0543 2576 HKLM\SYSTEM\ControlSet002\services\Akamai - will be deleted on reboot
09:02:45.0715 2576 c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll - will be deleted on reboot
09:02:45.0715 2576 Akamai ( HiddenFile.Multi.Generic ) - User select action: Delete
09:03:28.0568 3828 Deinitialize success
LoPhatPhuud

LoPhatPhuud to speedtennis

MVM

to speedtennis
Thanks. The TDSS log contained both the prior and today's scan.

One item set for deletion on boot. If you have not already rebooted, please do so.

Then post back here and give me a status update on the issues outstanding.
Expand your moderator at work