Trojan.Zeroaccess!inf4 services.exe

[Tunnleram]

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33

Run by Paul at 22:48:30 on 2012-08-15

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16359.12643 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\xampplite\apache\bin\httpd.exe

C:\Windows\SysWOW64\astsrv.exe

C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\IProsetMonitor.exe

C:\xampplite\mysql\bin\mysqld.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\xampplite\apache\bin\httpd.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\DAP\DAP.exe

C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe

C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x64\LCDClock.exe

C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe

C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe

C:\Windows\splwow64.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Common Files\Speedbit\SbUpdate\SBUpdate.exe

C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\WSCStub.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: SpeedBit Link Verification Helper: {d5974a72-c81c-4dc3-be77-a8a7bbc8864e} - C:\Program Files (x86)\DAP\LinkVerifier.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - C:\PROGRA~2\DAP\DAPIEL~1.DLL

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

TB: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [AdobeBridge]

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [Google Update] "C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [DownloadAccelerator] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [<NO NAME>]

mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm

IE: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

LSP: mswsock.dll

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.110.0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP31-13320/webex/ieatgpc1.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab

TCP: DhcpNameServer = 167.206.245.130 167.206.245.129 192.168.1.1

TCP: Interfaces\{B26C576A-D881-4D8A-AC8E-2703FCD88FB2} : DhcpNameServer = 167.206.245.130 167.206.245.129 192.168.1.1

TCP: Interfaces\{BF05859A-DABA-4E59-9D48-26D5FBB523BF} : DhcpNameServer = 167.206.245.130 167.206.245.129 192.168.1.1

TCP: Interfaces\{EFE6A8F2-EB41-49D6-B4E8-F00818B2B110} : DhcpNameServer = 167.206.245.129 167.206.245.130

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll

BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: SpeedBit Link Verification Helper: {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll

BHO-X64: LinkVerifierBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

BHO-X64: Download Accelerator Plus Integration: {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~2\DAP\DAPIEL~1.DLL

BHO-X64: Download Accelerator Plus Integration - No File

TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

TB-X64: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [(Default)]

mRun-x64: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

mRun-x64: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\s2kpkygc.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.speedbit.com/searchresults.asp?src=default&q=

FF - prefs.js: browser.search.selectedEngine - SpeedBit Search

FF - prefs.js: browser.startup.homepage - hxxp://search.speedbit.com

FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=

FF - component: C:\Program Files (x86)\DAP\DAPFireFox\components\DAPFireFox.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Paul\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\BASHDefs\20120803.001\BHDrvx64.sys [2012-8-15 1161376]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\IPSDefs\20120815.002\IDSviA64.sys [2012-8-15 509088]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMNETS.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMNETS.SYS [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 Apache2.2;Apache2.2;C:\xampplite\apache\bin\httpd.exe [2011-1-29 24640]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-29 13336]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-15 655944]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-8-15 138272]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-24 1262400]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-15 138912]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 rzdaendpt;%rzdaendpt.SvcDesc%;C:\Windows\system32\DRIVERS\rzdaendpt.sys --> C:\Windows\system32\DRIVERS\rzdaendpt.sys [?]

R3 rzudd;Razer Mouse Driver;C:\Windows\system32\DRIVERS\rzudd.sys --> C:\Windows\system32\DRIVERS\rzudd.sys [?]

R3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\system32\DRIVERS\rzvkeyboard.sys --> C:\Windows\system32\DRIVERS\rzvkeyboard.sys [?]

R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]

S3 ALESIS_USB2;Alesis USB2 audio driver;C:\Windows\system32\Drivers\alesis2u.sys --> C:\Windows\system32\Drivers\alesis2u.sys [?]

S3 ALESIS_USB2_A;Alesis USB2 WDM;C:\Windows\system32\drivers\alesis2a.sys --> C:\Windows\system32\drivers\alesis2a.sys [?]

S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]

S3 copperhd;Razer Copperhead Driver;C:\Windows\system32\drivers\copperhd.sys --> C:\Windows\system32\drivers\copperhd.sys [?]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-12 79360]

S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]

S4 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-7-26 794560]

S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-17 1038088]

S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-2-20 8704]

S4 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-19 113120]

S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-08-15 23:34:21 -------- d-----w- C:\Users\Paul\AppData\Roaming\Malwarebytes

2012-08-15 23:34:12 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-15 23:34:12 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-15 23:34:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-15 23:11:45 -------- d-----w- C:\Users\Paul\AppData\Roaming\PC Cleaners

2012-08-15 23:11:40 4270392 ----a-w- C:\Windows\uninst.exe

2012-08-15 23:11:38 -------- d-----w- C:\Users\Paul\AppData\Roaming\PCPro

2012-08-15 23:11:38 -------- d-----w- C:\ProgramData\PC1Data

2012-08-15 23:06:37 -------- d-----w- C:\Program Files\Enigma Software Group

2012-08-15 23:05:25 -------- d-----w- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP

2012-08-15 17:46:00 -------- d-----w- C:\NBRT

2012-08-15 13:33:15 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-08-15 13:33:03 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64\0500000.05A

2012-08-15 13:33:03 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64

2012-08-15 13:33:01 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard

2012-08-15 05:45:45 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys

2012-08-15 05:34:53 -------- d-----w- C:\Users\Paul\AppData\Local\NPE

2012-08-15 05:31:41 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2012-08-15 05:30:52 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-08-15 05:30:52 -------- d-----w- C:\Program Files\Symantec

2012-08-15 05:30:43 737952 ----a-r- C:\Windows\System32\drivers\NISx64\1308000.00E\srtsp64.sys

2012-08-15 05:30:43 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1308000.00E\SymDS64.sys

2012-08-15 05:30:43 405624 ----a-r- C:\Windows\System32\drivers\NISx64\1308000.00E\symnets.sys

2012-08-15 05:30:43 37536 ----a-r- C:\Windows\System32\drivers\NISx64\1308000.00E\srtspx64.sys

2012-08-15 05:30:43 190072 ----a-r- C:\Windows\System32\drivers\NISx64\1308000.00E\Ironx64.sys

2012-08-15 05:30:43 167072 ----a-r- C:\Windows\System32\drivers\NISx64\1308000.00E\ccSetx64.sys

2012-08-15 05:30:43 1129120 ----a-r- C:\Windows\System32\drivers\NISx64\1308000.00E\SymEFA64.sys

2012-08-15 05:30:40 -------- d-----w- C:\Windows\System32\drivers\NISx64\1308000.00E

2012-08-15 05:30:40 -------- d-----w- C:\Windows\System32\drivers\NISx64

2012-08-15 05:30:39 -------- d-----w- C:\Program Files (x86)\Norton Internet Security

2012-08-15 05:27:54 -------- d-----w- C:\Program Files (x86)\NortonInstaller

2012-08-15 04:40:22 -------- d-----w- C:\Windows\System32\drivers\N360x64\0308000.029

2012-08-15 04:34:16 -------- d-----w- C:\Program Files\Common Files\Symantec Shared

2012-08-15 04:33:55 -------- d-----w- C:\Windows\System32\drivers\N360x64

2012-08-15 01:32:21 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-08-15 01:19:18 -------- d-----w- C:\Users\Paul\AppData\Local\Razer

2012-08-14 20:57:01 -------- d-----w- C:\Program Files\WinPcap

2012-08-14 20:56:21 -------- d-----w- C:\Program Files (x86)\Spiceworks

2012-08-13 20:41:26 -------- d-----w- C:\UT2004

2012-08-12 17:58:40 -------- d-----w- C:\Users\Paul\AppData\Local\Demiurge Studios

2012-08-11 21:48:45 -------- d-----w- C:\ProgramData\NexonUS

2012-08-11 21:48:28 -------- d-----w- C:\ProgramData\Nexon

2012-08-11 03:23:23 -------- d-----w- C:\Users\Paul\AppData\Local\SplitMediaLabs

2012-08-11 03:22:54 -------- d-----w- C:\ProgramData\SplitMediaLabs

2012-08-11 03:22:54 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs

2012-08-11 03:22:19 -------- d-----w- C:\Users\Paul\AppData\Roaming\SplitMediaLabs

2012-08-10 14:08:27 -------- d-----w- C:\Program Files (x86)\WDP

2012-08-04 03:23:55 -------- d-----r- C:\Program Files (x86)\Skype

2012-07-31 16:06:55 -------- d-----w- C:\Program Files (x86)\YTD Toolbar

2012-07-31 16:06:55 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot

2012-07-31 16:06:55 -------- d-----w- C:\Program Files (x86)\Application Updater

2012-07-29 23:57:05 476976 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-07-24 11:38:10 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-07-24 04:42:52 -------- d-----w- C:\ProgramData\Rockstar Games

2012-07-24 04:42:37 -------- d-----w- C:\Program Files (x86)\Rockstar Games

2012-07-19 02:42:10 480256 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll

.

==================== Find3M ====================

.

2012-08-16 02:33:40 328704 ----a-w- C:\Windows\System32\services.exe

2012-08-14 15:11:40 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-14 15:11:40 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-29 23:56:59 472880 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-07-16 02:38:20 26112 ----a-w- C:\Windows\System32\drivers\rzdaendpt.sys

2012-07-16 02:38:18 7168 ----a-w- C:\Windows\System32\drivers\rzkbdhid.sys

2012-07-16 02:38:18 22528 ----a-w- C:\Windows\System32\drivers\rzvkeyboard.sys

2012-07-16 02:38:14 101376 ----a-w- C:\Windows\System32\drivers\rzudd.sys

2012-07-16 02:32:52 143360 ----a-w- C:\Windows\SysWow64\rztouchdll.dll

2012-07-16 02:32:48 165888 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

.

============= FINISH: 22:48:51.45 ===============

Attach.zip

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

[Tunnleram]

Thanks for the quick reply.

==========

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.15.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Paul :: OFFICEPC [administrator]

Protection: Enabled

8/15/2012 7:34:44 PM

mbam-log-2012-08-15 (19-34-44).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 242158

Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{211f9ea7-01dc-c8ef-6820-40cb023b9523}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

=================

ComboFix 12-08-16.01 - Paul 08/16/2012 8:14.1.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16359.13013 [GMT -4:00]

Running from: c:\users\Paul\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Search Toolbar

c:\program files (x86)\Search Toolbar\icon.ico

c:\program files (x86)\Search Toolbar\SearchToolbar.dll

c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe

c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe

c:\users\Paul\AppData\Local\assembly\tmp

c:\users\Paul\AppData\Local\Temp\{09013DBD-0E60-478C-8F96-EDD91762BCFA}\fpb.tmp

c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\s2kpkygc.default\searchplugins\bing-zugo.xml

c:\users\Paul\AppData\Roaming\vso_ts_preview.xml

c:\users\Paul\GoToAssistDownloadHelper.exe

c:\users\Sandy\AppData\Local\assembly\tmp

c:\users\Sandy\Documents\~WRL1939.tmp

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\SET2784.tmp

c:\windows\SysWow64\SET2B7D.tmp

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

c:\windows\SysWow64\wpcap.dll

c:\windows\UA000104.DLL

f:\documents\~WRL0003.tmp

F:\install.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_npf

.

.

((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))

.

.

2012-08-16 12:21 . 2012-08-16 12:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-08-16 12:21 . 2012-08-16 12:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-16 03:19 . 2012-08-16 03:19 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-15 23:34 . 2012-08-15 23:34 -------- d-----w- c:\users\Paul\AppData\Roaming\Malwarebytes

2012-08-15 23:34 . 2012-08-15 23:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-15 23:34 . 2012-08-15 23:34 -------- d-----w- c:\programdata\Malwarebytes

2012-08-15 23:34 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-15 23:11 . 2012-08-15 23:11 -------- d-----w- c:\users\Paul\AppData\Roaming\PC Cleaners

2012-08-15 23:11 . 2012-08-15 23:11 4270392 ----a-w- c:\windows\uninst.exe

2012-08-15 23:11 . 2012-08-15 23:11 -------- d-----w- c:\users\Paul\AppData\Roaming\PCPro

2012-08-15 23:11 . 2012-08-15 23:11 -------- d-----w- c:\programdata\PC1Data

2012-08-15 23:06 . 2012-08-15 23:06 -------- d-----w- c:\program files\Enigma Software Group

2012-08-15 23:05 . 2012-08-15 23:15 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP

2012-08-15 17:46 . 2012-08-16 02:33 -------- d-----w- C:\NBRT

2012-08-15 13:33 . 2009-05-18 07:47 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-08-15 13:33 . 2012-08-15 13:33 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64

2012-08-15 13:33 . 2012-08-15 13:33 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard

2012-08-15 05:45 . 2012-08-15 23:02 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys

2012-08-15 05:34 . 2012-08-15 13:23 -------- d-----w- c:\users\Paul\AppData\Local\NPE

2012-08-15 05:31 . 2012-08-15 05:31 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared

2012-08-15 05:30 . 2012-08-15 05:30 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-08-15 05:30 . 2012-08-15 05:30 -------- d-----w- c:\program files\Symantec

2012-08-15 05:30 . 2012-08-15 05:30 -------- d-----w- c:\windows\system32\drivers\NISx64

2012-08-15 05:30 . 2012-08-15 05:30 -------- d-----w- c:\program files (x86)\Norton Internet Security

2012-08-15 05:27 . 2012-08-15 13:32 -------- d-----w- c:\program files (x86)\NortonInstaller

2012-08-15 04:34 . 2012-08-15 05:30 -------- d-----w- c:\program files\Common Files\Symantec Shared

2012-08-15 04:33 . 2012-08-15 09:05 -------- d-----w- c:\windows\system32\drivers\N360x64

2012-08-15 01:32 . 2012-08-15 01:32 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-08-15 01:19 . 2012-08-15 01:19 -------- d-----w- c:\users\Paul\AppData\Local\Razer

2012-08-15 01:19 . 2012-08-15 01:19 -------- d-----w- c:\programdata\Razer

2012-08-14 20:57 . 2012-08-14 20:57 -------- d-----w- c:\program files\WinPcap

2012-08-14 20:56 . 2012-08-14 20:59 -------- d-----w- c:\program files (x86)\Spiceworks

2012-08-13 20:41 . 2012-08-14 01:44 -------- d-----w- C:\UT2004

2012-08-12 17:58 . 2012-08-12 17:58 -------- d-----w- c:\users\Paul\AppData\Local\Demiurge Studios

2012-08-11 21:48 . 2012-08-11 21:48 -------- d-----w- c:\programdata\Nexon

2012-08-11 03:23 . 2012-08-11 03:23 -------- d-----w- c:\users\Paul\AppData\Local\SplitMediaLabs

2012-08-11 03:22 . 2012-08-11 03:22 -------- d-----w- c:\programdata\SplitMediaLabs

2012-08-11 03:22 . 2012-08-11 03:22 -------- d-----w- c:\program files (x86)\SplitMediaLabs

2012-08-11 03:22 . 2012-08-11 03:22 -------- d-----w- c:\users\Paul\AppData\Roaming\SplitMediaLabs

2012-08-10 14:08 . 2012-08-10 14:08 -------- d-----w- c:\program files (x86)\WDP

2012-08-04 03:23 . 2012-08-15 23:36 -------- d-----w- c:\users\Paul\AppData\Roaming\Skype

2012-08-04 03:23 . 2012-08-04 03:24 -------- d-----r- c:\program files (x86)\Skype

2012-08-04 03:23 . 2012-08-04 03:23 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-08-04 03:23 . 2012-08-04 03:24 -------- d-----w- c:\programdata\Skype

2012-07-31 16:06 . 2012-07-31 16:06 -------- d-----w- c:\program files (x86)\YTD Toolbar

2012-07-31 16:06 . 2012-07-31 16:06 -------- d-----w- c:\program files (x86)\Common Files\Spigot

2012-07-31 16:06 . 2012-07-31 16:06 -------- d-----w- c:\program files (x86)\Application Updater

2012-07-29 23:57 . 2012-07-29 23:56 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-07-29 23:56 . 2012-07-29 23:56 -------- d-----w- c:\program files (x86)\Java

2012-07-24 11:38 . 2012-05-15 09:29 2621723 ----a-w- c:\windows\system32\nvcoproc.bin

2012-07-24 04:42 . 2012-07-24 04:42 -------- d-----w- c:\programdata\Rockstar Games

2012-07-24 04:42 . 2012-07-24 04:42 -------- d-----w- c:\program files (x86)\Rockstar Games

2012-07-19 02:42 . 2012-07-19 02:42 480256 ----a-w- c:\windows\SysWow64\rzdevicedll.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-16 03:23 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe

2012-08-14 15:11 . 2012-04-07 00:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-14 15:11 . 2011-10-28 04:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-29 23:56 . 2011-03-05 17:36 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-07-16 02:38 . 2012-07-16 02:38 26112 ----a-w- c:\windows\system32\drivers\rzdaendpt.sys

2012-07-16 02:38 . 2012-07-16 02:38 7168 ----a-w- c:\windows\system32\drivers\rzkbdhid.sys

2012-07-16 02:38 . 2012-07-16 02:38 22528 ----a-w- c:\windows\system32\drivers\rzvkeyboard.sys

2012-07-16 02:38 . 2012-07-16 02:38 101376 ----a-w- c:\windows\system32\drivers\rzudd.sys

2012-07-16 02:32 . 2012-07-16 02:32 143360 ----a-w- c:\windows\SysWow64\rztouchdll.dll

2012-07-16 02:32 . 2012-07-16 02:32 165888 ----a-w- c:\windows\SysWow64\rzaudiodll.dll

2012-06-04 03:28 . 2011-01-30 19:01 58957832 ----a-w- c:\windows\system32\MRT.exe

2012-06-02 22:19 . 2012-06-21 04:17 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 04:17 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 04:17 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 04:17 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 04:17 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 04:17 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 04:17 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-21 04:16 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-21 04:16 36864 ----a-w- c:\windows\system32\wuapp.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]

2012-07-08 05:20 428712 ----a-w- c:\program files (x86)\DAP\LinkVerifier.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-05 1353080]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]

"DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2012-07-08 3774680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]

"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-04-07 642856]

"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2011-12-28 467240]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-07-26 1095560]

"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-07-01 314280]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-8-18 113664]

Snagit 10.lnk - c:\program files (x86)\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux7"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]

R3 ALESIS_USB2;Alesis USB2 audio driver;c:\windows\system32\Drivers\alesis2u.sys [2010-04-22 399424]

R3 ALESIS_USB2_A;Alesis USB2 WDM;c:\windows\system32\drivers\alesis2a.sys [2010-04-22 50240]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]

R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]

R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]

R3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2006-05-24 13824]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-12 79360]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 230488]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 230488]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 95320]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 95320]

R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-03-23 12032]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1612888]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-08-03 16008]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-30 1255736]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]

R3 X6va006;X6va006;c:\users\Paul\AppData\Local\Temp\00623B9.tmp [x]

R4 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-07-26 794560]

R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-17 1038088]

R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-07 8704]

R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]

R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-02-06 54480]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [2012-04-18 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\BASHDefs\20120803.001\BHDrvx64.sys [2012-06-19 1161376]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [2012-06-07 167072]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-23 279616]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\IPSDefs\20120815.002\IDSvia64.sys [2012-08-14 509088]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [2012-04-18 190072]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 Apache2.2;Apache2.2;c:\xampplite\apache\bin\httpd.exe [2009-08-06 24640]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 129000]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 394216]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-14 138912]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-08-03 22408]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]

S3 rzdaendpt;%rzdaendpt.SvcDesc%;c:\windows\system32\DRIVERS\rzdaendpt.sys [2012-07-16 26112]

S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-07-16 101376]

S3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys [2012-07-16 22528]

S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-721158220-2510337960-1424882744-1000Core.job

- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-28 05:22]

.

2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-721158220-2510337960-1424882744-1000UA.job

- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-28 05:22]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

2010-07-28 20:05 397312 ----a-w- c:\program files (x86)\DAP\DAPIELoader64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-06-14 110360]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

"combofix"="c:\combofix\CF10173.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.bing.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm

IE: &Verify with DAP - c:\program files (x86)\DAP\dapverify.htm

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\s2kpkygc.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.speedbit.com/searchresults.asp?src=default&q=

FF - prefs.js: browser.search.selectedEngine - SpeedBit Search

FF - prefs.js: browser.startup.homepage - hxxp://search.speedbit.com

FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

SafeBoot-20837562.sys

AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe

AddRemove-MySQL ODBC 3.51 Driver - c:\windows\System32\UNWISE.EXE

AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe

AddRemove-{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23} - c:\program files (x86)\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]

"ImagePath"="\??\c:\users\Paul\AppData\Local\Temp\00623B9.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}"=hex:51,66,7a,6c,4c,1d,38,12,ed,e2,e6,

8b,ec,e5,85,03,cf,88,91,ea,bc,02,ef,f7

"{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51,

99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,

43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87

"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,

55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3

"{F3FEE66E-E034-436A-86E4-9690573BEE8A}"=hex:51,66,7a,6c,4c,1d,38,12,00,e5,ed,

f7,06,ae,04,06,f9,f2,d5,d0,52,65,aa,9e

"{00C6482D-C502-44C8-8409-FCE54AD9C208}"=hex:51,66,7a,6c,4c,1d,38,12,43,4b,d5,

04,30,8b,a6,01,fb,1f,bf,a5,4f,87,86,1c

"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,

03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,

aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}"=hex:51,66,7a,6c,4c,1d,38,12,1c,49,84,

d1,2e,86,ad,08,c1,61,eb,e7,be,96,c2,5a

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,

f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63

"{FF6C3CF0-4B15-11D1-ABED-709549C10000}"=hex:51,66,7a,6c,4c,1d,38,12,9e,3f,7f,

fb,27,05,bf,54,d4,fb,33,d5,4c,9f,44,14

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:f2,de,c0,8f,5f,7a,cd,01

.

[HKEY_USERS\S-1-5-21-721158220-2510337960-1424882744-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CE577E52-9A08-AA6D-4E87-944582B122A4}*]

"hakjnbeelomockdb"=hex:6a,61,61,67,69,65,62,70,69,6b,69,6a,69,6d,6e,6b,69,70,

61,67,00,00

"iaekddpodnaihdkhjf"=hex:6a,61,61,67,69,65,62,70,69,6b,69,6a,69,6d,6e,6b,69,70,

61,67,00,00

.

[HKEY_USERS\S-1-5-21-721158220-2510337960-1424882744-1000\Software\SecuROM\License information*]

"datasecu"=hex:28,a5,cf,f2,87,2e,e6,3e,95,05,35,b9,af,f4,f4,9e,6c,ef,ad,a0,3a,

d7,42,1f,03,b6,d6,8f,9d,7e,16,22,b7,10,fc,4d,d8,70,cf,b5,d5,08,9b,fe,0f,00,\

"rkeysecu"=hex:f6,73,5d,ec,09,43,10,ab,85,ec,04,41,ad,f0,c5,d7

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\windows\SysWOW64\astsrv.exe

c:\program files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe

c:\xampplite\mysql\bin\mysqld.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Common Files\Speedbit\SbUpdate\SBUpdate.exe

c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

.

**************************************************************************

.

Completion time: 2012-08-16 08:30:15 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-16 12:30

.

Pre-Run: 798,514,659,328 bytes free

Post-Run: 802,258,968,576 bytes free

.

- - End Of File - - 8C3BC2940D3FD3A315B60F18F0526821

[screen317]

Hi,

Run TFC by OldTimer to clear temporary files:

• Please download TFC from here and save it to your desktop.
  
• Close any open programs and Internet browsers.
  
• Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  
• Please be patient as clearing out temp files may take a while.
  
• Once it completes you may be prompted to restart your computer, please do so.
  
• Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.
  

• Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  
• Execute the file TDSSKiller.exe by double-clicking on it.
  
• Wait for the scan and disinfection process to be over.
  
• When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Export the threats found (if any), and post them here.
   

Next, please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

-screen317

[Tunnleram]

Ran TFC

TDSSKiller Log

*********************

23:18:52.0350 7292 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05

23:18:52.0590 7292 ============================================================

23:18:52.0590 7292 Current date / time: 2012/08/15 23:18:52.0590

23:18:52.0590 7292 SystemInfo:

23:18:52.0590 7292

23:18:52.0590 7292 OS Version: 6.1.7601 ServicePack: 1.0

23:18:52.0590 7292 Product type: Workstation

23:18:52.0590 7292 ComputerName: OFFICEPC

23:18:52.0590 7292 UserName: Paul

23:18:52.0590 7292 Windows directory: C:\Windows

23:18:52.0590 7292 System windows directory: C:\Windows

23:18:52.0590 7292 Running under WOW64

23:18:52.0590 7292 Processor architecture: Intel x64

23:18:52.0590 7292 Number of processors: 8

23:18:52.0590 7292 Page size: 0x1000

23:18:52.0590 7292 Boot type: Normal boot

23:18:52.0590 7292 ============================================================

23:18:53.0100 7292 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:18:53.0104 7292 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

23:18:53.0106 7292 ============================================================

23:18:53.0106 7292 \Device\Harddisk0\DR0:

23:18:53.0106 7292 MBR partitions:

23:18:53.0106 7292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800

23:18:53.0106 7292 \Device\Harddisk1\DR1:

23:18:53.0107 7292 MBR partitions:

23:18:53.0107 7292 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000

23:18:53.0107 7292 ============================================================

23:18:53.0135 7292 C: <-> \Device\Harddisk0\DR0\Partition1

23:18:53.0190 7292 F: <-> \Device\Harddisk1\DR1\Partition1

23:18:53.0190 7292 ============================================================

23:18:53.0190 7292 Initialize success

23:18:53.0190 7292 ============================================================

23:19:07.0276 7760 ============================================================

23:19:07.0276 7760 Scan started

23:19:07.0276 7760 Mode: Manual;

23:19:07.0276 7760 ============================================================

23:19:08.0979 7760 ================ Scan services =============================

23:19:09.0369 7760 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys

23:19:09.0370 7760 1394ohci - ok

23:19:09.0422 7760 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

23:19:09.0423 7760 ACPI - ok

23:19:09.0462 7760 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

23:19:09.0463 7760 AcpiPmi - ok

23:19:09.0516 7760 [ 2f0683fd2df1d92e891caca14b45a8c1 ] adfs C:\Windows\system32\drivers\adfs.sys

23:19:09.0516 7760 adfs - ok

23:19:09.0560 7760 [ 4ae327c9c375d985ff2a2aab92765218 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

23:19:09.0560 7760 Adobe LM Service - ok

23:19:09.0616 7760 [ 57a3b9a69f14414ace12afd6ba701773 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

23:19:09.0617 7760 Adobe Version Cue CS4 - ok

23:19:09.0700 7760 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

23:19:09.0700 7760 AdobeARMservice - ok

23:19:09.0751 7760 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

23:19:09.0754 7760 adp94xx - ok

23:19:09.0760 7760 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

23:19:09.0762 7760 adpahci - ok

23:19:09.0766 7760 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

23:19:09.0767 7760 adpu320 - ok

23:19:09.0786 7760 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

23:19:09.0787 7760 AeLookupSvc - ok

23:19:09.0825 7760 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys

23:19:09.0827 7760 AFD - ok

23:19:09.0838 7760 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

23:19:09.0838 7760 agp440 - ok

23:19:09.0889 7760 [ fd64198759e0f66b3817a1a820b95796 ] ALESIS_USB2 C:\Windows\system32\Drivers\alesis2u.sys

23:19:09.0890 7760 ALESIS_USB2 - ok

23:19:09.0900 7760 [ 573d16c9472223941338baa4e111275a ] ALESIS_USB2_A C:\Windows\system32\drivers\alesis2a.sys

23:19:09.0900 7760 ALESIS_USB2_A - ok

23:19:09.0911 7760 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe

23:19:09.0911 7760 ALG - ok

23:19:09.0919 7760 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys

23:19:09.0919 7760 aliide - ok

23:19:09.0927 7760 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys

23:19:09.0927 7760 amdide - ok

23:19:09.0938 7760 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

23:19:09.0938 7760 AmdK8 - ok

23:19:09.0947 7760 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

23:19:09.0947 7760 AmdPPM - ok

23:19:09.0979 7760 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

23:19:09.0980 7760 amdsata - ok

23:19:09.0984 7760 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

23:19:09.0986 7760 amdsbs - ok

23:19:09.0999 7760 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

23:19:10.0000 7760 amdxata - ok

23:19:10.0065 7760 [ e6058125bb2a573c7bcfe14312fd0be8 ] Apache2.2 C:\xampplite\apache\bin\httpd.exe

23:19:10.0065 7760 Apache2.2 - ok

23:19:10.0111 7760 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys

23:19:10.0111 7760 AppID - ok

23:19:10.0125 7760 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

23:19:10.0126 7760 AppIDSvc - ok

23:19:10.0168 7760 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll

23:19:10.0168 7760 Appinfo - ok

23:19:10.0282 7760 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

23:19:10.0282 7760 Apple Mobile Device - ok

23:19:10.0333 7760 [ 0805ecf10476a091999e4d59d0db71a2 ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

23:19:10.0335 7760 Application Updater - ok

23:19:10.0384 7760 [ 4aba3e75a76195a3e38ed2766c962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

23:19:10.0385 7760 AppMgmt - ok

23:19:10.0396 7760 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys

23:19:10.0396 7760 arc - ok

23:19:10.0407 7760 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

23:19:10.0408 7760 arcsas - ok

23:19:10.0447 7760 [ 6d9c024aa8f24065a6dbeab1f431d854 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys

23:19:10.0448 7760 asmthub3 - ok

23:19:10.0495 7760 [ ecad22f15d8f17cc04f24e9a6fb00f2f ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys

23:19:10.0496 7760 asmtxhci - ok

23:19:10.0626 7760 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

23:19:10.0627 7760 aspnet_state - ok

23:19:10.0654 7760 astcc - ok

23:19:10.0678 7760 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

23:19:10.0678 7760 AsyncMac - ok

23:19:10.0707 7760 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys

23:19:10.0707 7760 atapi - ok

23:19:10.0724 7760 AthBTPort - ok

23:19:10.0762 7760 [ 4ecc791539f23982411864037d1ac8fc ] ATHDFU C:\Windows\system32\Drivers\AthDfu.sys

23:19:10.0763 7760 ATHDFU - ok

23:19:10.0817 7760 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

23:19:10.0821 7760 AudioEndpointBuilder - ok

23:19:10.0828 7760 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

23:19:10.0830 7760 AudioSrv - ok

23:19:10.0894 7760 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll

23:19:10.0895 7760 AxInstSV - ok

23:19:10.0933 7760 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

23:19:10.0936 7760 b06bdrv - ok

23:19:10.0977 7760 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

23:19:10.0978 7760 b57nd60a - ok

23:19:10.0995 7760 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll

23:19:10.0997 7760 BDESVC - ok

23:19:11.0009 7760 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

23:19:11.0009 7760 Beep - ok

23:19:11.0216 7760 [ c8ab71a5102d0fc103f6dfc750005137 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\BASHDefs\20120803.001\BHDrvx64.sys

23:19:11.0220 7760 BHDrvx64 - ok

23:19:11.0238 7760 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

23:19:11.0238 7760 blbdrive - ok

23:19:11.0330 7760 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

23:19:11.0332 7760 Bonjour Service - ok

23:19:11.0382 7760 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

23:19:11.0383 7760 bowser - ok

23:19:11.0398 7760 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

23:19:11.0398 7760 BrFiltLo - ok

23:19:11.0410 7760 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

23:19:11.0411 7760 BrFiltUp - ok

23:19:11.0464 7760 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll

23:19:11.0465 7760 Browser - ok

23:19:11.0512 7760 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys

23:19:11.0514 7760 Brserid - ok

23:19:11.0524 7760 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

23:19:11.0524 7760 BrSerWdm - ok

23:19:11.0537 7760 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

23:19:11.0537 7760 BrUsbMdm - ok

23:19:11.0542 7760 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

23:19:11.0543 7760 BrUsbSer - ok

23:19:11.0545 7760 BTATH_A2DP - ok

23:19:11.0563 7760 BTATH_BUS - ok

23:19:11.0565 7760 BTATH_HCRP - ok

23:19:11.0567 7760 BTATH_LWFLT - ok

23:19:11.0568 7760 BTATH_RCP - ok

23:19:11.0604 7760 [ cf98190a94f62e405c8cb255018b2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

23:19:11.0605 7760 BthEnum - ok

23:19:11.0615 7760 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

23:19:11.0615 7760 BTHMODEM - ok

23:19:11.0640 7760 [ 02dd601b708dd0667e1331fa8518e9ff ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

23:19:11.0640 7760 BthPan - ok

23:19:11.0661 7760 [ 64c198198501f7560ee41d8d1efa7952 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

23:19:11.0664 7760 BTHPORT - ok

23:19:11.0687 7760 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll

23:19:11.0688 7760 bthserv - ok

23:19:11.0719 7760 [ f188b7394d81010767b6df3178519a37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

23:19:11.0719 7760 BTHUSB - ok

23:19:11.0763 7760 [ 3014ca345e8ad68587babfb162dddec5 ] Capture Device Service C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe

23:19:11.0764 7760 Capture Device Service - ok

23:19:11.0857 7760 [ 2c6ffcca37b002aab3c7c31a6d780a76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys

23:19:11.0858 7760 ccSet_NIS - ok

23:19:11.0879 7760 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

23:19:11.0880 7760 cdfs - ok

23:19:11.0922 7760 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

23:19:11.0923 7760 cdrom - ok

23:19:11.0975 7760 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll

23:19:11.0976 7760 CertPropSvc - ok

23:19:11.0983 7760 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys

23:19:11.0984 7760 circlass - ok

23:19:12.0024 7760 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys

23:19:12.0026 7760 CLFS - ok

23:19:12.0069 7760 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:19:12.0071 7760 clr_optimization_v2.0.50727_32 - ok

23:19:12.0106 7760 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:19:12.0108 7760 clr_optimization_v2.0.50727_64 - ok

23:19:12.0190 7760 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:19:12.0191 7760 clr_optimization_v4.0.30319_32 - ok

23:19:12.0204 7760 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

23:19:12.0204 7760 clr_optimization_v4.0.30319_64 - ok

23:19:12.0221 7760 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

23:19:12.0221 7760 CmBatt - ok

23:19:12.0233 7760 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys

23:19:12.0234 7760 cmdide - ok

23:19:12.0293 7760 [ c4943b6c962e4b82197542447ad599f4 ] CNG C:\Windows\system32\Drivers\cng.sys

23:19:12.0296 7760 CNG - ok

23:19:12.0333 7760 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

23:19:12.0334 7760 Compbatt - ok

23:19:12.0386 7760 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

23:19:12.0386 7760 CompositeBus - ok

23:19:12.0404 7760 COMSysApp - ok

23:19:12.0440 7760 [ 71879a4ab90d21bccf9e3cfcf0bb5f4a ] copperhd C:\Windows\system32\drivers\copperhd.sys

23:19:12.0440 7760 copperhd - ok

23:19:12.0450 7760 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

23:19:12.0451 7760 crcdisk - ok

23:19:12.0501 7760 [ c0ead9f8ab83d41ff07303c75589c2b8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

23:19:12.0501 7760 Creative Audio Engine Licensing Service - ok

23:19:12.0537 7760 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

23:19:12.0538 7760 CryptSvc - ok

23:19:12.0573 7760 [ 54da3dfd29ed9f1619b6f53f3ce55e49 ] CSC C:\Windows\system32\drivers\csc.sys

23:19:12.0575 7760 CSC - ok

23:19:12.0613 7760 [ 3ab183ab4d2c79dcf459cd2c1266b043 ] CscService C:\Windows\System32\cscsvc.dll

23:19:12.0618 7760 CscService - ok

23:19:12.0655 7760 [ 148c9c111291c41d6b2abfb6fbb43856 ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS

23:19:12.0657 7760 CT20XUT - ok

23:19:12.0681 7760 [ 148c9c111291c41d6b2abfb6fbb43856 ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS

23:19:12.0682 7760 CT20XUT.SYS - ok

23:19:12.0711 7760 [ 397fbd4454e5b2fb77e55d1013df548c ] ctac32k C:\Windows\system32\drivers\ctac32k.sys

23:19:12.0715 7760 ctac32k - ok

23:19:12.0737 7760 [ 50a8cd4df066fe57d0c473a2645988cc ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys

23:19:12.0742 7760 ctaud2k - ok

23:19:12.0816 7760 [ 5ce3d0e1d1b3832ee052cfc442eee0fa ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

23:19:12.0817 7760 CTAudSvcService - ok

23:19:12.0848 7760 [ 6f9c3c6c78f5296f4bc7102fb0f7cb65 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS

23:19:12.0873 7760 CTEXFIFX - ok

23:19:12.0889 7760 [ 6f9c3c6c78f5296f4bc7102fb0f7cb65 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS

23:19:12.0893 7760 CTEXFIFX.SYS - ok

23:19:12.0905 7760 [ ae78ca7ee865a28ac841211db655acf3 ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS

23:19:12.0905 7760 CTHWIUT - ok

23:19:12.0915 7760 [ ae78ca7ee865a28ac841211db655acf3 ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS

23:19:12.0915 7760 CTHWIUT.SYS - ok

23:19:12.0950 7760 [ 757776e207ca5e71e4a16bd1260ae1f2 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys

23:19:12.0951 7760 ctprxy2k - ok

23:19:12.0971 7760 [ 9b111ee2f488a8d9c21a13ed4c777795 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys

23:19:12.0972 7760 ctsfm2k - ok

23:19:13.0008 7760 [ 003626f7ca17c204f16cd5047af0703a ] danewFltr C:\Windows\system32\drivers\danew.sys

23:19:13.0008 7760 danewFltr - ok

23:19:13.0063 7760 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll

23:19:13.0065 7760 DcomLaunch - ok

23:19:13.0084 7760 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll

23:19:13.0086 7760 defragsvc - ok

23:19:13.0116 7760 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

23:19:13.0116 7760 DfsC - ok

23:19:13.0151 7760 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll

23:19:13.0153 7760 Dhcp - ok

23:19:13.0170 7760 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys

23:19:13.0170 7760 discache - ok

23:19:13.0191 7760 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys

23:19:13.0191 7760 Disk - ok

23:19:13.0221 7760 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

23:19:13.0223 7760 Dnscache - ok

23:19:13.0261 7760 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll

23:19:13.0263 7760 dot3svc - ok

23:19:13.0320 7760 [ b42ed0320c6e41102fde0005154849bb ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

23:19:13.0321 7760 Dot4 - ok

23:19:13.0359 7760 [ e9f5969233c5d89f3c35e3a66a52a361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys

23:19:13.0359 7760 Dot4Print - ok

23:19:13.0380 7760 [ fd05a02b0370bc3000f402e543ca5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

23:19:13.0380 7760 dot4usb - ok

23:19:13.0392 7760 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll

23:19:13.0393 7760 DPS - ok

23:19:13.0437 7760 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

23:19:13.0438 7760 drmkaud - ok

23:19:13.0502 7760 [ 400582b09e0bb557d0ec28a945150eeb ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys

23:19:13.0503 7760 dtsoftbus01 - ok

23:19:13.0545 7760 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

23:19:13.0548 7760 DXGKrnl - ok

23:19:13.0567 7760 [ 6bafd9819d9fec2edbaebc8493c711a4 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys

23:19:13.0568 7760 e1cexpress - ok

23:19:13.0583 7760 EagleX64 - ok

23:19:13.0607 7760 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll

23:19:13.0608 7760 EapHost - ok

23:19:13.0652 7760 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

23:19:13.0694 7760 ebdrv - ok

23:19:13.0754 7760 [ 4353ff94d47a0a9d52b89eccf0cdb013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

23:19:13.0756 7760 eeCtrl - ok

23:19:13.0803 7760 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe

23:19:13.0804 7760 EFS - ok

23:19:13.0842 7760 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

23:19:13.0848 7760 ehRecvr - ok

23:19:13.0868 7760 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe

23:19:13.0870 7760 ehSched - ok

23:19:13.0912 7760 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

23:19:13.0916 7760 elxstor - ok

23:19:13.0955 7760 [ 683dcaf0d4efc3f95a32e8924849202d ] emupia C:\Windows\system32\drivers\emupia2k.sys

23:19:13.0955 7760 emupia - ok

23:19:13.0993 7760 [ c5bccb378d0a896304a3e71be7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

23:19:13.0994 7760 EraserUtilRebootDrv - ok

23:19:14.0030 7760 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys

23:19:14.0030 7760 ErrDev - ok

23:19:14.0051 7760 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll

23:19:14.0053 7760 EventSystem - ok

23:19:14.0091 7760 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys

23:19:14.0091 7760 exfat - ok

23:19:14.0105 7760 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys

23:19:14.0106 7760 fastfat - ok

23:19:14.0148 7760 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe

23:19:14.0154 7760 Fax - ok

23:19:14.0162 7760 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys

23:19:14.0163 7760 fdc - ok

23:19:14.0182 7760 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll

23:19:14.0182 7760 fdPHost - ok

23:19:14.0194 7760 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

23:19:14.0194 7760 FDResPub - ok

23:19:14.0201 7760 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

23:19:14.0201 7760 FileInfo - ok

23:19:14.0207 7760 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

23:19:14.0207 7760 Filetrace - ok

23:19:14.0232 7760 [ 1f63900e2eb00101b9aca2b7a870704e ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

23:19:14.0234 7760 FLEXnet Licensing Service - ok

23:19:14.0274 7760 [ 1c3fb052a0bb72edaed90785c34d6eed ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

23:19:14.0282 7760 FLEXnet Licensing Service 64 - ok

23:19:14.0293 7760 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

23:19:14.0294 7760 flpydisk - ok

23:19:14.0306 7760 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

23:19:14.0307 7760 FltMgr - ok

23:19:14.0346 7760 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll

23:19:14.0354 7760 FontCache - ok

23:19:14.0406 7760 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:19:14.0406 7760 FontCache3.0.0.0 - ok

23:19:14.0420 7760 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

23:19:14.0420 7760 FsDepends - ok

23:19:14.0476 7760 [ 07da62c960ddccc2d35836aeab4fc578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

23:19:14.0476 7760 fssfltr - ok

23:19:14.0540 7760 [ 28ddeeec44e988657b732cf404d504cb ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

23:19:14.0545 7760 fsssvc - ok

23:19:14.0576 7760 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

23:19:14.0577 7760 Fs_Rec - ok

23:19:14.0611 7760 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

23:19:14.0612 7760 fvevol - ok

23:19:14.0622 7760 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

23:19:14.0623 7760 gagp30kx - ok

23:19:14.0667 7760 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:19:14.0667 7760 GEARAspiWDM - ok

23:19:14.0709 7760 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll

23:19:14.0713 7760 gpsvc - ok

23:19:14.0757 7760 [ 076f366b87575adc7d152c7a34acb3dc ] ha20x22k C:\Windows\system32\drivers\ha20x22k.sys

23:19:14.0782 7760 ha20x22k - ok

23:19:14.0833 7760 [ 4a7533eb52dc9d1847e7f78dee1ce322 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys

23:19:14.0857 7760 ha20x2k - ok

23:19:14.0872 7760 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

23:19:14.0872 7760 hcw85cir - ok

23:19:14.0927 7760 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

23:19:14.0930 7760 HdAudAddService - ok

23:19:14.0970 7760 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

23:19:14.0970 7760 HDAudBus - ok

23:19:14.0982 7760 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

23:19:14.0982 7760 HidBatt - ok

23:19:14.0993 7760 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

23:19:14.0993 7760 HidBth - ok

23:19:15.0028 7760 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

23:19:15.0029 7760 HidIr - ok

23:19:15.0052 7760 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll

23:19:15.0052 7760 hidserv - ok

23:19:15.0064 7760 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

23:19:15.0064 7760 HidUsb - ok

23:19:15.0123 7760 [ 08b58ad2bd4906e793783e4d78a680a0 ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

23:19:15.0124 7760 HiPatchService - ok

23:19:15.0163 7760 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll

23:19:15.0164 7760 hkmsvc - ok

23:19:15.0220 7760 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll

23:19:15.0222 7760 HomeGroupListener - ok

23:19:15.0261 7760 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

23:19:15.0262 7760 HomeGroupProvider - ok

23:19:15.0275 7760 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

23:19:15.0276 7760 HpSAMD - ok

23:19:15.0316 7760 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

23:19:15.0320 7760 HTTP - ok

23:19:15.0361 7760 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

23:19:15.0361 7760 hwpolicy - ok

23:19:15.0376 7760 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

23:19:15.0377 7760 i8042prt - ok

23:19:15.0401 7760 [ f7ce9be72edac499b713eca6dae5d26f ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

23:19:15.0403 7760 iaStor - ok

23:19:15.0476 7760 [ b25f192ea1f84a316eb7c19efcccf33d ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

23:19:15.0476 7760 IAStorDataMgrSvc - ok

23:19:15.0513 7760 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

23:19:15.0516 7760 iaStorV - ok

23:19:15.0539 7760 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:19:15.0542 7760 idsvc - ok

23:19:15.0659 7760 [ ce0bf35c79e03bb89da6b14fac838605 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\IPSDefs\20120815.002\IDSvia64.sys

23:19:15.0661 7760 IDSVia64 - ok

23:19:15.0684 7760 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

23:19:15.0685 7760 iirsp - ok

23:19:15.0735 7760 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll

23:19:15.0741 7760 IKEEXT - ok

23:19:15.0774 7760 IntcAzAudAddService - ok

23:19:15.0807 7760 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys

23:19:15.0807 7760 intelide - ok

23:19:15.0816 7760 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

23:19:15.0816 7760 intelppm - ok

23:19:15.0836 7760 [ 068ec06f3b6dd7b81b365d8fd2ce27e6 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe

23:19:15.0837 7760 Intel® PROSet Monitoring Service - ok

23:19:15.0857 7760 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll

23:19:15.0858 7760 IPBusEnum - ok

23:19:15.0869 7760 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:19:15.0870 7760 IpFilterDriver - ok

23:19:15.0910 7760 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

23:19:15.0910 7760 IPMIDRV - ok

23:19:15.0921 7760 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

23:19:15.0922 7760 IPNAT - ok

23:19:15.0991 7760 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

23:19:15.0994 7760 iPod Service - ok

23:19:16.0035 7760 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

23:19:16.0036 7760 IRENUM - ok

23:19:16.0068 7760 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

23:19:16.0068 7760 isapnp - ok

23:19:16.0101 7760 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

23:19:16.0102 7760 iScsiPrt - ok

23:19:16.0135 7760 [ a577f5db30f70eca9708c07c2eacbd9d ] JRAID C:\Windows\system32\DRIVERS\jraid.sys

23:19:16.0136 7760 JRAID - ok

23:19:16.0171 7760 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

23:19:16.0171 7760 kbdclass - ok

23:19:16.0201 7760 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

23:19:16.0201 7760 kbdhid - ok

23:19:16.0210 7760 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe

23:19:16.0210 7760 KeyIso - ok

23:19:16.0241 7760 [ da1e991a61cfdd755a589e206b97644b ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

23:19:16.0242 7760 KSecDD - ok

23:19:16.0250 7760 [ 7e33198d956943a4f11a5474c1e9106f ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

23:19:16.0251 7760 KSecPkg - ok

23:19:16.0258 7760 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

23:19:16.0258 7760 ksthunk - ok

23:19:16.0304 7760 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll

23:19:16.0308 7760 KtmRm - ok

23:19:16.0357 7760 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\system32\srvsvc.dll

23:19:16.0359 7760 LanmanServer - ok

23:19:16.0416 7760 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

23:19:16.0418 7760 LanmanWorkstation - ok

23:19:16.0451 7760 [ fa529fb35694c24bf98a9ef67c1cd9d0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys

23:19:16.0451 7760 LGBusEnum - ok

23:19:16.0459 7760 [ 94b29ce153765e768f004fb3440be2b0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys

23:19:16.0459 7760 LGVirHid - ok

23:19:16.0487 7760 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

23:19:16.0487 7760 lltdio - ok

23:19:16.0505 7760 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll

23:19:16.0508 7760 lltdsvc - ok

23:19:16.0516 7760 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll

23:19:16.0517 7760 lmhosts - ok

23:19:16.0525 7760 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

23:19:16.0525 7760 LSI_FC - ok

23:19:16.0535 7760 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

23:19:16.0535 7760 LSI_SAS - ok

23:19:16.0547 7760 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

23:19:16.0548 7760 LSI_SAS2 - ok

23:19:16.0559 7760 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

23:19:16.0560 7760 LSI_SCSI - ok

23:19:16.0571 7760 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys

23:19:16.0571 7760 luafv - ok

23:19:16.0618 7760 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

23:19:16.0619 7760 MBAMProtector - ok

23:19:16.0653 7760 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

23:19:16.0657 7760 MBAMService - ok

23:19:16.0683 7760 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

23:19:16.0686 7760 Mcx2Svc - ok

23:19:16.0703 7760 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

23:19:16.0703 7760 megasas - ok

23:19:16.0741 7760 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

23:19:16.0743 7760 MegaSR - ok

23:19:16.0778 7760 [ a6518dcc42f7a6e999bb3bea8fd87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

23:19:16.0778 7760 MEIx64 - ok

23:19:16.0789 7760 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll

23:19:16.0790 7760 MMCSS - ok

23:19:16.0804 7760 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys

23:19:16.0805 7760 Modem - ok

23:19:16.0832 7760 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys

23:19:16.0832 7760 monitor - ok

23:19:16.0882 7760 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

23:19:16.0883 7760 mouclass - ok

23:19:16.0891 7760 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

23:19:16.0891 7760 mouhid - ok

23:19:16.0922 7760 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

23:19:16.0922 7760 mountmgr - ok

23:19:16.0982 7760 [ 15d5398eed42c2504bb3d4fc875c15d1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

23:19:16.0984 7760 MozillaMaintenance - ok

23:19:17.0021 7760 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys

23:19:17.0022 7760 mpio - ok

23:19:17.0033 7760 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

23:19:17.0033 7760 mpsdrv - ok

23:19:17.0073 7760 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

23:19:17.0074 7760 MRxDAV - ok

23:19:17.0108 7760 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

23:19:17.0109 7760 mrxsmb - ok

23:19:17.0149 7760 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:19:17.0151 7760 mrxsmb10 - ok

23:19:17.0164 7760 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:19:17.0165 7760 mrxsmb20 - ok

23:19:17.0173 7760 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys

23:19:17.0174 7760 msahci - ok

23:19:17.0191 7760 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

23:19:17.0192 7760 msdsm - ok

23:19:17.0205 7760 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe

23:19:17.0207 7760 MSDTC - ok

23:19:17.0245 7760 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

23:19:17.0245 7760 Msfs - ok

23:19:17.0285 7760 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

23:19:17.0285 7760 mshidkmdf - ok

23:19:17.0319 7760 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

23:19:17.0319 7760 msisadrv - ok

23:19:17.0342 7760 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

23:19:17.0344 7760 MSiSCSI - ok

23:19:17.0346 7760 msiserver - ok

23:19:17.0380 7760 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

23:19:17.0380 7760 MSKSSRV - ok

23:19:17.0392 7760 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

23:19:17.0392 7760 MSPCLOCK - ok

23:19:17.0395 7760 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

23:19:17.0395 7760 MSPQM - ok

23:19:17.0409 7760 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

23:19:17.0411 7760 MsRPC - ok

23:19:17.0443 7760 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

23:19:17.0443 7760 mssmbios - ok

23:19:17.0450 7760 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

23:19:17.0450 7760 MSTEE - ok

23:19:17.0460 7760 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

23:19:17.0460 7760 MTConfig - ok

23:19:17.0469 7760 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys

23:19:17.0469 7760 Mup - ok

23:19:17.0490 7760 [ 34d08c9c64f657d194961e96c47e9c69 ] mv91xx C:\Windows\system32\DRIVERS\mv91xx.sys

23:19:17.0491 7760 mv91xx - ok

23:19:17.0627 7760 [ 53524145b4c49b4f7fd1c1e1bac5c305 ] MySQL C:\xampplite\mysql\bin\mysqld.exe

23:19:17.0644 7760 MySQL - ok

23:19:17.0660 7760 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll

23:19:17.0663 7760 napagent - ok

23:19:17.0701 7760 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

23:19:17.0703 7760 NativeWifiP - ok

23:19:17.0789 7760 [ 9d1cce440552500ded3a62f9d779cdb4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe

23:19:17.0793 7760 NAUpdate - ok

23:19:17.0869 7760 [ 8043d41f881d6ace40b854ad6e32217f ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\VirusDefs\20120815.002\ENG64.SYS

23:19:17.0870 7760 NAVENG - ok

23:19:17.0913 7760 [ 9a9ab2fc45d701daed465d14980f1305 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\VirusDefs\20120815.002\EX64.SYS

23:19:17.0919 7760 NAVEX15 - ok

23:19:17.0968 7760 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys

23:19:17.0974 7760 NDIS - ok

23:19:17.0987 7760 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

23:19:17.0987 7760 NdisCap - ok

23:19:18.0025 7760 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

23:19:18.0025 7760 NdisTapi - ok

23:19:18.0068 7760 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

23:19:18.0068 7760 Ndisuio - ok

23:19:18.0098 7760 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

23:19:18.0099 7760 NdisWan - ok

23:19:18.0132 7760 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

23:19:18.0132 7760 NDProxy - ok

23:19:18.0228 7760 [ c7f5c284b6f46fcaf6910ea4e644700b ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

23:19:18.0237 7760 Nero BackItUp Scheduler 4.0 - ok

23:19:18.0245 7760 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

23:19:18.0245 7760 NetBIOS - ok

23:19:18.0254 7760 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

23:19:18.0255 7760 NetBT - ok

23:19:18.0267 7760 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe

23:19:18.0267 7760 Netlogon - ok

23:19:18.0314 7760 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll

23:19:18.0316 7760 Netman - ok

23:19:18.0363 7760 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:19:18.0365 7760 NetMsmqActivator - ok

23:19:18.0368 7760 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:19:18.0368 7760 NetPipeActivator - ok

23:19:18.0374 7760 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll

23:19:18.0377 7760 netprofm - ok

23:19:18.0396 7760 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:19:18.0397 7760 NetTcpActivator - ok

23:19:18.0400 7760 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:19:18.0400 7760 NetTcpPortSharing - ok

23:19:18.0428 7760 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

23:19:18.0428 7760 nfrd960 - ok

23:19:18.0570 7760 [ f2840dbfe9322f35557219ae82cc4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

23:19:18.0571 7760 NIS - ok

23:19:18.0605 7760 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

23:19:18.0607 7760 NlaSvc - ok

23:19:18.0680 7760 [ cd2fe9c33cfd0fe0af124e05907e5c3d ] nmservice C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

23:19:18.0682 7760 nmservice - ok

23:19:18.0739 7760 [ 351533acc2a069b94e80bbfc177e8fdf ] npf C:\Windows\system32\drivers\npf.sys

23:19:18.0739 7760 npf - ok

23:19:18.0757 7760 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

23:19:18.0758 7760 Npfs - ok

23:19:18.0778 7760 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll

23:19:18.0780 7760 nsi - ok

23:19:18.0786 7760 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

23:19:18.0787 7760 nsiproxy - ok

23:19:18.0844 7760 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

23:19:18.0869 7760 Ntfs - ok

23:19:18.0876 7760 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys

23:19:18.0876 7760 Null - ok

23:19:18.0927 7760 [ 285acec1b13a15ba520aae06bacb9cff ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys

23:19:18.0928 7760 nusb3hub - ok

23:19:18.0953 7760 [ f6d625ff7b56bb6ea063f0d3a5bbc996 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys

23:19:18.0954 7760 nusb3xhc - ok

23:19:19.0005 7760 [ 102806b360d0e6bc6e55bf47ef655d43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys

23:19:19.0006 7760 NVHDA - ok

23:19:19.0290 7760 [ ba0b4889c40380a01ecdf84c227a89c9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

23:19:19.0334 7760 nvlddmkm - ok

23:19:19.0368 7760 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys

23:19:19.0369 7760 nvraid - ok

23:19:19.0379 7760 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys

23:19:19.0380 7760 nvstor - ok

23:19:19.0456 7760 [ 06633cf95bea62164c3bfca24bce6b11 ] nvsvc C:\Windows\system32\nvvsvc.exe

23:19:19.0459 7760 nvsvc - ok

23:19:19.0541 7760 [ 53b629ce436b110c5689c2f6439e567b ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

23:19:19.0545 7760 nvUpdatusService - ok

23:19:19.0586 7760 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

23:19:19.0587 7760 nv_agp - ok

23:19:19.0598 7760 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

23:19:19.0598 7760 ohci1394 - ok

23:19:19.0656 7760 [ 4965b005492cba7719e82b71e3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:19:19.0657 7760 ose64 - ok

23:19:19.0764 7760 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

23:19:19.0779 7760 osppsvc - ok

23:19:19.0814 7760 [ a29a80a1cf63d0dc27eefcaf27d34664 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys

23:19:19.0815 7760 ossrv - ok

23:19:19.0844 7760 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

23:19:19.0846 7760 p2pimsvc - ok

23:19:19.0860 7760 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll

23:19:19.0863 7760 p2psvc - ok

23:19:19.0910 7760 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

23:19:19.0910 7760 Parport - ok

23:19:19.0947 7760 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys

23:19:19.0947 7760 partmgr - ok

23:19:19.0956 7760 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

23:19:19.0957 7760 PcaSvc - ok

23:19:19.0972 7760 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys

23:19:19.0973 7760 pci - ok

23:19:19.0985 7760 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys

23:19:19.0985 7760 pciide - ok

23:19:19.0999 7760 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

23:19:20.0001 7760 pcmcia - ok

23:19:20.0013 7760 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys

23:19:20.0014 7760 pcw - ok

23:19:20.0027 7760 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys

23:19:20.0031 7760 PEAUTH - ok

23:19:20.0090 7760 [ b9b0a4299dd2d76a4243f75fd54dc680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

23:19:20.0107 7760 PeerDistSvc - ok

23:19:20.0196 7760 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe

23:19:20.0196 7760 PerfHost - ok

23:19:20.0247 7760 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll

23:19:20.0272 7760 pla - ok

23:19:20.0330 7760 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

23:19:20.0333 7760 PlugPlay - ok

23:19:20.0379 7760 [ 4ff73a83a25d0eead4f5e6c841bb6704 ] pnarp C:\Windows\system32\DRIVERS\pnarp.sys

23:19:20.0380 7760 pnarp - ok

23:19:20.0416 7760 PnkBstrA - ok

23:19:20.0443 7760 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

23:19:20.0444 7760 PNRPAutoReg - ok

23:19:20.0460 7760 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

23:19:20.0462 7760 PNRPsvc - ok

23:19:20.0473 7760 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

23:19:20.0477 7760 PolicyAgent - ok

23:19:20.0524 7760 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll

23:19:20.0526 7760 Power - ok

23:19:20.0582 7760 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

23:19:20.0583 7760 PptpMiniport - ok

23:19:20.0602 7760 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys

23:19:20.0603 7760 Processor - ok

23:19:20.0638 7760 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll

23:19:20.0640 7760 ProfSvc - ok

23:19:20.0648 7760 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe

23:19:20.0649 7760 ProtectedStorage - ok

23:19:20.0691 7760 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys

23:19:20.0692 7760 Psched - ok

23:19:20.0726 7760 [ 9a68a89f10f283a23afee2a1bfe4bffb ] purendis C:\Windows\system32\DRIVERS\purendis.sys

23:19:20.0726 7760 purendis - ok

23:19:20.0766 7760 [ 901dba98359966a62a6548596988e931 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

23:19:20.0767 7760 PxHlpa64 - ok

23:19:20.0799 7760 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

23:19:20.0824 7760 ql2300 - ok

23:19:20.0841 7760 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

23:19:20.0841 7760 ql40xx - ok

23:19:20.0859 7760 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll

23:19:20.0861 7760 QWAVE - ok

23:19:20.0875 7760 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

23:19:20.0875 7760 QWAVEdrv - ok

23:19:20.0882 7760 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

23:19:20.0882 7760 RasAcd - ok

23:19:20.0903 7760 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

23:19:20.0903 7760 RasAgileVpn - ok

23:19:20.0911 7760 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll

23:19:20.0912 7760 RasAuto - ok

23:19:20.0926 7760 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

23:19:20.0926 7760 Rasl2tp - ok

23:19:20.0967 7760 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll

23:19:20.0970 7760 RasMan - ok

23:19:20.0983 7760 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

23:19:20.0983 7760 RasPppoe - ok

23:19:20.0990 7760 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

23:19:20.0991 7760 RasSstp - ok

23:19:21.0026 7760 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

23:19:21.0028 7760 rdbss - ok

23:19:21.0037 7760 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

23:19:21.0037 7760 rdpbus - ok

23:19:21.0044 7760 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

23:19:21.0044 7760 RDPCDD - ok

23:19:21.0084 7760 [ 1b6163c503398b23ff8b939c67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

23:19:21.0085 7760 RDPDR - ok

23:19:21.0088 7760 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

23:19:21.0088 7760 RDPENCDD - ok

23:19:21.0091 7760 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

23:19:21.0092 7760 RDPREFMP - ok

23:19:21.0123 7760 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

23:19:21.0124 7760 RDPWD - ok

23:19:21.0135 7760 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

23:19:21.0135 7760 rdyboost - ok

23:19:21.0163 7760 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll

23:19:21.0165 7760 RemoteAccess - ok

23:19:21.0169 7760 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

23:19:21.0170 7760 RemoteRegistry - ok

23:19:21.0219 7760 [ 3dd798846e2c28102b922c56e71b7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

23:19:21.0219 7760 RFCOMM - ok

23:19:21.0221 7760 rpcapd - ok

23:19:21.0230 7760 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

23:19:21.0231 7760 RpcEptMapper - ok

23:19:21.0252 7760 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe

23:19:21.0252 7760 RpcLocator - ok

23:19:21.0266 7760 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll

23:19:21.0269 7760 RpcSs - ok

23:19:21.0283 7760 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

23:19:21.0284 7760 rspndr - ok

23:19:21.0342 7760 [ ee082e06a82ff630351d1e0ebbd3d8d0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

23:19:21.0345 7760 RTL8167 - ok

23:19:21.0382 7760 [ c7bca77a047f9d3738c5d58971a68ad9 ] rzdaendpt C:\Windows\system32\DRIVERS\rzdaendpt.sys

23:19:21.0383 7760 rzdaendpt - ok

23:19:21.0415 7760 [ a237566b5a53d17d8348334853f11b38 ] rzudd C:\Windows\system32\DRIVERS\rzudd.sys

23:19:21.0416 7760 rzudd - ok

23:19:21.0450 7760 [ 6030ce6e2990dfd0f02f8d0b4ac97b97 ] rzvkeyboard C:\Windows\system32\DRIVERS\rzvkeyboard.sys

23:19:21.0450 7760 rzvkeyboard - ok

23:19:21.0476 7760 [ e60c0a09f997826c7627b244195ab581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

23:19:21.0477 7760 s3cap - ok

23:19:21.0490 7760 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe

23:19:21.0491 7760 SamSs - ok

23:19:21.0531 7760 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

23:19:21.0532 7760 sbp2port - ok

23:19:21.0544 7760 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll

23:19:21.0546 7760 SCardSvr - ok

23:19:21.0580 7760 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

23:19:21.0580 7760 scfilter - ok

23:19:21.0603 7760 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll

23:19:21.0610 7760 Schedule - ok

23:19:21.0645 7760 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll

23:19:21.0645 7760 SCPolicySvc - ok

23:19:21.0653 7760 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

23:19:21.0655 7760 SDRSVC - ok

23:19:21.0685 7760 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

23:19:21.0685 7760 secdrv - ok

23:19:21.0688 7760 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll

23:19:21.0689 7760 seclogon - ok

23:19:21.0725 7760 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll

23:19:21.0726 7760 SENS - ok

23:19:21.0735 7760 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

23:19:21.0736 7760 SensrSvc - ok

23:19:21.0775 7760 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

23:19:21.0775 7760 Serenum - ok

23:19:21.0787 7760 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

23:19:21.0788 7760 Serial - ok

23:19:21.0823 7760 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

23:19:21.0824 7760 sermouse - ok

23:19:21.0835 7760 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll

23:19:21.0837 7760 SessionEnv - ok

23:19:21.0865 7760 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

23:19:21.0866 7760 sffdisk - ok

23:19:21.0876 7760 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

23:19:21.0876 7760 sffp_mmc - ok

23:19:21.0883 7760 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

23:19:21.0884 7760 sffp_sd - ok

23:19:21.0890 7760 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

23:19:21.0890 7760 sfloppy - ok

23:19:21.0931 7760 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll

23:19:21.0933 7760 ShellHWDetection - ok

23:19:21.0963 7760 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

23:19:21.0963 7760 SiSRaid2 - ok

23:19:21.0974 7760 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

23:19:21.0975 7760 SiSRaid4 - ok

23:19:22.0075 7760 [ 0f97e7a47a52f4a36969f0fc319654c2 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

23:19:22.0084 7760 Skype C2C Service - ok

23:19:22.0135 7760 [ f07af60b152221472fbdb2fecec4896d ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

23:19:22.0136 7760 SkypeUpdate - ok

23:19:22.0146 7760 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

23:19:22.0147 7760 Smb - ok

23:19:22.0196 7760 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe

23:19:22.0197 7760 SNMPTRAP - ok

23:19:22.0209 7760 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys

23:19:22.0209 7760 spldr - ok

23:19:22.0225 7760 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe

23:19:22.0228 7760 Spooler - ok

23:19:22.0293 7760 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe

23:19:22.0305 7760 sppsvc - ok

23:19:22.0355 7760 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

23:19:22.0356 7760 sppuinotify - ok

23:19:22.0459 7760 [ 891793e00432fa055cf040605c260e49 ] SRTSP C:\Windows\system32\drivers\NISx64\1308000.00E\SRTSP64.SYS

23:19:22.0462 7760 SRTSP - ok

23:19:22.0476 7760 [ 1cb7bb3b0561fb5ecfe37f7731e8bf3e ] SRTSPX C:\Windows\system32\drivers\NISx64\1308000.00E\SRTSPX64.SYS

23:19:22.0476 7760 SRTSPX - ok

23:19:22.0514 7760 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys

23:19:22.0516 7760 srv - ok

23:19:22.0534 7760 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

23:19:22.0536 7760 srv2 - ok

23:19:22.0545 7760 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

23:19:22.0546 7760 srvnet - ok

23:19:22.0581 7760 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

23:19:22.0583 7760 SSDPSRV - ok

23:19:22.0596 7760 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll

23:19:22.0597 7760 SstpSvc - ok

23:19:22.0640 7760 Steam Client Service - ok

23:19:22.0685 7760 [ c354621b6b94e10ae7f5cdbe745feb86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

23:19:22.0687 7760 Stereo Service - ok

23:19:22.0697 7760 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

23:19:22.0698 7760 stexstor - ok

23:19:22.0750 7760 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll

23:19:22.0755 7760 stisvc - ok

23:19:22.0790 7760 [ 7785dc213270d2fc066538daf94087e7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

23:19:22.0790 7760 storflt - ok

23:19:22.0808 7760 [ c40841817ef57d491f22eb103da587cc ] StorSvc C:\Windows\system32\storsvc.dll

23:19:22.0809 7760 StorSvc - ok

23:19:22.0819 7760 [ d34e4943d5ac096c8edeebfd80d76e23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

23:19:22.0820 7760 storvsc - ok

23:19:22.0826 7760 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys

23:19:22.0827 7760 swenum - ok

23:19:22.0844 7760 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll

23:19:22.0848 7760 swprv - ok

23:19:22.0923 7760 [ 8b2430762099598da40686f754632efd ] SymDS C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS

23:19:22.0928 7760 SymDS - ok

23:19:22.0997 7760 [ 5cb7f2fd7e30a0f52f93574bfc3a8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS

23:19:23.0009 7760 SymEFA - ok

23:19:23.0070 7760 [ 898bb48c797483420df523b2bbc1ecdb ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

23:19:23.0071 7760 SymEvent - ok

23:19:23.0097 7760 [ 5013a76caaa1d7cf1c55214b490b4e35 ] SymIRON C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS

23:19:23.0098 7760 SymIRON - ok

23:19:23.0137 7760 [ 3911bd0e68c010e5438a87706abbe9ab ] SymNetS C:\Windows\system32\drivers\NISx64\1308000.00E\SYMNETS.SYS

23:19:23.0138 7760 SymNetS - ok

23:19:23.0188 7760 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll

23:19:23.0213 7760 SysMain - ok

23:19:23.0250 7760 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

23:19:23.0251 7760 TabletInputService - ok

23:19:23.0266 7760 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

23:19:23.0268 7760 TapiSrv - ok

23:19:23.0276 7760 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll

23:19:23.0277 7760 TBS - ok

23:19:23.0325 7760 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

23:19:23.0350 7760 Tcpip - ok

23:19:23.0408 7760 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

23:19:23.0414 7760 TCPIP6 - ok

23:19:23.0448 7760 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

23:19:23.0448 7760 tcpipreg - ok

23:19:23.0469 7760 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

23:19:23.0470 7760 TDPIPE - ok

23:19:23.0503 7760 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

23:19:23.0504 7760 TDTCP - ok

23:19:23.0539 7760 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

23:19:23.0540 7760 tdx - ok

23:19:23.0586 7760 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys

23:19:23.0586 7760 TermDD - ok

23:19:23.0605 7760 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll

23:19:23.0609 7760 TermService - ok

23:19:23.0619 7760 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll

23:19:23.0620 7760 Themes - ok

23:19:23.0636 7760 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll

23:19:23.0636 7760 THREADORDER - ok

23:19:23.0648 7760 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll

23:19:23.0649 7760 TrkWks - ok

23:19:23.0675 7760 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

23:19:23.0677 7760 TrustedInstaller - ok

23:19:23.0703 7760 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

23:19:23.0703 7760 tssecsrv - ok

23:19:23.0735 7760 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

23:19:23.0736 7760 TsUsbFlt - ok

23:19:23.0786 7760 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

23:19:23.0787 7760 tunnel - ok

23:19:23.0804 7760 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

23:19:23.0804 7760 uagp35 - ok

23:19:23.0820 7760 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

23:19:23.0823 7760 udfs - ok

23:19:23.0834 7760 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

23:19:23.0835 7760 UI0Detect - ok

23:19:23.0845 7760 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

23:19:23.0846 7760 uliagpkx - ok

23:19:23.0878 7760 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\drivers\umbus.sys

23:19:23.0879 7760 umbus - ok

23:19:23.0899 7760 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

23:19:23.0900 7760 UmPass - ok

23:19:23.0913 7760 [ a293dcd756d04d8492a750d03b9a297c ] UmRdpService C:\Windows\System32\umrdp.dll

23:19:23.0915 7760 UmRdpService - ok

23:19:23.0927 7760 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll

23:19:23.0930 7760 upnphost - ok

23:19:23.0978 7760 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

23:19:23.0978 7760 USBAAPL64 - ok

23:19:24.0022 7760 [ 82e8f44688e6fac57b5b7c6fc7adbc2a ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

23:19:24.0023 7760 usbaudio - ok

23:19:24.0058 7760 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

23:19:24.0059 7760 usbccgp - ok

23:19:24.0090 7760 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

23:19:24.0091 7760 usbcir - ok

23:19:24.0122 7760 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\drivers\usbehci.sys

23:19:24.0122 7760 usbehci - ok

23:19:24.0134 7760 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

23:19:24.0135 7760 usbhub - ok

23:19:24.0164 7760 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

23:19:24.0164 7760 usbohci - ok

23:19:24.0205 7760 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

23:19:24.0206 7760 usbprint - ok

23:19:24.0251 7760 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

23:19:24.0251 7760 usbscan - ok

23:19:24.0284 7760 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:19:24.0284 7760 USBSTOR - ok

23:19:24.0306 7760 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

23:19:24.0307 7760 usbuhci - ok

23:19:24.0326 7760 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll

23:19:24.0327 7760 UxSms - ok

23:19:24.0338 7760 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe

23:19:24.0339 7760 VaultSvc - ok

23:19:24.0387 7760 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

23:19:24.0387 7760 vdrvroot - ok

23:19:24.0429 7760 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe

23:19:24.0433 7760 vds - ok

23:19:24.0442 7760 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

23:19:24.0442 7760 vga - ok

23:19:24.0455 7760 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys

23:19:24.0455 7760 VgaSave - ok

23:19:24.0473 7760 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

23:19:24.0474 7760 vhdmp - ok

23:19:24.0488 7760 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys

23:19:24.0488 7760 viaide - ok

23:19:24.0527 7760 [ 3b59bb6d10cf969dbe4db93d9ead7fb4 ] VKbms C:\Windows\system32\DRIVERS\VKbms.sys

23:19:24.0527 7760 VKbms - ok

23:19:24.0562 7760 [ 86ea3e79ae350fea5331a1303054005f ] vmbus C:\Windows\system32\drivers\vmbus.sys

23:19:24.0563 7760 vmbus - ok

23:19:24.0592 7760 [ 7de90b48f210d29649380545db45a187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

23:19:24.0592 7760 VMBusHID - ok

23:19:24.0616 7760 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

23:19:24.0616 7760 volmgr - ok

23:19:24.0646 7760 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

23:19:24.0648 7760 volmgrx - ok

23:19:24.0664 7760 [ df8126bd41180351a093a3ad2fc8903b ] volsnap C:\Windows\system32\drivers\volsnap.sys

23:19:24.0665 7760 volsnap - ok

23:19:24.0704 7760 [ b4a73ca4ef9a02b9738cea9ad5fe5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys

23:19:24.0705 7760 vpcbus - ok

23:19:24.0756 7760 [ e675fb2b48c54f09895482e2253b289c ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys

23:19:24.0756 7760 vpcnfltr - ok

23:19:24.0769 7760 [ 5fb42082b0d19a0268705f1dd343df20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys

23:19:24.0770 7760 vpcusb - ok

23:19:24.0825 7760 [ 207b6539799cc1c112661a9b620dd233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys

23:19:24.0827 7760 vpcvmm - ok

23:19:24.0868 7760 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

23:19:24.0869 7760 vsmraid - ok

23:19:24.0898 7760 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe

23:19:24.0922 7760 VSS - ok

23:19:24.0932 7760 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

23:19:24.0933 7760 vwifibus - ok

23:19:24.0952 7760 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll

23:19:24.0955 7760 W32Time - ok

23:19:24.0970 7760 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

23:19:24.0971 7760 WacomPen - ok

23:19:25.0008 7760 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

23:19:25.0008 7760 WANARP - ok

23:19:25.0023 7760 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

23:19:25.0024 7760 Wanarpv6 - ok

23:19:25.0072 7760 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

23:19:25.0089 7760 WatAdminSvc - ok

23:19:25.0117 7760 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe

23:19:25.0142 7760 wbengine - ok

23:19:25.0159 7760 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

23:19:25.0161 7760 WbioSrvc - ok

23:19:25.0199 7760 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll

23:19:25.0202 7760 wcncsvc - ok

23:19:25.0208 7760 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

23:19:25.0210 7760 WcsPlugInService - ok

23:19:25.0217 7760 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys

23:19:25.0218 7760 Wd - ok

23:19:25.0235 7760 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

23:19:25.0240 7760 Wdf01000 - ok

23:19:25.0243 7760 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll

23:19:25.0244 7760 WdiServiceHost - ok

23:19:25.0246 7760 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll

23:19:25.0247 7760 WdiSystemHost - ok

23:19:25.0279 7760 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll

23:19:25.0281 7760 WebClient - ok

23:19:25.0295 7760 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll

23:19:25.0298 7760 Wecsvc - ok

23:19:25.0310 7760 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

23:19:25.0311 7760 wercplsupport - ok

23:19:25.0345 7760 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll

23:19:25.0347 7760 WerSvc - ok

23:19:25.0359 7760 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

23:19:25.0359 7760 WfpLwf - ok

23:19:25.0368 7760 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys

23:19:25.0370 7760 WIMMount - ok

23:19:25.0372 7760 WinHttpAutoProxySvc - ok

23:19:25.0404 7760 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

23:19:25.0405 7760 Winmgmt - ok

23:19:25.0437 7760 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll

23:19:25.0461 7760 WinRM - ok

23:19:25.0525 7760 [ fe88b288356e7b47b74b13372add906d ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys

23:19:25.0525 7760 WinUSB - ok

23:19:25.0542 7760 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll

23:19:25.0549 7760 Wlansvc - ok

23:19:25.0618 7760 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

23:19:25.0619 7760 wlcrasvc - ok

23:19:25.0694 7760 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

23:19:25.0701 7760 wlidsvc - ok

23:19:25.0754 7760 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

23:19:25.0754 7760 WmiAcpi - ok

23:19:25.0767 7760 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

23:19:25.0768 7760 wmiApSrv - ok

23:19:25.0780 7760 WMPNetworkSvc - ok

23:19:25.0868 7760 [ 83b6ca03c846fcd47f9883d77d1eb27b ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe

23:19:25.0869 7760 WMZuneComm - ok

23:19:25.0908 7760 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll

23:19:25.0909 7760 WPCSvc - ok

23:19:25.0946 7760 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

23:19:25.0948 7760 WPDBusEnum - ok

23:19:25.0961 7760 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

23:19:25.0962 7760 ws2ifsl - ok

23:19:25.0964 7760 WSearch - ok

23:19:25.0993 7760 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

23:19:25.0994 7760 WudfPf - ok

23:19:26.0025 7760 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

23:19:26.0027 7760 wudfsvc - ok

23:19:26.0044 7760 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll

23:19:26.0046 7760 WwanSvc - ok

23:19:26.0159 7760 X6va006 - ok

23:19:26.0235 7760 [ 4a5ce13408945e525503b5f73d29b9c5 ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys

23:19:26.0240 7760 xnacc - ok

23:19:26.0369 7760 [ 67b787c34fb2888d01b130ae007042d8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe

23:19:26.0395 7760 ZuneNetworkSvc - ok

23:19:26.0435 7760 [ 4d89fc1c20cf655739efac5da81a67bc ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe

23:19:26.0437 7760 ZuneWlanCfgSvc - ok

23:19:26.0461 7760 ================ Scan global ===============================

23:19:26.0485 7760 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll

23:19:26.0524 7760 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll

23:19:26.0529 7760 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll

23:19:26.0544 7760 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll

23:19:26.0567 7760 (014a9cb92514e27c0107614df764bc06) C:\Windows\system32\services.exe

23:19:26.0569 7760 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected

23:19:26.0569 7760 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)

23:19:26.0569 7760 ================ Scan MBR ==================================

23:19:26.0588 7760 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

23:19:26.0789 7760 \Device\Harddisk0\DR0 - ok

23:19:26.0792 7760 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

23:19:26.0795 7760 \Device\Harddisk1\DR1 - ok

23:19:26.0796 7760 ================ Scan VBR ==================================

23:19:26.0798 7760 Boot (0x1200) (3f11c4a25370292e189e65ac8fc33ff4) \Device\Harddisk0\DR0\Partition1

23:19:26.0802 7760 \Device\Harddisk0\DR0\Partition1 - ok

23:19:26.0803 7760 Boot (0x1200) (b65dc01482000b3cfe720575633d3840) \Device\Harddisk1\DR1\Partition1

23:19:26.0806 7760 \Device\Harddisk1\DR1\Partition1 - ok

23:19:26.0806 7760 ============================================================

23:19:26.0806 7760 Scan finished

23:19:26.0806 7760 ============================================================

23:19:26.0811 7964 Detected object count: 1

23:19:26.0811 7964 Actual detected object count: 1

23:19:40.0369 7964 C:\Windows\system32\services.exe - copied to quarantine

23:19:43.0014 7964 C:\Windows\installer\{211f9ea7-01dc-c8ef-6820-40cb023b9523}\@ - copied to quarantine

23:19:43.0016 7964 C:\Windows\installer\{211f9ea7-01dc-c8ef-6820-40cb023b9523}\L\00000004.@ - copied to quarantine

23:19:43.0017 7964 C:\Windows\installer\{211f9ea7-01dc-c8ef-6820-40cb023b9523}\L\201d3dde - copied to quarantine

23:19:43.0019 7964 C:\Windows\installer\{211f9ea7-01dc-c8ef-6820-40cb023b9523}\U\00000008.@ - copied to quarantine

23:19:43.0136 7964 C:\Users\Paul\AppData\Local\{211f9ea7-01dc-c8ef-6820-40cb023b9523}\@ - copied to quarantine

23:19:43.0223 7964 C:\Users\Paul\AppData\Local\{211f9ea7-01dc-c8ef-6820-40cb023b9523}\U\00000008.@ - copied to quarantine

23:19:50.0493 7964 Backup copy found, using it..

23:19:50.0542 7964 C:\Windows\installer\{211f9ea7-01dc-c8ef-6820-40cb023b9523}\@ - will be deleted on reboot

23:19:50.0542 7964 C:\Windows\installer\{211f9ea7-01dc-c8ef-6820-40cb023b9523}\U\00000008.@ - will be deleted on reboot

23:19:50.0546 7964 C:\Users\Paul\AppData\Local\{211f9ea7-01dc-c8ef-6820-40cb023b9523}\@ - will be deleted on reboot

23:19:50.0546 7964 C:\Users\Paul\AppData\Local\{211f9ea7-01dc-c8ef-6820-40cb023b9523}\U\00000008.@ - will be deleted on reboot

23:19:50.0551 7964 C:\Windows\system32\services.exe - will be cured on reboot

23:19:50.0551 7964 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Cure

23:20:09.0789 6528 Deinitialize success

*****************************

ESET Online Scanner found nothing

AdwCleaner.exe Log

******************************

# AdwCleaner v1.801 - Logfile created 08/19/2012 at 08:14:17

# Updated 14/08/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Paul - OFFICEPC

# Boot Mode : Normal

# Running from : C:\Users\Paul\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

Folder Deleted : C:\Users\Paul\AppData\LocalLow\Search Settings

Folder Deleted : C:\Users\Sandy\AppData\LocalLow\Search Settings

Folder Deleted : C:\Program Files (x86)\Application Updater

Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com

Folder Deleted : C:\Program Files (x86)\Common Files\spigot

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\Search Settings

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\Application Updater

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL

Key Deleted : HKLM\SOFTWARE\Freeze.com

Key Deleted : HKLM\SOFTWARE\Search Settings

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings]

[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default

File : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\s2kpkygc.default\prefs.js

[OK] File is clean.

Profile name : default

File : C:\Users\Sandy\AppData\Roaming\Mozilla\Firefox\Profiles\vdmb71nk.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.79

File : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",

-\\ Opera v11.52.1100.0

File : C:\Users\Paul\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2600 octets] - [19/08/2012 08:12:51]

AdwCleaner[s1].txt - [288 octets] - [19/08/2012 08:13:52]

AdwCleaner[s2].txt - [2318 octets] - [19/08/2012 08:14:17]

########## EOF - C:\AdwCleaner[s2].txt - [2446 octets] ##########

**************************

Security Check Log

**************************

Results of screen317's Security Check version 0.99.46

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

Java 6 Update 33

Java version out of Date!

Adobe Reader X (10.1.4)

Mozilla Firefox 13.0.1 Firefox out of Date!

Google Chrome 21.0.1180.77

Google Chrome 21.0.1180.79

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 7%

````````````````````End of Log``````````````````````

**************************

It looks like it's gone. Norton no longer detects it either.

Thanks for all your help!

[screen317]

Hi,

Please grab a fresh copy of ComboFix, run it, and post its log. I want to make sure it's fully gone.

[Tunnleram]

Whoops. I didn't get the email notification of your reply.

=====

ComboFix 12-08-28.03 - Paul 08/29/2012 7:02.3.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16359.11900 [GMT -4:00]

Running from: c:\users\Paul\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Paul\AppData\Local\Temp\{F11AD720-0663-4791-9DB4-0B625E56257B}\fpb.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 )))))))))))))))))))))))))))))))

.

.

2012-08-29 11:06 . 2012-08-29 11:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-08-29 11:06 . 2012-08-29 11:06 -------- d-----w- c:\users\Sandy\AppData\Local\temp

2012-08-29 11:06 . 2012-08-29 11:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-29 02:15 . 2012-08-29 02:15 -------- d-----w- c:\users\Paul\Adobe Flash Builder 4.6

2012-08-29 02:07 . 2011-10-17 07:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys

2012-08-29 02:07 . 2011-10-17 07:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2012-08-29 02:07 . 2012-08-29 02:07 -------- d-----w- c:\program files (x86)\My Company Name

2012-08-28 13:25 . 2012-08-28 13:25 -------- d-----w- c:\users\Sandy\AppData\Roaming\Malwarebytes

2012-08-21 11:19 . 2012-08-21 11:19 -------- d-----w- c:\users\Paul\AppData\Local\ArmA 2 Free

2012-08-21 11:16 . 2012-08-21 11:16 -------- d-----w- c:\program files (x86)\Bohemia Interactive

2012-08-20 13:02 . 2012-08-20 13:02 -------- d-----w- c:\users\Sandy\AppData\Local\Razer

2012-08-19 05:36 . 2012-08-19 05:36 -------- d-----w- c:\program files (x86)\ESET

2012-08-16 13:26 . 2012-08-16 13:26 -------- d-----w- c:\users\Paul\AppData\Local\Macromedia

2012-08-15 23:34 . 2012-08-15 23:34 -------- d-----w- c:\users\Paul\AppData\Roaming\Malwarebytes

2012-08-15 23:34 . 2012-08-15 23:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-15 23:34 . 2012-08-15 23:34 -------- d-----w- c:\programdata\Malwarebytes

2012-08-15 23:34 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-15 23:11 . 2012-08-15 23:11 -------- d-----w- c:\users\Paul\AppData\Roaming\PC Cleaners

2012-08-15 23:11 . 2012-08-15 23:11 4270392 ----a-w- c:\windows\uninst.exe

2012-08-15 23:11 . 2012-08-15 23:11 -------- d-----w- c:\users\Paul\AppData\Roaming\PCPro

2012-08-15 23:11 . 2012-08-15 23:11 -------- d-----w- c:\programdata\PC1Data

2012-08-15 23:06 . 2012-08-15 23:06 -------- d-----w- c:\program files\Enigma Software Group

2012-08-15 17:46 . 2012-08-16 02:33 -------- d-----w- C:\NBRT

2012-08-15 13:33 . 2009-05-18 07:47 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-08-15 13:33 . 2012-08-15 13:33 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64

2012-08-15 13:33 . 2012-08-15 13:33 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard

2012-08-15 05:45 . 2012-08-15 23:02 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys

2012-08-15 05:34 . 2012-08-15 13:23 -------- d-----w- c:\users\Paul\AppData\Local\NPE

2012-08-15 05:31 . 2012-08-15 05:31 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared

2012-08-15 05:30 . 2012-08-15 05:30 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-08-15 05:30 . 2012-08-15 05:30 -------- d-----w- c:\program files\Symantec

2012-08-15 05:30 . 2012-08-15 05:30 -------- d-----w- c:\windows\system32\drivers\NISx64

2012-08-15 05:30 . 2012-08-15 05:30 -------- d-----w- c:\program files (x86)\Norton Internet Security

2012-08-15 05:27 . 2012-08-15 13:32 -------- d-----w- c:\program files (x86)\NortonInstaller

2012-08-15 04:41 . 2012-08-15 04:41 588800 ----a-w- c:\windows\SysWow64\rzdevicedll.dll

2012-08-15 04:34 . 2012-08-15 05:30 -------- d-----w- c:\program files\Common Files\Symantec Shared

2012-08-15 04:33 . 2012-08-15 09:05 -------- d-----w- c:\windows\system32\drivers\N360x64

2012-08-15 01:32 . 2012-08-15 01:32 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-08-15 01:19 . 2012-08-15 01:19 -------- d-----w- c:\users\Paul\AppData\Local\Razer

2012-08-15 01:19 . 2012-08-15 01:19 -------- d-----w- c:\programdata\Razer

2012-08-14 20:57 . 2012-08-14 20:57 -------- d-----w- c:\program files\WinPcap

2012-08-14 20:56 . 2012-08-14 20:59 -------- d-----w- c:\program files (x86)\Spiceworks

2012-08-13 20:41 . 2012-08-14 01:44 -------- d-----w- C:\UT2004

2012-08-13 17:35 . 2012-08-13 17:35 5115584 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2012-08-12 17:58 . 2012-08-12 17:58 -------- d-----w- c:\users\Paul\AppData\Local\Demiurge Studios

2012-08-11 21:48 . 2012-08-11 21:48 -------- d-----w- c:\programdata\Nexon

2012-08-11 03:23 . 2012-08-11 03:23 -------- d-----w- c:\users\Paul\AppData\Local\SplitMediaLabs

2012-08-11 03:22 . 2012-08-11 03:22 -------- d-----w- c:\programdata\SplitMediaLabs

2012-08-11 03:22 . 2012-08-11 03:22 -------- d-----w- c:\program files (x86)\SplitMediaLabs

2012-08-11 03:22 . 2012-08-11 03:22 -------- d-----w- c:\users\Paul\AppData\Roaming\SplitMediaLabs

2012-08-10 14:08 . 2012-08-10 14:08 -------- d-----w- c:\program files (x86)\WDP

2012-08-07 06:21 . 2012-08-07 06:21 143360 ----a-w- c:\windows\SysWow64\rztouchdll.dll

2012-08-07 06:21 . 2012-08-07 06:21 165888 ----a-w- c:\windows\SysWow64\rzaudiodll.dll

2012-08-04 03:23 . 2012-08-15 23:36 -------- d-----w- c:\users\Paul\AppData\Roaming\Skype

2012-08-04 03:23 . 2012-08-04 03:24 -------- d-----r- c:\program files (x86)\Skype

2012-08-04 03:23 . 2012-08-04 03:23 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-08-04 03:23 . 2012-08-26 03:04 -------- d-----w- c:\programdata\Skype

2012-07-31 16:06 . 2012-07-31 16:06 -------- d-----w- c:\program files (x86)\YTD Toolbar

2012-07-31 08:22 . 2012-07-31 08:22 26112 ----a-w- c:\windows\system32\drivers\rzdaendpt.sys

2012-07-31 08:22 . 2012-07-31 08:22 7168 ----a-w- c:\windows\system32\drivers\rzkbdhid.sys

2012-07-31 08:22 . 2012-07-31 08:22 22528 ----a-w- c:\windows\system32\drivers\rzvkeyboard.sys

2012-07-31 08:22 . 2012-07-31 08:22 105984 ----a-w- c:\windows\system32\drivers\rzudd.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-16 13:25 . 2012-04-07 00:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-16 13:25 . 2011-10-28 04:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-16 03:23 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe

2012-07-29 23:56 . 2012-07-29 23:57 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-07-29 23:56 . 2011-03-05 17:36 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-06-04 03:28 . 2011-01-30 19:01 58957832 ----a-w- c:\windows\system32\MRT.exe

2012-06-02 22:19 . 2012-06-21 04:17 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 04:17 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 04:17 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 04:17 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 04:17 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 04:17 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 04:17 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-21 04:16 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-21 04:16 36864 ----a-w- c:\windows\system32\wuapp.exe

.

.

((((((((((((((((((((((((((((( SnapShot_2012-08-29_03.52.18 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 05:10 . 2012-08-29 11:10 44944 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-01-29 18:55 . 2012-08-29 11:10 16000 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-721158220-2510337960-1424882744-1000_UserData.bin

+ 2012-08-29 11:08 . 2012-08-29 11:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-08-27 20:25 . 2012-08-27 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-29 11:08 . 2012-08-29 11:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-08-27 20:25 . 2012-08-27 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 02:36 . 2012-08-29 04:03 806734 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-08-29 11:06 512080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 02:36 . 2012-08-29 04:03 2661766 c:\windows\system32\perfh009.dat

+ 2009-07-14 04:45 . 2012-08-29 11:10 4443472 c:\windows\system32\FNTCACHE.DAT

+ 2011-05-04 23:56 . 2012-08-29 11:06 6513320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-721158220-2510337960-1424882744-1000-12288.dat

+ 2011-07-13 12:11 . 2012-08-29 11:06 42782616 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-721158220-2510337960-1424882744-1003-8192.dat

+ 2011-07-13 12:11 . 2012-08-29 11:06 48007328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-721158220-2510337960-1424882744-1003-4096.dat

+ 2011-01-30 18:29 . 2012-08-29 11:06 46569216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-721158220-2510337960-1424882744-1000-8192.dat

+ 2011-04-07 11:58 . 2012-08-29 11:06 20132246 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-721158220-2510337960-1424882744-1000-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]

2012-07-08 05:20 428712 ----a-w- c:\program files (x86)\DAP\LinkVerifier.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-05 1353080]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]

"DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2012-07-08 3774680]

"AdobeBridge"="" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-04-07 642856]

"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2011-12-28 467240]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-08-10 316840]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-8-18 113664]

Snagit 10.lnk - c:\program files (x86)\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux7"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]

R3 ALESIS_USB2;Alesis USB2 audio driver;c:\windows\system32\Drivers\alesis2u.sys [2010-04-22 399424]

R3 ALESIS_USB2_A;Alesis USB2 WDM;c:\windows\system32\drivers\alesis2a.sys [2010-04-22 50240]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]

R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]

R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]

R3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2006-05-24 13824]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-12 79360]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 230488]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 230488]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 95320]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 95320]

R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-03-23 12032]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1612888]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-08-03 16008]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-30 1255736]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]

R3 X6va006;X6va006;c:\users\Paul\AppData\Local\Temp\00623B9.tmp [x]

R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-17 1038088]

R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-07 8704]

R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]

R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [2012-04-18 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\BASHDefs\20120823.005\BHDrvx64.sys [2012-08-21 1385120]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [2012-06-07 167072]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-23 279616]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\IPSDefs\20120828.001\IDSvia64.sys [2012-08-22 512672]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [2012-04-18 190072]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 Apache2.2;Apache2.2;c:\xampplite\apache\bin\httpd.exe [2009-08-06 24640]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 129000]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 394216]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-14 138912]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-08-03 22408]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]

S3 rzdaendpt;%rzdaendpt.SvcDesc%;c:\windows\system32\DRIVERS\rzdaendpt.sys [2012-07-31 26112]

S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-07-31 105984]

S3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys [2012-07-31 22528]

S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-721158220-2510337960-1424882744-1000Core.job

- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-28 05:22]

.

2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-721158220-2510337960-1424882744-1000UA.job

- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-28 05:22]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

2010-07-28 20:05 397312 ----a-w- c:\program files (x86)\DAP\DAPIELoader64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-06-14 110360]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.bing.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm

IE: &Verify with DAP - c:\program files (x86)\DAP\dapverify.htm

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 167.206.245.130 167.206.245.129 192.168.1.1

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\s2kpkygc.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.speedbit.com/searchresults.asp?src=default&q=

FF - prefs.js: browser.search.selectedEngine - SpeedBit Search

FF - prefs.js: browser.startup.homepage - hxxp://search.speedbit.com

FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]

"ImagePath"="\??\c:\users\Paul\AppData\Local\Temp\00623B9.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}"=hex:51,66,7a,6c,4c,1d,38,12,ed,e2,e6,

8b,ec,e5,85,03,cf,88,91,ea,bc,02,ef,f7

"{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51,

99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,

43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87

"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,

55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3

"{F3FEE66E-E034-436A-86E4-9690573BEE8A}"=hex:51,66,7a,6c,4c,1d,38,12,00,e5,ed,

f7,06,ae,04,06,f9,f2,d5,d0,52,65,aa,9e

"{00C6482D-C502-44C8-8409-FCE54AD9C208}"=hex:51,66,7a,6c,4c,1d,38,12,43,4b,d5,

04,30,8b,a6,01,fb,1f,bf,a5,4f,87,86,1c

"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,

03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,

aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}"=hex:51,66,7a,6c,4c,1d,38,12,1c,49,84,

d1,2e,86,ad,08,c1,61,eb,e7,be,96,c2,5a

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,

f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63

"{FF6C3CF0-4B15-11D1-ABED-709549C10000}"=hex:51,66,7a,6c,4c,1d,38,12,9e,3f,7f,

fb,27,05,bf,54,d4,fb,33,d5,4c,9f,44,14

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:f2,de,c0,8f,5f,7a,cd,01

.

[HKEY_USERS\S-1-5-21-721158220-2510337960-1424882744-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CE577E52-9A08-AA6D-4E87-944582B122A4}*]

"hakjnbeelomockdb"=hex:6a,61,61,67,69,65,62,70,69,6b,69,6a,69,6d,6e,6b,69,70,

61,67,00,00

"iaekddpodnaihdkhjf"=hex:6a,61,61,67,69,65,62,70,69,6b,69,6a,69,6d,6e,6b,69,70,

61,67,00,00

.

[HKEY_USERS\S-1-5-21-721158220-2510337960-1424882744-1000\Software\SecuROM\License information*]

"datasecu"=hex:28,a5,cf,f2,87,2e,e6,3e,95,05,35,b9,af,f4,f4,9e,6c,ef,ad,a0,3a,

d7,42,1f,03,b6,d6,8f,9d,7e,16,22,b7,10,fc,4d,d8,70,cf,b5,d5,08,9b,fe,0f,00,\

"rkeysecu"=hex:f6,73,5d,ec,09,43,10,ab,85,ec,04,41,ad,f0,c5,d7

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\windows\SysWOW64\astsrv.exe

c:\program files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe

c:\program files (x86)\Common Files\Speedbit\SbUpdate\SBUpdate.exe

c:\xampplite\mysql\bin\mysqld.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

.

**************************************************************************

.

Completion time: 2012-08-29 07:15:04 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-29 11:15

ComboFix2.txt 2012-08-16 12:30

.

Pre-Run: 772,268,343,296 bytes free

Post-Run: 772,127,531,008 bytes free

.

- - End Of File - - 989CE0A8E6BF4BC7A79258DC4F258FF5

[screen317]

Hi,

Run TFC by OldTimer to clear temporary files:

• Open TFC.exe if you already have it. If not, please download TFC from here and save it to your desktop.
  
• Close any open programs and Internet browsers.
  
• Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  
• Please be patient as clearing out temp files may take a while.
  
• Once it completes you may be prompted to restart your computer, please do so.
  
• Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.
  

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Adobe Flash Player

Java™ 6 Update 33

Restart your computer.

Get the latest version of Java and Adobe Flash Player.

Let me know what issues remain.

[Maurice Naggar]

@ Tunnleram

Are you still with us ? Do you still need help or can we close this thread ?

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!