Audio Ads When No Programs Open

DSDragon · June 4, 2013

Hello,

I'm having a rather unusual (for me) malware problem. Whenever I start up my computer, just after Windows loads and the wi-fi connects, I start hearing advertisements over the speakers. At this point, no programs are open at all. I can go into the volume mixer and mute the ads (they all say "Name not available," but I can't figure out how to get rid of them, or make them stop happening. Sometimes, if I try to open a program too early after the ads start, then I get the "blue screen of death," which, I suppose is better than the black screen of death, but is still very worrying.

Can anyone help me? I've already got Norton Anti-virus as well as Ad-Aware on the machine, but neither can fix this particular problem.

Thanks in advance for any help.

Also, I forgot to mention that every few minutes, a new "Name not available" thing shows up in the volume mixer and starts talking, so watching videos or doing anything that involves concentration on words is rather difficult.

Psychotic · June 4, 2013

Hi there,

my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.]========================================================

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click Yes.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

Click the Scan button and let the program do its work. GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop.

Pleae attach the gmer.txt to your reply:

Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, browse to where you saved the file, and
Click Upload.

Download DDS and save it to your desktop from here or here or

here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt

Attach.txt

Save both reports to your desktop.

DSDragon · June 4, 2013

Hello, Marius, and thank you for your quick reply. Here is the Gmer log; I am going to start on the next portion of your instructions as soon as I finish this reply post.

Thanks,

Darcy

Gmer.txt

DSDragon · June 4, 2013

Here are the DDS logs.

Darcy

attach.txt

dds.txt

Psychotic · June 4, 2013

AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

I see that you have more than one antivirus programs installed - this may harm your computer´s security.

Uninstall one of them.

In this case, leaving Norton would be the better choice, I think.

DSDragon · June 4, 2013

I have uninstalled Ad-Aware.

Psychotic · June 4, 2013

Scan with adwCleaner

Please download AdwCleaner to your desktop.

Run adwcleaner.exe.
Hit delete.
When the run is finished, it will open up a text file.
Please post its contents within your next reply.
You´ll find the log file at C:\AdwCleaner[s1].txt also.

Combofix

Combofix should only be run when adviced by a team member! Link 1

Important - Save the file to your desktop!

Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
Run Combofix.exe

When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

DSDragon · June 5, 2013

I ran adwcleaner.exe, and it said it needed to restart the computer to finish making changes and that the report would be generated once Windows restarted, so I said ok. But when Windows restarted, it froze up and Windows Explorer needed to be restarted because it was not responding. When Windows Explorer was restarted finally, there was no text file from adwcleaner.exe. Should I run it again?

Psychotic · June 5, 2013

Yes, please try it again.

If it fails again, run your system in safe mode and restart the tool.

Report.

DSDragon · June 5, 2013

Here is the log for AdwCleaner:

# AdwCleaner v2.301 - Logfile created 06/05/2013 at 03:30:09

# Updated 16/05/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Darcy - DARCYNEWLAPTOP

# Boot Mode : Normal

# Running from : C:\Users\Darcy\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0 (en-US)

File : C:\Users\Darcy\AppData\Roaming\Mozilla\Firefox\Profiles\hbc8jtwx.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Darcy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s2].txt - [826 octets] - [05/06/2013 03:30:09]

########## EOF - C:\AdwCleaner[s2].txt - [885 octets] ##########

Psychotic · June 5, 2013

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

DSDragon · June 5, 2013

Should I still do ComboFix before I do TDS SKiller?

I tried to disable Norton Internet Security by right-clicking on the icon in the start bar and clicking both "Disable Smart Firewall" and "Disable Antivirus Auto-Protect." I could not figure out how to disable all of Norton Internet Security.

When I ran ComboFix, Norton Internet Security kept popping up with Auto-Protect things, even though I had disabled them--I don't know why. When I right-click on it now, it says "Enable" instead of "Disable" for those two options. And ComboFix now says to disable Norton Internet Security before clicking OK. The only other option is the X at the top right corner. How do I disable Norton completely?

Psychotic · June 5, 2013

Skip the TDSS-Killer - go on with combofix.

If Norton says it is disabled, continue the combofix run and ignore the message.

DSDragon · June 5, 2013

I ran ComboFix, and it seemed to be going well until it got to "Completed_Stage_20." At that point, my computer completely froze, and I got a blue stop error screen. I had to restart the computer, and it's taken nearly fifteen minutes just to get back on the forums so that I can post this reply. Should I run ComboFix again?

I will gladly continue once I receive your reply tomorrow, but it is past 4:30 in the morning here, so I need to sleep.

Psychotic · June 5, 2013

This is weird...

Start your computer in safe mode (no networking) and run combofix again.

DSDragon · June 5, 2013

It happened again, with the blue screen, only this time, ComboFix got almost to "Completed Stage_50" (the last one I saw for sure was 47 or 48). Here's what windows said when it rebooted:

Problem signature:

Problem Event Name: BlueScreen

OS Version: 6.1.7601.2.1.0.768.3

Locale ID: 1033

Additional information about the problem:

BCCode: 1e

BCP1: FFFFFFFFC0000005

BCP2: FFFFF80002582BBA

BCP3: 0000000000000001

BCP4: 0000000000000018

OS Version: 6_1_7601

Service Pack: 1_0

Product: 768_1

Files that help describe the problem:

C:\Windows\Minidump\060513-54335-01.dmp

C:\Users\Darcy\AppData\Local\Temp\WER-99637-0.sysdata.xml

Read our privacy statement online:

http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:

C:\Windows\system32\en-US\erofflps.txt

Also, when I was looking for a better way to disable Norton Internet Security, I found an announcement in the Action Center (in the Control Panel - System Security section) that said the Alureon virus had caused my computer to stop working properly this past Sunday (June 2, 2013) at 4:06 a.m. Would you like the details of that?

There was also a Maintenance message asking to check for solutions to unresolved problems. Would you like to see that message?

Psychotic · June 6, 2013

No, we don´t need the details. Now I think we have another problem...Let´s try something else:

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

DSDragon · June 6, 2013

The log for TDSSkiller is below. Before I get to that, however, a couple of things have changed since my original post--I think maybe since I uninstalled Ad-Aware, though I didn't notice until a little later.

First, Norton keeps warning me that there is "High Disk Usage" by Internet Explorer, even when I am not currently using Internet Explorer. That's especially worrying, because I've had lots of trouble getting into that browser, and had to switch to FireFox to get anything done online. I cannot get onto this forum through FireFox for some reason, however, so I had to login using Internet Explorer.

Second, and this is a more recent development than the "High Disk Usage" thing:

In my original post, I mentioned that I can mute the audio ads (of which I can't find the source to get rid of them) by going into the Volume Mixer and muting the one that said, "Name not available." Now, instead of "Name not available," the audio that I have to mute is called, "Host Process for Windows Services." Does that help at all with the resolution of the problem?

Either way, here is the log for TDSSkiller:

15:25:36.0875 9764 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:25:38.0685 9764 ============================================================
15:25:38.0685 9764 Current date / time: 2013/06/06 15:25:38.0685
15:25:38.0685 9764 SystemInfo:
15:25:38.0685 9764
15:25:38.0685 9764 OS Version: 6.1.7601 ServicePack: 1.0
15:25:38.0685 9764 Product type: Workstation
15:25:38.0685 9764 ComputerName: DARCYNEWLAPTOP
15:25:38.0685 9764 UserName: Darcy
15:25:38.0685 9764 Windows directory: C:\Windows
15:25:38.0700 9764 System windows directory: C:\Windows
15:25:38.0700 9764 Running under WOW64
15:25:38.0700 9764 Processor architecture: Intel x64
15:25:38.0700 9764 Number of processors: 4
15:25:38.0700 9764 Page size: 0x1000
15:25:38.0700 9764 Boot type: Normal boot
15:25:38.0700 9764 ============================================================
15:25:40.0291 9764 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:25:40.0291 9764 Drive \Device\Harddisk1\DR1 - Size: 0x3C8C0000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:25:40.0307 9764 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB5E00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:25:40.0323 9764 ============================================================
15:25:40.0323 9764 \Device\Harddisk0\DR0:
15:25:40.0323 9764 MBR partitions:
15:25:40.0323 9764 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:25:40.0323 9764 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48B41000
15:25:40.0323 9764 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x48BA5000, BlocksNum 0x1C7F000
15:25:40.0323 9764 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
15:25:40.0323 9764 \Device\Harddisk1\DR1:
15:25:40.0323 9764 MBR partitions:
15:25:40.0323 9764 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0xF9, BlocksNum 0x1E4407
15:25:40.0323 9764 \Device\Harddisk2\DR2:
15:25:40.0323 9764 MBR partitions:
15:25:40.0323 9764 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1
15:25:40.0323 9764 ============================================================
15:25:40.0416 9764 C: <-> \Device\Harddisk0\DR0\Partition2
15:25:40.0619 9764 D: <-> \Device\Harddisk0\DR0\Partition3
15:25:40.0666 9764 G: <-> \Device\Harddisk2\DR2\Partition1
15:25:40.0791 9764 H: <-> \Device\Harddisk0\DR0\Partition4
15:25:40.0791 9764 ============================================================
15:25:40.0806 9764 Initialize success
15:25:40.0806 9764 ============================================================
15:25:44.0581 9448 ============================================================
15:25:44.0581 9448 Scan started
15:25:44.0581 9448 Mode: Manual;
15:25:44.0581 9448 ============================================================
15:25:51.0180 9448 ================ Scan system memory ========================
15:25:51.0196 9448 System memory - ok
15:25:51.0196 9448 ================ Scan services =============================
15:25:51.0711 9448 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:25:51.0711 9448 1394ohci - ok
15:25:51.0820 9448 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
15:25:51.0820 9448 Accelerometer - ok
15:25:51.0882 9448 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:25:51.0882 9448 ACPI - ok
15:25:51.0945 9448 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:25:51.0960 9448 AcpiPmi - ok
15:25:52.0147 9448 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:25:52.0147 9448 AdobeARMservice - ok
15:25:52.0506 9448 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:25:52.0506 9448 AdobeFlashPlayerUpdateSvc - ok
15:25:52.0771 9448 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:25:52.0787 9448 adp94xx - ok
15:25:52.0849 9448 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:25:52.0865 9448 adpahci - ok
15:25:52.0974 9448 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:25:52.0974 9448 adpu320 - ok
15:25:53.0021 9448 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:25:53.0021 9448 AeLookupSvc - ok
15:25:53.0395 9448 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
15:25:53.0395 9448 AESTFilters - ok
15:25:53.0520 9448 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:25:53.0551 9448 AFD - ok
15:25:53.0661 9448 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:25:53.0661 9448 agp440 - ok
15:25:53.0801 9448 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:25:53.0817 9448 ALG - ok
15:25:53.0973 9448 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:25:53.0973 9448 aliide - ok
15:25:54.0035 9448 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:25:54.0035 9448 amdide - ok
15:25:54.0113 9448 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:25:54.0113 9448 AmdK8 - ok
15:25:54.0207 9448 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:25:54.0207 9448 AmdPPM - ok
15:25:54.0347 9448 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:25:54.0347 9448 amdsata - ok
15:25:54.0456 9448 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:25:54.0472 9448 amdsbs - ok
15:25:54.0519 9448 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:25:54.0519 9448 amdxata - ok
15:25:54.0581 9448 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
15:25:54.0597 9448 AMPPAL - ok
15:25:54.0612 9448 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
15:25:54.0612 9448 AMPPALP - ok
15:25:54.0862 9448 [ 576134E43169810B560F0BB6FDEE13F5 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
15:25:54.0893 9448 AMPPALR3 - ok
15:25:55.0080 9448 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:25:55.0080 9448 AppID - ok
15:25:55.0221 9448 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:25:55.0221 9448 AppIDSvc - ok
15:25:55.0408 9448 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
15:25:55.0408 9448 Appinfo - ok
15:25:55.0704 9448 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:25:55.0704 9448 Apple Mobile Device - ok
15:25:55.0845 9448 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:25:55.0845 9448 arc - ok
15:25:55.0876 9448 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:25:55.0876 9448 arcsas - ok
15:25:56.0016 9448 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:25:56.0047 9448 aspnet_state - ok
15:25:56.0235 9448 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:25:56.0235 9448 AsyncMac - ok
15:25:56.0313 9448 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:25:56.0313 9448 atapi - ok
15:25:56.0515 9448 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:25:56.0515 9448 AudioEndpointBuilder - ok
15:25:56.0531 9448 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:25:56.0547 9448 AudioSrv - ok
15:25:56.0718 9448 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:25:56.0718 9448 AxInstSV - ok
15:25:56.0859 9448 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:25:56.0859 9448 b06bdrv - ok
15:25:56.0952 9448 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:25:56.0952 9448 b57nd60a - ok
15:25:57.0155 9448 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
15:25:57.0186 9448 BCM43XX - ok
15:25:57.0233 9448 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:25:57.0249 9448 BDESVC - ok
15:25:57.0358 9448 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:25:57.0358 9448 Beep - ok
15:25:57.0514 9448 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:25:57.0529 9448 BFE - ok
15:25:58.0263 9448 [ 6E10DB69DB1AA96207F4B14B18FF12F8 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx64.sys
15:25:58.0325 9448 BHDrvx64 - ok
15:25:58.0606 9448 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:25:58.0621 9448 BITS - ok
15:25:58.0746 9448 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:25:58.0746 9448 blbdrive - ok
15:25:58.0824 9448 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:25:58.0824 9448 bowser - ok
15:25:58.0902 9448 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:25:58.0902 9448 BrFiltLo - ok
15:25:58.0933 9448 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:25:58.0933 9448 BrFiltUp - ok
15:25:58.0996 9448 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:25:59.0011 9448 BridgeMP - ok
15:25:59.0105 9448 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:25:59.0105 9448 Browser - ok
15:25:59.0183 9448 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:25:59.0183 9448 Brserid - ok
15:25:59.0245 9448 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:25:59.0245 9448 BrSerWdm - ok
15:25:59.0323 9448 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:25:59.0323 9448 BrUsbMdm - ok
15:25:59.0401 9448 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:25:59.0401 9448 BrUsbSer - ok
15:25:59.0433 9448 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:25:59.0433 9448 BTHMODEM - ok
15:25:59.0511 9448 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:25:59.0526 9448 bthserv - ok
15:25:59.0885 9448 [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
15:25:59.0885 9448 BTHSSecurityMgr - ok
15:26:00.0181 9448 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys
15:26:00.0181 9448 ccSet_NIS - ok
15:26:00.0306 9448 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:26:00.0306 9448 cdfs - ok
15:26:00.0400 9448 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:26:00.0400 9448 cdrom - ok
15:26:00.0525 9448 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:26:00.0525 9448 CertPropSvc - ok
15:26:00.0603 9448 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
15:26:00.0603 9448 circlass - ok
15:26:00.0681 9448 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:26:00.0696 9448 CLFS - ok
15:26:00.0946 9448 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:26:00.0993 9448 clr_optimization_v2.0.50727_32 - ok
15:26:01.0039 9448 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:26:01.0055 9448 clr_optimization_v2.0.50727_64 - ok
15:26:01.0211 9448 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:26:01.0476 9448 clr_optimization_v4.0.30319_32 - ok
15:26:01.0523 9448 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:26:01.0851 9448 clr_optimization_v4.0.30319_64 - ok
15:26:02.0038 9448 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
15:26:02.0053 9448 clwvd - ok
15:26:02.0147 9448 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:26:02.0147 9448 CmBatt - ok
15:26:02.0178 9448 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:26:02.0194 9448 cmdide - ok
15:26:02.0334 9448 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:26:02.0334 9448 CNG - ok
15:26:02.0443 9448 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:26:02.0443 9448 Compbatt - ok
15:26:02.0506 9448 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:26:02.0506 9448 CompositeBus - ok
15:26:02.0537 9448 COMSysApp - ok
15:26:02.0631 9448 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:26:02.0631 9448 crcdisk - ok
15:26:02.0693 9448 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:26:02.0693 9448 CryptSvc - ok
15:26:02.0927 9448 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:26:02.0943 9448 cvhsvc - ok
15:26:03.0052 9448 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:26:03.0067 9448 DcomLaunch - ok
15:26:03.0223 9448 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:26:03.0223 9448 defragsvc - ok
15:26:03.0286 9448 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:26:03.0301 9448 DfsC - ok
15:26:03.0426 9448 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:26:03.0473 9448 Dhcp - ok
15:26:03.0551 9448 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:26:03.0567 9448 discache - ok
15:26:03.0785 9448 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:26:03.0785 9448 Disk - ok
15:26:03.0925 9448 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:26:03.0925 9448 Dnscache - ok
15:26:04.0019 9448 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:26:04.0035 9448 dot3svc - ok
15:26:04.0097 9448 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:26:04.0097 9448 DPS - ok
15:26:04.0175 9448 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:26:04.0175 9448 drmkaud - ok
15:26:04.0331 9448 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:26:04.0362 9448 DXGKrnl - ok
15:26:04.0471 9448 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:26:04.0471 9448 EapHost - ok
15:26:05.0173 9448 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:26:05.0251 9448 ebdrv - ok
15:26:05.0423 9448 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:26:05.0423 9448 eeCtrl - ok
15:26:05.0563 9448 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:26:05.0563 9448 EFS - ok
15:26:05.0766 9448 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:26:05.0782 9448 ehRecvr - ok
15:26:05.0953 9448 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:26:05.0953 9448 ehSched - ok
15:26:06.0094 9448 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:26:06.0109 9448 elxstor - ok
15:26:06.0297 9448 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:26:06.0312 9448 EraserUtilRebootDrv - ok
15:26:06.0390 9448 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:26:06.0390 9448 ErrDev - ok
15:26:06.0546 9448 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:26:06.0546 9448 EventSystem - ok
15:26:06.0733 9448 [ E3A96D5AE6E5C7B5472011BA77353368 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:26:06.0765 9448 EvtEng - ok
15:26:06.0827 9448 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:26:06.0827 9448 exfat - ok
15:26:06.0936 9448 ezSharedSvc - ok
15:26:07.0014 9448 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:26:07.0030 9448 fastfat - ok
15:26:07.0264 9448 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:26:07.0279 9448 Fax - ok
15:26:07.0311 9448 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
15:26:07.0311 9448 fdc - ok
15:26:07.0342 9448 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:26:07.0342 9448 fdPHost - ok
15:26:07.0357 9448 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:26:07.0373 9448 FDResPub - ok
15:26:07.0451 9448 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:26:07.0451 9448 FileInfo - ok
15:26:07.0467 9448 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:26:07.0467 9448 Filetrace - ok
15:26:07.0545 9448 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:26:07.0560 9448 flpydisk - ok
15:26:07.0591 9448 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:26:07.0763 9448 FltMgr - ok
15:26:07.0997 9448 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
15:26:08.0044 9448 FontCache - ok
15:26:08.0153 9448 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:26:08.0153 9448 FontCache3.0.0.0 - ok
15:26:08.0278 9448 [ 6AA4E6B4EA50620AB622A048394C4AA2 ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
15:26:08.0278 9448 FPLService - ok
15:26:08.0387 9448 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:26:08.0387 9448 FsDepends - ok
15:26:08.0465 9448 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:26:08.0465 9448 Fs_Rec - ok
15:26:08.0559 9448 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:26:08.0559 9448 fvevol - ok
15:26:08.0637 9448 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:26:08.0652 9448 gagp30kx - ok
15:26:08.0746 9448 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
15:26:08.0746 9448 GamesAppService - ok
15:26:08.0808 9448 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:26:08.0808 9448 GEARAspiWDM - ok
15:26:08.0917 9448 [ 14908F4F9005C29DE8F5587E271390EE ] gfibto C:\Windows\system32\drivers\gfibto.sys
15:26:08.0917 9448 gfibto - ok
15:26:09.0105 9448 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:26:09.0120 9448 gpsvc - ok
15:26:09.0183 9448 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:26:09.0183 9448 hcw85cir - ok
15:26:09.0385 9448 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:26:09.0401 9448 HdAudAddService - ok
15:26:09.0463 9448 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:26:09.0463 9448 HDAudBus - ok
15:26:09.0541 9448 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:26:09.0557 9448 HidBatt - ok
15:26:09.0588 9448 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:26:09.0588 9448 HidBth - ok
15:26:09.0838 9448 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:26:09.0838 9448 HidIr - ok
15:26:09.0916 9448 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:26:09.0916 9448 hidserv - ok
15:26:10.0119 9448 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:26:10.0119 9448 HidUsb - ok
15:26:10.0259 9448 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:26:10.0275 9448 hkmsvc - ok
15:26:10.0337 9448 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:26:10.0353 9448 HomeGroupListener - ok
15:26:10.0399 9448 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:26:10.0415 9448 HomeGroupProvider - ok
15:26:10.0665 9448 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
15:26:10.0665 9448 HP Support Assistant Service - ok
15:26:10.0805 9448 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
15:26:10.0821 9448 HPClientSvc - ok
15:26:10.0977 9448 [ E040F0064D39F73BB4995D494F3DCBB8 ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
15:26:10.0992 9448 hpCMSrv - ok
15:26:11.0117 9448 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
15:26:11.0117 9448 hpdskflt - ok
15:26:11.0367 9448 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
15:26:11.0382 9448 hpqwmiex - ok
15:26:11.0445 9448 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:26:11.0460 9448 HpSAMD - ok
15:26:11.0538 9448 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
15:26:11.0538 9448 hpsrv - ok
15:26:11.0928 9448 [ 491CE9B6321FB74E4B37AF2C47F98434 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
15:26:11.0928 9448 HPWMISVC - ok
15:26:12.0006 9448 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:26:12.0022 9448 HTTP - ok
15:26:12.0053 9448 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:26:12.0053 9448 hwpolicy - ok
15:26:12.0147 9448 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:26:12.0162 9448 i8042prt - ok
15:26:12.0287 9448 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:26:12.0287 9448 iaStor - ok
15:26:12.0552 9448 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
15:26:12.0552 9448 IAStorDataMgrSvc - ok
15:26:12.0630 9448 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:26:12.0630 9448 iaStorV - ok
15:26:12.0989 9448 [ D72BF0AE484F88399E8343E821C10D6A ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
15:26:13.0051 9448 IconMan_R - ok
15:26:13.0270 9448 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:26:13.0285 9448 idsvc - ok
15:26:13.0847 9448 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130605.001\IDSvia64.sys
15:26:13.0878 9448 IDSVia64 - ok
15:26:14.0970 9448 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:26:15.0267 9448 igfx - ok
15:26:15.0329 9448 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:26:15.0329 9448 iirsp - ok
15:26:15.0485 9448 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:26:15.0501 9448 IKEEXT - ok
15:26:15.0735 9448 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
15:26:15.0750 9448 IntcDAud - ok
15:26:15.0859 9448 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:26:15.0859 9448 intelide - ok
15:26:15.0891 9448 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:26:15.0891 9448 intelppm - ok
15:26:16.0015 9448 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:26:16.0015 9448 IPBusEnum - ok
15:26:16.0093 9448 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:26:16.0109 9448 IpFilterDriver - ok
15:26:16.0249 9448 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:26:16.0265 9448 iphlpsvc - ok
15:26:16.0374 9448 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:26:16.0390 9448 IPMIDRV - ok
15:26:16.0437 9448 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:26:16.0437 9448 IPNAT - ok
15:26:16.0639 9448 [ 2872B90D57C8310194A78A9787406467 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:26:16.0639 9448 iPod Service - ok
15:26:16.0749 9448 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:26:16.0749 9448 IRENUM - ok
15:26:16.0780 9448 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:26:16.0780 9448 isapnp - ok
15:26:16.0811 9448 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:26:16.0811 9448 iScsiPrt - ok
15:26:17.0014 9448 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:26:17.0014 9448 kbdclass - ok
15:26:17.0092 9448 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:26:17.0092 9448 kbdhid - ok
15:26:17.0201 9448 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:26:17.0201 9448 KeyIso - ok
15:26:17.0357 9448 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:26:17.0373 9448 KSecDD - ok
15:26:17.0435 9448 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:26:17.0435 9448 KSecPkg - ok
15:26:17.0513 9448 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:26:17.0513 9448 ksthunk - ok
15:26:17.0841 9448 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:26:17.0841 9448 KtmRm - ok
15:26:17.0965 9448 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:26:17.0965 9448 LanmanServer - ok
15:26:18.0043 9448 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:26:18.0043 9448 LanmanWorkstation - ok
15:26:18.0137 9448 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:26:18.0137 9448 lltdio - ok
15:26:18.0199 9448 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:26:18.0215 9448 lltdsvc - ok
15:26:18.0309 9448 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:26:18.0324 9448 lmhosts - ok
15:26:18.0433 9448 [ D7E0BED3EA21D7BDDD410ADE51708D90 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:26:18.0433 9448 LMS - ok
15:26:18.0511 9448 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:26:18.0511 9448 LSI_FC - ok
15:26:18.0605 9448 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:26:18.0605 9448 LSI_SAS - ok
15:26:18.0683 9448 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:26:18.0683 9448 LSI_SAS2 - ok
15:26:18.0745 9448 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:26:18.0745 9448 LSI_SCSI - ok
15:26:18.0823 9448 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:26:18.0823 9448 luafv - ok
15:26:18.0917 9448 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:26:18.0933 9448 Mcx2Svc - ok
15:26:18.0964 9448 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:26:18.0979 9448 megasas - ok
15:26:19.0011 9448 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:26:19.0011 9448 MegaSR - ok
15:26:19.0151 9448 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
15:26:19.0151 9448 MEIx64 - ok
15:26:19.0354 9448 Microsoft SharePoint Workspace Audit Service - ok
15:26:19.0447 9448 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:26:19.0447 9448 MMCSS - ok
15:26:19.0525 9448 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:26:19.0525 9448 Modem - ok
15:26:19.0603 9448 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:26:19.0603 9448 monitor - ok
15:26:19.0915 9448 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:26:19.0915 9448 mouclass - ok
15:26:20.0009 9448 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:26:20.0009 9448 mouhid - ok
15:26:20.0087 9448 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:26:20.0103 9448 mountmgr - ok
15:26:20.0227 9448 [ 6380FF81DD4D78B23398752D2F46EA43 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:26:20.0227 9448 MozillaMaintenance - ok
15:26:20.0321 9448 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:26:20.0321 9448 mpio - ok
15:26:20.0368 9448 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:26:20.0368 9448 mpsdrv - ok
15:26:20.0446 9448 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:26:20.0461 9448 MpsSvc - ok
15:26:20.0539 9448 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:26:20.0539 9448 MRxDAV - ok
15:26:20.0586 9448 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:26:20.0602 9448 mrxsmb - ok
15:26:20.0649 9448 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:26:20.0649 9448 mrxsmb10 - ok
15:26:20.0664 9448 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:26:20.0664 9448 mrxsmb20 - ok
15:26:20.0695 9448 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:26:20.0695 9448 msahci - ok
15:26:20.0773 9448 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:26:20.0773 9448 msdsm - ok
15:26:20.0820 9448 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:26:20.0836 9448 MSDTC - ok
15:26:20.0898 9448 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:26:20.0898 9448 Msfs - ok
15:26:20.0945 9448 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:26:20.0961 9448 mshidkmdf - ok
15:26:20.0992 9448 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:26:20.0992 9448 msisadrv - ok
15:26:21.0054 9448 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:26:21.0054 9448 MSiSCSI - ok
15:26:21.0070 9448 msiserver - ok
15:26:21.0179 9448 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:26:21.0179 9448 MSKSSRV - ok
15:26:21.0257 9448 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:26:21.0257 9448 MSPCLOCK - ok
15:26:21.0288 9448 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:26:21.0288 9448 MSPQM - ok
15:26:21.0319 9448 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:26:21.0335 9448 MsRPC - ok
15:26:21.0397 9448 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:26:21.0413 9448 mssmbios - ok
15:26:21.0491 9448 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:26:21.0491 9448 MSTEE - ok
15:26:21.0569 9448 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:26:21.0569 9448 MTConfig - ok
15:26:21.0663 9448 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:26:21.0663 9448 Mup - ok
15:26:21.0959 9448 [ 8F57DB74BF5407A4CDA6C8B005DC8DD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
15:26:21.0959 9448 MyWiFiDHCPDNS - ok
15:26:22.0037 9448 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:26:22.0053 9448 napagent - ok
15:26:22.0287 9448 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:26:22.0287 9448 NativeWifiP - ok
15:26:22.0521 9448 [ 56540E526B46E379A476FB5BC381B290 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130606.004\ENG64.SYS
15:26:22.0521 9448 NAVENG - ok
15:26:22.0677 9448 [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130606.004\EX64.SYS
15:26:22.0739 9448 NAVEX15 - ok
15:26:22.0895 9448 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:26:22.0911 9448 NDIS - ok
15:26:22.0973 9448 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:26:22.0973 9448 NdisCap - ok
15:26:23.0098 9448 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:26:23.0098 9448 NdisTapi - ok
15:26:23.0129 9448 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:26:23.0129 9448 Ndisuio - ok
15:26:23.0145 9448 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:26:23.0160 9448 NdisWan - ok
15:26:23.0207 9448 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:26:23.0207 9448 NDProxy - ok
15:26:23.0301 9448 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:26:23.0301 9448 NetBIOS - ok
15:26:23.0347 9448 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:26:23.0347 9448 NetBT - ok
15:26:23.0394 9448 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:26:23.0394 9448 Netlogon - ok
15:26:23.0441 9448 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:26:23.0457 9448 Netman - ok
15:26:23.0581 9448 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:26:23.0815 9448 NetMsmqActivator - ok
15:26:23.0847 9448 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:26:23.0847 9448 NetPipeActivator - ok
15:26:23.0925 9448 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:26:23.0940 9448 netprofm - ok
15:26:23.0987 9448 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:26:23.0987 9448 NetTcpActivator - ok
15:26:23.0987 9448 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:26:23.0987 9448 NetTcpPortSharing - ok
15:26:25.0063 9448 [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
15:26:25.0266 9448 NETwNs64 - ok
15:26:25.0344 9448 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:26:25.0344 9448 nfrd960 - ok
15:26:25.0578 9448 [ 241BD3019FB31E812A51B31B06906335 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
15:26:25.0578 9448 NIS - ok
15:26:25.0906 9448 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:26:25.0921 9448 NlaSvc - ok
15:26:25.0999 9448 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:26:25.0999 9448 Npfs - ok
15:26:26.0077 9448 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:26:26.0077 9448 nsi - ok
15:26:26.0124 9448 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:26:26.0124 9448 nsiproxy - ok
15:26:26.0327 9448 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:26:26.0405 9448 Ntfs - ok
15:26:26.0436 9448 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:26:26.0436 9448 Null - ok
15:26:26.0499 9448 [ 9A33100AC62A0463C49E47EE8E77083A ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
15:26:26.0514 9448 nusb3hub - ok
15:26:26.0561 9448 [ 87C321F7BEE646B7EC6EEDD6EB725741 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:26:26.0561 9448 nusb3xhc - ok
15:26:26.0795 9448 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
15:26:26.0811 9448 NVENETFD - ok
15:26:26.0842 9448 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:26:26.0842 9448 nvraid - ok
15:26:26.0935 9448 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:26:26.0935 9448 nvstor - ok
15:26:27.0013 9448 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:26:27.0013 9448 nv_agp - ok
15:26:27.0076 9448 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:26:27.0076 9448 ohci1394 - ok
15:26:27.0154 9448 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:26:27.0169 9448 ose - ok
15:26:27.0700 9448 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:26:27.0840 9448 osppsvc - ok
15:26:28.0012 9448 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:26:28.0027 9448 p2pimsvc - ok
15:26:28.0121 9448 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:26:28.0121 9448 p2psvc - ok
15:26:28.0183 9448 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
15:26:28.0183 9448 Parport - ok
15:26:28.0261 9448 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:26:28.0277 9448 partmgr - ok
15:26:28.0464 9448 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:26:28.0464 9448 PcaSvc - ok
15:26:28.0542 9448 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:26:28.0542 9448 pci - ok
15:26:28.0573 9448 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:26:28.0573 9448 pciide - ok
15:26:28.0698 9448 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:26:28.0698 9448 pcmcia - ok
15:26:28.0776 9448 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:26:28.0776 9448 pcw - ok
15:26:28.0839 9448 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:26:28.0854 9448 PEAUTH - ok
15:26:29.0010 9448 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:26:29.0026 9448 PerfHost - ok
15:26:29.0182 9448 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:26:29.0197 9448 pla - ok
15:26:29.0307 9448 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:26:29.0322 9448 PlugPlay - ok
15:26:29.0385 9448 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:26:29.0385 9448 PNRPAutoReg - ok
15:26:29.0447 9448 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:26:29.0463 9448 PNRPsvc - ok
15:26:29.0525 9448 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:26:29.0541 9448 PolicyAgent - ok
15:26:29.0603 9448 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:26:29.0619 9448 Power - ok
15:26:29.0743 9448 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:26:29.0743 9448 PptpMiniport - ok
15:26:29.0868 9448 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:26:29.0868 9448 Processor - ok
15:26:30.0024 9448 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:26:30.0024 9448 ProfSvc - ok
15:26:30.0071 9448 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:26:30.0087 9448 ProtectedStorage - ok
15:26:30.0445 9448 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:26:30.0461 9448 Psched - ok
15:26:30.0711 9448 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:26:30.0757 9448 ql2300 - ok
15:26:30.0804 9448 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:26:30.0804 9448 ql40xx - ok
15:26:30.0835 9448 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:26:30.0835 9448 QWAVE - ok
15:26:30.0867 9448 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:26:30.0867 9448 QWAVEdrv - ok
15:26:30.0898 9448 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:26:30.0898 9448 RasAcd - ok
15:26:30.0945 9448 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:26:30.0945 9448 RasAgileVpn - ok
15:26:30.0976 9448 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:26:30.0976 9448 RasAuto - ok
15:26:31.0007 9448 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:26:31.0007 9448 Rasl2tp - ok
15:26:31.0038 9448 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:26:31.0054 9448 RasMan - ok
15:26:31.0101 9448 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:26:31.0101 9448 RasPppoe - ok
15:26:31.0210 9448 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:26:31.0225 9448 RasSstp - ok
15:26:31.0303 9448 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:26:31.0303 9448 rdbss - ok
15:26:31.0350 9448 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
15:26:31.0350 9448 rdpbus - ok
15:26:31.0491 9448 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:26:31.0491 9448 RDPCDD - ok
15:26:31.0522 9448 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:26:31.0522 9448 RDPENCDD - ok
15:26:31.0584 9448 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:26:31.0584 9448 RDPREFMP - ok
15:26:31.0709 9448 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:26:31.0709 9448 RDPWD - ok
15:26:31.0818 9448 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:26:31.0834 9448 rdyboost - ok
15:26:32.0083 9448 [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:26:32.0099 9448 RegSrvc - ok
15:26:32.0146 9448 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:26:32.0146 9448 RemoteAccess - ok
15:26:32.0224 9448 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:26:32.0224 9448 RemoteRegistry - ok
15:26:32.0458 9448 [ E7062DBD907E0C5CEEB5ABDAF07E6B32 ] RosettaStoneDaemon C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
15:26:32.0474 9448 RosettaStoneDaemon - ok
15:26:32.0598 9448 [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
15:26:32.0614 9448 RoxioNow Service - ok
15:26:32.0661 9448 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:26:32.0661 9448 RpcEptMapper - ok
15:26:32.0692 9448 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:26:32.0692 9448 RpcLocator - ok
15:26:32.0708 9448 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:26:32.0708 9448 RpcSs - ok
15:26:32.0817 9448 [ 1F5E7AF59B390261A85F5BEDB1BB88B3 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
15:26:32.0817 9448 RSPCIESTOR - ok
15:26:33.0004 9448 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:26:33.0004 9448 rspndr - ok
15:26:33.0129 9448 [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:26:33.0129 9448 RTL8167 - ok
15:26:33.0144 9448 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:26:33.0144 9448 SamSs - ok
15:26:33.0222 9448 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:26:33.0222 9448 sbp2port - ok
15:26:33.0285 9448 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:26:33.0300 9448 SCardSvr - ok
15:26:33.0332 9448 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:26:33.0332 9448 scfilter - ok
15:26:33.0472 9448 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:26:33.0503 9448 Schedule - ok
15:26:33.0534 9448 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:26:33.0534 9448 SCPolicySvc - ok
15:26:33.0659 9448 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:26:33.0659 9448 sdbus - ok
15:26:33.0753 9448 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:26:33.0768 9448 SDRSVC - ok
15:26:33.0846 9448 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:26:33.0846 9448 secdrv - ok
15:26:33.0878 9448 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:26:33.0893 9448 seclogon - ok
15:26:33.0940 9448 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:26:33.0956 9448 SENS - ok
15:26:34.0080 9448 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:26:34.0080 9448 SensrSvc - ok
15:26:34.0174 9448 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
15:26:34.0174 9448 Serenum - ok
15:26:34.0205 9448 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
15:26:34.0205 9448 Serial - ok
15:26:34.0346 9448 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:26:34.0361 9448 sermouse - ok
15:26:34.0424 9448 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:26:34.0439 9448 SessionEnv - ok
15:26:34.0486 9448 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:26:34.0502 9448 sffdisk - ok
15:26:34.0548 9448 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:26:34.0548 9448 sffp_mmc - ok
15:26:34.0564 9448 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:26:34.0564 9448 sffp_sd - ok
15:26:34.0595 9448 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:26:34.0595 9448 sfloppy - ok
15:26:34.0767 9448 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
15:26:34.0798 9448 Sftfs - ok
15:26:35.0001 9448 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:26:35.0016 9448 sftlist - ok
15:26:35.0063 9448 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:26:35.0079 9448 Sftplay - ok
15:26:35.0110 9448 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:26:35.0110 9448 Sftredir - ok
15:26:35.0172 9448 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
15:26:35.0172 9448 Sftvol - ok
15:26:35.0235 9448 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:26:35.0250 9448 sftvsa - ok
15:26:35.0406 9448 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:26:35.0406 9448 SharedAccess - ok
15:26:35.0469 9448 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:26:35.0484 9448 ShellHWDetection - ok
15:26:35.0562 9448 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:26:35.0562 9448 SiSRaid2 - ok
15:26:35.0594 9448 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:26:35.0609 9448 SiSRaid4 - ok
15:26:35.0781 9448 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:26:35.0781 9448 Smb - ok
15:26:35.0968 9448 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:26:35.0968 9448 SNMPTRAP - ok
15:26:36.0077 9448 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:26:36.0077 9448 spldr - ok
15:26:36.0233 9448 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:26:36.0327 9448 Spooler - ok
15:26:36.0732 9448 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:26:36.0764 9448 sppsvc - ok
15:26:36.0826 9448 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:26:36.0826 9448 sppuinotify - ok
15:26:37.0185 9448 [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP C:\Windows\System32\Drivers\NISx64\1403010.016\SRTSP64.SYS
15:26:37.0200 9448 SRTSP - ok
15:26:37.0278 9448 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\NISx64\1403010.016\SRTSPX64.SYS
15:26:37.0278 9448 SRTSPX - ok
15:26:37.0372 9448 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:26:37.0388 9448 srv - ok
15:26:37.0419 9448 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:26:37.0419 9448 srv2 - ok
15:26:37.0559 9448 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:26:37.0575 9448 SrvHsfHDA - ok
15:26:37.0918 9448 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:26:37.0996 9448 SrvHsfV92 - ok
15:26:38.0355 9448 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:26:38.0386 9448 SrvHsfWinac - ok
15:26:38.0417 9448 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:26:38.0417 9448 srvnet - ok
15:26:38.0464 9448 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:26:38.0464 9448 SSDPSRV - ok
15:26:38.0495 9448 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:26:38.0511 9448 SstpSvc - ok
15:26:39.0213 9448 [ 86678C2F5081FEA3517D78E92230B5FF ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
15:26:39.0213 9448 STacSV - ok
15:26:39.0275 9448 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:26:39.0275 9448 stexstor - ok
15:26:39.0494 9448 [ 74387B34B43F94E380608888C56A5CCD ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
15:26:39.0494 9448 STHDA - ok
15:26:39.0743 9448 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:26:39.0774 9448 stisvc - ok
15:26:39.0821 9448 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:26:39.0821 9448 swenum - ok
15:26:40.0040 9448 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:26:40.0055 9448 swprv - ok
15:26:40.0336 9448 [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS C:\Windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS
15:26:40.0336 9448 SymDS - ok
15:26:40.0726 9448 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\Windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS
15:26:40.0835 9448 SymEFA - ok
15:26:41.0054 9448 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:26:41.0054 9448 SymEvent - ok
15:26:41.0303 9448 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS
15:26:41.0303 9448 SymIRON - ok
15:26:41.0568 9448 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS
15:26:41.0568 9448 SymNetS - ok
15:26:42.0224 9448 [ C447977ED2A4AE9346FE3A0579A34D7C ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:26:42.0270 9448 SynTP - ok
15:26:42.0676 9448 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:26:42.0723 9448 SysMain - ok
15:26:42.0832 9448 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:26:42.0832 9448 TabletInputService - ok
15:26:42.0879 9448 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:26:42.0894 9448 TapiSrv - ok
15:26:42.0957 9448 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:26:42.0957 9448 TBS - ok
15:26:43.0300 9448 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:26:43.0378 9448 Tcpip - ok
15:26:43.0550 9448 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:26:43.0565 9448 TCPIP6 - ok
15:26:43.0737 9448 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:26:43.0737 9448 tcpipreg - ok
15:26:43.0924 9448 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:26:43.0924 9448 TDPIPE - ok
15:26:44.0392 9448 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:26:44.0392 9448 TDTCP - ok
15:26:44.0423 9448 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:26:44.0423 9448 tdx - ok
15:26:44.0844 9448 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:26:44.0907 9448 TermDD - ok
15:26:45.0203 9448 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:26:45.0219 9448 TermService - ok
15:26:45.0250 9448 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:26:45.0266 9448 Themes - ok
15:26:45.0453 9448 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:26:45.0453 9448 THREADORDER - ok
15:26:45.0531 9448 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:26:45.0531 9448 TrkWks - ok
15:26:45.0796 9448 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:26:45.0812 9448 TrustedInstaller - ok
15:26:46.0014 9448 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:26:46.0014 9448 tssecsrv - ok
15:26:46.0124 9448 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:26:46.0124 9448 TsUsbFlt - ok
15:26:46.0233 9448 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:26:46.0233 9448 TsUsbGD - ok
15:26:46.0451 9448 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:26:46.0451 9448 tunnel - ok
15:26:46.0576 9448 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:26:46.0576 9448 uagp35 - ok
15:26:46.0732 9448 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:26:53.0502 9448 udfs - ok
15:26:53.0658 9448 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:26:53.0658 9448 UI0Detect - ok
15:26:54.0173 9448 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:26:54.0173 9448 uliagpkx - ok
15:26:54.0704 9448 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:26:54.0704 9448 umbus - ok
15:26:55.0172 9448 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
15:26:55.0172 9448 UmPass - ok
15:26:59.0352 9448 [ A678E5DDD974903DD71F503BDCACA218 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:26:59.0446 9448 UNS - ok
15:27:00.0101 9448 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:27:00.0101 9448 upnphost - ok
15:27:00.0491 9448 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:27:00.0491 9448 USBAAPL64 - ok
15:27:00.0819 9448 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:27:00.0834 9448 usbccgp - ok
15:27:01.0349 9448 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:27:01.0349 9448 usbcir - ok
15:27:01.0661 9448 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
15:27:01.0661 9448 usbehci - ok
15:27:02.0254 9448 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:27:02.0535 9448 usbhub - ok
15:27:02.0940 9448 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:27:02.0940 9448 usbohci - ok
15:27:03.0268 9448 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:27:03.0268 9448 usbprint - ok
15:27:03.0642 9448 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:27:03.0642 9448 usbscan - ok
15:27:03.0876 9448 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:27:03.0876 9448 USBSTOR - ok
15:27:04.0188 9448 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:27:04.0188 9448 usbuhci - ok
15:27:04.0485 9448 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:27:04.0703 9448 usbvideo - ok
15:27:05.0405 9448 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:27:05.0405 9448 UxSms - ok
15:27:05.0655 9448 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:27:05.0655 9448 VaultSvc - ok
15:27:05.0904 9448 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:27:05.0904 9448 vdrvroot - ok
15:27:07.0262 9448 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:27:07.0308 9448 vds - ok
15:27:07.0761 9448 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:27:07.0761 9448 vga - ok
15:27:08.0166 9448 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:27:08.0166 9448 VgaSave - ok
15:27:09.0290 9448 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:27:09.0399 9448 vhdmp - ok
15:27:09.0882 9448 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:27:09.0882 9448 viaide - ok
15:27:10.0038 9448 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:27:10.0038 9448 volmgr - ok
15:27:10.0428 9448 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:27:10.0631 9448 volmgrx - ok
15:27:11.0567 9448 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:27:11.0567 9448 volsnap - ok
15:27:12.0425 9448 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:27:12.0675 9448 vsmraid - ok
15:27:14.0204 9448 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:27:14.0297 9448 VSS - ok
15:27:14.0500 9448 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:27:14.0500 9448 vwifibus - ok
15:27:14.0921 9448 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:27:14.0921 9448 vwififlt - ok
15:27:15.0124 9448 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:27:15.0124 9448 vwifimp - ok
15:27:15.0842 9448 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:27:15.0842 9448 W32Time - ok
15:27:15.0951 9448 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:27:15.0951 9448 WacomPen - ok
15:27:16.0481 9448 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:27:16.0481 9448 WANARP - ok
15:27:16.0824 9448 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:27:16.0824 9448 Wanarpv6 - ok
15:27:18.0556 9448 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:27:18.0665 9448 WatAdminSvc - ok
15:27:20.0818 9448 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:27:20.0912 9448 wbengine - ok
15:27:21.0676 9448 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:27:21.0676 9448 WbioSrvc - ok
15:27:21.0723 9448 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:27:21.0738 9448 wcncsvc - ok
15:27:22.0160 9448 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:27:22.0160 9448 WcsPlugInService - ok
15:27:22.0456 9448 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:27:22.0456 9448 Wd - ok
15:27:23.0314 9448 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:27:23.0486 9448 Wdf01000 - ok
15:27:23.0907 9448 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:27:23.0907 9448 WdiServiceHost - ok
15:27:23.0969 9448 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:27:23.0969 9448 WdiSystemHost - ok
15:27:24.0422 9448 [ 5E1640435DD54D00451156CA5340B109 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
15:27:24.0422 9448 wdkmd - ok
15:27:25.0046 9448 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:27:25.0046 9448 WebClient - ok
15:27:25.0670 9448 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:27:25.0732 9448 Wecsvc - ok
15:27:25.0904 9448 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:27:25.0904 9448 wercplsupport - ok
15:27:25.0982 9448 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:27:25.0982 9448 WerSvc - ok
15:27:26.0403 9448 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:27:26.0403 9448 WfpLwf - ok
15:27:26.0699 9448 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:27:26.0949 9448 WIMMount - ok
15:27:27.0167 9448 WinDefend - ok
15:27:27.0183 9448 WinHttpAutoProxySvc - ok
15:27:28.0290 9448 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:27:28.0446 9448 Winmgmt - ok
15:27:29.0975 9448 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:27:30.0131 9448 WinRM - ok
15:27:30.0584 9448 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
15:27:30.0584 9448 WinUsb - ok
15:27:31.0473 9448 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:27:31.0598 9448 Wlansvc - ok
15:27:32.0627 9448 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:27:33.0314 9448 wlcrasvc - ok
15:27:36.0184 9448 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:27:36.0340 9448 wlidsvc - ok
15:27:36.0418 9448 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:27:36.0418 9448 WmiAcpi - ok
15:27:36.0746 9448 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:27:36.0746 9448 wmiApSrv - ok
15:27:37.0026 9448 WMPNetworkSvc - ok
15:27:37.0572 9448 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:27:37.0572 9448 WPCSvc - ok
15:27:37.0931 9448 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:27:38.0009 9448 WPDBusEnum - ok
15:27:38.0399 9448 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:27:38.0399 9448 ws2ifsl - ok
15:27:38.0805 9448 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
15:27:38.0805 9448 wscsvc - ok
15:27:39.0164 9448 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
15:27:39.0179 9448 WSDPrintDevice - ok
15:27:39.0179 9448 WSearch - ok
15:27:41.0816 9448 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:27:42.0206 9448 wuauserv - ok
15:27:42.0627 9448 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:27:42.0627 9448 WudfPf - ok
15:27:43.0469 9448 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:27:43.0563 9448 WUDFRd - ok
15:27:43.0797 9448 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:27:43.0922 9448 wudfsvc - ok
15:27:44.0483 9448 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
15:27:44.0483 9448 WwanSvc - ok
15:27:44.0499 9448 ================ Scan global ===============================
15:27:44.0951 9448 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:27:45.0591 9448 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:27:45.0684 9448 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:27:46.0137 9448 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:27:47.0213 9448 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:27:47.0276 9448 [Global] - ok
15:27:47.0291 9448 ================ Scan MBR ==================================
15:27:47.0572 9448 [ C3C93F1CA51BBACBABEA804D2CC62CA1 ] \Device\Harddisk0\DR0
15:27:47.0572 9448 Suspicious mbr (Forged): \Device\Harddisk0\DR0
15:27:48.0524 9448 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - infected
15:27:48.0524 9448 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Harbinger.a (0)
15:27:48.0555 9448 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
15:27:48.0586 9448 \Device\Harddisk1\DR1 - ok
15:27:48.0586 9448 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
15:27:48.0586 9448 \Device\Harddisk2\DR2 - ok
15:27:48.0602 9448 ================ Scan VBR ==================================
15:27:48.0773 9448 [ B5E91D37884BEE1B6BCE5460A7E18CA6 ] \Device\Harddisk0\DR0\Partition1
15:27:48.0992 9448 \Device\Harddisk0\DR0\Partition1 - ok
15:27:49.0085 9448 [ 161BABDB21E23557C0DDB5F9A5460383 ] \Device\Harddisk0\DR0\Partition2
15:27:49.0241 9448 \Device\Harddisk0\DR0\Partition2 - ok
15:27:49.0413 9448 [ 9DB2B2255F5274D3600C833DCBC0E557 ] \Device\Harddisk0\DR0\Partition3
15:27:49.0631 9448 \Device\Harddisk0\DR0\Partition3 - ok
15:27:49.0756 9448 [ 74A91F21C0E0785331DA8D6977B3127C ] \Device\Harddisk0\DR0\Partition4
15:27:50.0115 9448 \Device\Harddisk0\DR0\Partition4 - ok
15:27:50.0130 9448 [ C15E52ECF2DD066383BA349DD0D989E8 ] \Device\Harddisk1\DR1\Partition1
15:27:50.0130 9448 \Device\Harddisk1\DR1\Partition1 - ok
15:27:50.0130 9448 [ 9FCA7CF6C04E9109D9C243139B3BAE52 ] \Device\Harddisk2\DR2\Partition1
15:27:50.0130 9448 \Device\Harddisk2\DR2\Partition1 - ok
15:27:50.0130 9448 ============================================================
15:27:50.0130 9448 Scan finished
15:27:50.0130 9448 ============================================================
15:27:50.0146 9392 Detected object count: 1
15:27:50.0146 9392 Actual detected object count: 1
15:27:58.0086 9392 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - skipped by user
15:27:58.0086 9392 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Skip
15:28:06.0839 9708 Deinitialize success

Psychotic · June 7, 2013

Please read and follow these instructions carefully.

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
When the scan is finished, select cure for the following entry.
```
Rootkit.Boot.Harbinger.a
```
Hit continue.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

Then give Combofix another try and post up the log.

DSDragon · June 7, 2013

Here's the post-cure TDSSkiller log. The Combofix log (if it works this time) will be in the next post.

15:52:41.0027 7864 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:52:41.0448 7864 ============================================================
15:52:41.0448 7864 Current date / time: 2013/06/07 15:52:41.0448
15:52:41.0448 7864 SystemInfo:
15:52:41.0448 7864
15:52:41.0448 7864 OS Version: 6.1.7601 ServicePack: 1.0
15:52:41.0448 7864 Product type: Workstation
15:52:41.0448 7864 ComputerName: DARCYNEWLAPTOP
15:52:41.0448 7864 UserName: Darcy
15:52:41.0448 7864 Windows directory: C:\Windows
15:52:41.0448 7864 System windows directory: C:\Windows
15:52:41.0448 7864 Running under WOW64
15:52:41.0448 7864 Processor architecture: Intel x64
15:52:41.0448 7864 Number of processors: 4
15:52:41.0448 7864 Page size: 0x1000
15:52:41.0448 7864 Boot type: Normal boot
15:52:41.0448 7864 ============================================================
15:52:41.0542 7864 BG loaded
15:52:41.0963 7864 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:52:41.0978 7864 Drive \Device\Harddisk1\DR1 - Size: 0x3C8C0000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:52:41.0994 7864 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB5E00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:52:42.0010 7864 ============================================================
15:52:42.0010 7864 \Device\Harddisk0\DR0:
15:52:42.0010 7864 MBR partitions:
15:52:42.0010 7864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:52:42.0010 7864 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48B41000
15:52:42.0010 7864 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x48BA5000, BlocksNum 0x1C7F000
15:52:42.0010 7864 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
15:52:42.0010 7864 \Device\Harddisk1\DR1:
15:52:42.0010 7864 MBR partitions:
15:52:42.0010 7864 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0xF9, BlocksNum 0x1E4407
15:52:42.0010 7864 \Device\Harddisk2\DR2:
15:52:42.0010 7864 MBR partitions:
15:52:42.0010 7864 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1
15:52:42.0010 7864 ============================================================
15:52:42.0041 7864 C: <-> \Device\Harddisk0\DR0\Partition2
15:52:42.0244 7864 D: <-> \Device\Harddisk0\DR0\Partition3
15:52:42.0322 7864 G: <-> \Device\Harddisk2\DR2\Partition1
15:52:42.0353 7864 H: <-> \Device\Harddisk0\DR0\Partition4
15:52:42.0353 7864 ============================================================
15:52:42.0353 7864 Initialize success
15:52:42.0353 7864 ============================================================
15:53:20.0588 3372 Deinitialize success

DSDragon · June 7, 2013

ComboFix worked this time. Here is the log. Norton keeps popping up with alerts, saying the same things about stopping threats to my computer, but every time it pops up (which is every few seconds, and very annoying when I'm trying to do something that takes time) it always says the same exact thing. There's something about a malicious Java update, and something about a malware software cloud.

ComboFix 13-06-03.06 - Darcy 06/07/2013 16:04:04.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2191 [GMT -4:00]
Running from: c:\users\Darcy\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\9F81.tmp
c:\programdata\Roaming
c:\users\Darcy\AppData\Local\assembly\tmp
c:\users\Darcy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0740BF29-46CA-4AD0-95AE-D7682B230E79}.xps
c:\users\Darcy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{26FBF935-8117-4604-96AA-C26B82EC6252}.xps
G:\Autorun.inf
G:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-05-07 to 2013-06-07 )))))))))))))))))))))))))))))))
.
.
2013-06-07 20:19 . 2013-06-07 20:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-07 19:54 . 2013-05-14 05:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7DF90B6-2A5F-44D1-A2E2-DF94659A5AEC}\mpengine.dll
2013-06-07 19:46 . 2013-06-07 19:46 -------- d-----w- C:\TDSSKiller_Quarantine
2013-06-05 14:38 . 2013-06-05 14:38 -------- d-----w- C:\a6501f7ec634e163b5501d7f798a45
2013-06-04 18:05 . 2013-06-04 18:05 -------- d-----w- c:\program files (x86)\My Toolbar
2013-06-04 16:01 . 2013-06-04 16:01 -------- d-----w- c:\users\Darcy\AppData\Local\Realityforge
2013-06-04 16:01 . 2013-06-04 16:01 -------- d-----w- c:\programdata\Realityforge
2013-06-04 16:01 . 2013-06-04 16:01 -------- d-----w- c:\users\Darcy\AppData\Local\IsolatedStorage
2013-06-04 16:01 . 2013-06-04 16:01 -------- d-----w- c:\program files\EpicTable
2013-06-02 22:52 . 2013-06-04 15:56 -------- d-----w- c:\programdata\NCH Software
2013-06-02 22:52 . 2013-06-04 15:56 -------- d-----w- c:\program files (x86)\NCH Software
2013-06-02 22:52 . 2013-06-02 22:53 -------- d-----w- c:\users\Darcy\AppData\Roaming\NCH Software
2013-06-02 22:20 . 2013-06-02 22:21 -------- d-----w- c:\users\Charles
2013-06-02 22:04 . 2013-02-05 07:25 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-06-02 22:04 . 2013-02-05 07:25 608080 ----a-w- c:\windows\system32\msvcp100.dll
2013-06-02 20:43 . 2013-06-02 20:45 -------- d-----w- c:\users\Guest
2013-05-24 16:02 . 2002-02-20 18:22 4141056 ----a-w- c:\windows\eyeQ Screen Saver.scr
2013-05-24 16:02 . 2013-05-24 16:02 -------- d-----w- c:\program files (x86)\Infinite Mind LC
2013-05-24 16:01 . 2001-09-05 08:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-05-24 16:01 . 2001-09-05 08:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-05-24 16:01 . 2001-09-05 08:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-05-24 16:01 . 2001-09-05 08:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-05-23 15:06 . 2011-03-11 10:23 221184 ----a-w- c:\windows\system32\HPToneCtrls64.dll
2013-05-23 15:06 . 2010-04-01 22:11 162304 ----a-w- c:\windows\system32\AESTAC64.dll
2013-05-23 15:06 . 2009-10-10 08:45 442368 ----a-w- c:\windows\system32\AESTEC64.dll
2013-05-23 15:06 . 2009-03-03 09:58 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2013-05-23 15:06 . 2013-06-02 08:23 -------- d-----w- c:\program files\IDT
2013-05-23 15:06 . 2011-03-11 10:23 4642816 ----a-w- c:\windows\system32\stlang64.dll
2013-05-23 15:06 . 2011-03-11 10:23 1523712 ----a-w- c:\windows\system32\IDTNC64.cpl
2013-05-23 15:06 . 2011-03-11 10:23 1128448 ----a-w- c:\windows\sttray64.exe
2013-05-20 18:24 . 2013-05-23 14:57 -------- d-----w- c:\users\Darcy\AppData\Roaming\player
2013-05-20 18:23 . 2013-05-20 18:23 -------- d-----w- c:\users\Darcy\AppData\Local\Programs
2013-05-20 18:23 . 2013-05-23 14:59 -------- d-----w- c:\users\Darcy\AppData\Local\DownloadTerms
2013-05-20 17:16 . 2013-06-07 20:18 -------- d-----w- c:\users\Darcy\AppData\Local\assembly
2013-05-20 16:53 . 2013-05-21 23:17 -------- d-----w- c:\users\Darcy\AppData\Local\Wide Angle Software
2013-05-20 16:52 . 2013-05-20 16:52 -------- d-----w- c:\program files (x86)\Wide Angle Software
2013-05-20 15:54 . 2013-05-20 15:54 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-20 15:54 . 2013-05-20 15:54 -------- d-----w- c:\program files\iTunes
2013-05-20 15:54 . 2013-05-20 15:54 -------- d-----w- c:\program files (x86)\iTunes
2013-05-20 15:54 . 2013-05-20 15:54 -------- d-----w- c:\program files\iPod
2013-05-16 01:04 . 2013-05-16 01:04 0 ----a-w- c:\windows\SysWow64\sho95FF.tmp
2013-05-16 00:51 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll
2013-05-16 00:51 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-16 00:51 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-15 22:00 . 2013-05-15 22:00 -------- d-----w- c:\users\Darcy\AppData\Local\Macromedia
2013-05-14 14:37 . 2013-05-14 14:37 -------- d-----w- C:\SearchProtect
2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 23:21 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-16 00:58 . 2012-09-25 05:48 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 21:59 . 2012-05-31 16:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 21:59 . 2012-05-31 16:11 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-06 00:59 . 2013-05-06 00:59 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-05-02 06:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-29 00:13 . 2013-04-29 00:13 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 05:49 . 2013-05-15 21:26 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 21:26 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 21:26 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 21:26 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 21:26 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 21:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 18:24 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-11 14:22 . 2011-08-19 20:01 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-03-19 06:04 . 2013-04-10 16:39 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 16:39 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 16:39 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 16:39 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 16:39 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 16:39 112640 ----a-w- c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OnlineBackupScheduler"="c:\program files\Online Backup\OnlineBackup.exe" [2012-02-29 595592]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-10-30 3093624]
"RealNetworks"="c:\users\Darcy\AppData\Local\RealNetworks\ugaulpro.dll" [2013-06-05 821760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2013-02-08 113288]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
.
c:\users\Darcy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MiniEYE-MiniREAD Launch.lnk - c:\program files (x86)\Infinite Mind LC\eyeQ\ARLaunch.exe [2013-5-24 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130606.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130606.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1403010.016\SYMNETS.SYS [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe [x]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 46677037
*NewlyCreated* - 78541054
*Deregistered* - 46677037
*Deregistered* - 78541054
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-31 21:59]
.
2013-05-09 c:\windows\Tasks\HPCeeScheduleForDarcy.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 418328]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.google.com/mail
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: ed.gov\fafsa
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Darcy\AppData\Roaming\Mozilla\Firefox\Profiles\hbc8jtwx.default\
FF - prefs.js: browser.startup.homepage - hxxp://nicheblitzkrieg.net/table-of-contents/|http://circular-knitting-needles.net/wp-admin/index.php
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - ExtSQL: 2013-05-05 21:01; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\Darcy\AppData\Roaming\Mozilla\Firefox\Profiles\hbc8jtwx.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: 2013-05-15 17:31; yjphoegzynpfmli@mmngjaksv.tbc; c:\users\Darcy\AppData\Roaming\Mozilla\Firefox\Profiles\hbc8jtwx.default\extensions\yjphoegzynpfmli@mmngjaksv.tbc.xpi
FF - ExtSQL: 2013-05-15 18:00; toolbar@shopathome.com; c:\users\Darcy\AppData\Roaming\Mozilla\Firefox\Profiles\hbc8jtwx.default\extensions\toolbar@shopathome.com
FF - ExtSQL: 2013-05-20 14:23; eoppnrqmocgit@fmwplidnapyokntwh.net; c:\program files (x86)\Mozilla Firefox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net
FF - ExtSQL: 1969-12-31 19:00; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; c:\users\Darcy\AppData\Roaming\Mozilla\Firefox\Profiles\hbc8jtwx.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - c:\users\Darcy\AppData\Local\DownloadTerms\temp.dat
Toolbar-!{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
Wow6432Node-HKCU-Run-Skype - c:\program files (x86)\Skype\Phone\Skype.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-SearchProtection - c:\programdata\Search Protection\_run.bat
Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
SafeBoot-46677037.sys
Toolbar-!{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{3027ABB3-6047-667F-1EEE-E762D6D83901} - c:\progra~3\INSTAL~1\{E4AB1~1\Setup.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-07 16:22:24
ComboFix-quarantined-files.txt 2013-06-07 20:22
.
Pre-Run: 549,153,902,592 bytes free
Post-Run: 555,506,401,280 bytes free
.
- - End Of File - - B5BD0086CB15D916923DDC0C65581B1D

Psychotic · June 8, 2013

Scan with adwCleaner

Please download AdwCleaner to your desktop.

Run adwcleaner.exe.
Hit delete.
When the run is finished, it will open up a text file.
Please post its contents within your next reply.
You´ll find the log file at C:\AdwCleaner[s1].txt also.

DSDragon · June 9, 2013

Here's the log:

# AdwCleaner v2.301 - Logfile created 06/09/2013 at 14:45:56
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Darcy - DARCYNEWLAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Darcy\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16483
[OK] Registry is clean.
-\\ Mozilla Firefox v21.0 (en-US)
File : C:\Users\Darcy\AppData\Roaming\Mozilla\Firefox\Profiles\hbc8jtwx.default\prefs.js
Deleted : user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;mapquest_40872;twitter_40883;e[...]
Deleted : user_pref("aol_toolbar.curtain.congrats", "n");
Deleted : user_pref("aol_toolbar.default.homepage.protection", false);
Deleted : user_pref("aol_toolbar.default.homepage.url", "");
Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
Deleted : user_pref("aol_toolbar.guid", "{C031D851-239B-8201-5126-E913D7C1E770}");
Deleted : user_pref("aol_toolbar.homepageprotection.enabled", false);
Deleted : user_pref("aol_toolbar.install.distroid", "aol");
Deleted : user_pref("aol_toolbar.install.homepage.label", "AOL.com");
Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.9430");
Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000020");
Deleted : user_pref("aol_toolbar.install.ncid", "");
Deleted : user_pref("aol_toolbar.metrics.activestampdate", "9");
Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "5");
Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2013");
Deleted : user_pref("aol_toolbar.metrics.log", false);
Deleted : user_pref("aol_toolbar.metrics.originalDate", "5");
Deleted : user_pref("aol_toolbar.metrics.originalHours", "4");
Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0");
Deleted : user_pref("aol_toolbar.metrics.originalMonth", "6");
Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0");
Deleted : user_pref("aol_toolbar.metrics.originalYear", "2013");
Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
Deleted : user_pref("aol_toolbar.remote.publish.xml", "1370800000428");
Deleted : user_pref("aol_toolbar.reset.flag", "3");
Deleted : user_pref("aol_toolbar.reset.style", "B");
Deleted : user_pref("aol_toolbar.resetprompt.daily.num", "1");
Deleted : user_pref("aol_toolbar.resetprompt.daily.timestamp", "1370546316185");
Deleted : user_pref("aol_toolbar.resetprompt.display.limit", "8");
Deleted : user_pref("aol_toolbar.rtw.active", false);
Deleted : user_pref("aol_toolbar.search.button", true);
Deleted : user_pref("aol_toolbar.search.cid", "05-06-2013");
Deleted : user_pref("aol_toolbar.search.instd", "EA0D36F9B5F041CD96CA4027CAAA9675");
Deleted : user_pref("aol_toolbar.search.oid", "05-06-2013");
Deleted : user_pref("aol_toolbar.search.placement", "right");
Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
Deleted : user_pref("aol_toolbar.search.savehistory", false);
Deleted : user_pref("aol_toolbar.search.searchtype", "web");
Deleted : user_pref("aol_toolbar.search.source", "webpickaol-ff");
Deleted : user_pref("aol_toolbar.searchengine.label", "AOL Search");
Deleted : user_pref("aol_toolbar.searchprotection.enabled", false);
Deleted : user_pref("aol_toolbar.skin.custom", false);
Deleted : user_pref("aol_toolbar.surf.date", "18");
Deleted : user_pref("aol_toolbar.surf.lastDate", "9");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "5");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2013");
Deleted : user_pref("aol_toolbar.surf.month", "1156");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "0");
Deleted : user_pref("aol_toolbar.surf.total", "1160");
Deleted : user_pref("aol_toolbar.surf.week", "18");
Deleted : user_pref("aol_toolbar.surf.year", "1156");
Deleted : user_pref("aol_toolbar.ticker.active", false);
Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
Deleted : user_pref("aol_toolbar.weather.degc", "26");
Deleted : user_pref("aol_toolbar.weather.degf", "78");
Deleted : user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/34.png");
Deleted : user_pref("aol_toolbar.weather.locationid", "USNY0996");
Deleted : user_pref("aol_toolbar.weather.metric", true);
Deleted : user_pref("aol_toolbar.weather.tooltip", "New York , NY : Mostly Sunny");
Deleted : user_pref("aol_toolbar.weather.update", "1370800000475");
Deleted : user_pref("aol_toolbar.winamp.volume", "");
Deleted : user_pref("browser.startup.homepage", "hxxp://nicheblitzkrieg.net/making-money/|hxxps://mail.google.[...]
Deleted : user_pref("extensions.sahtb.searchEngineNameSAH", "Web Search");
Deleted : user_pref("extensions.sahtb.url.merchants.data", "<?xml version=\"1.0\" ?><MerchantSettings><v n=\"3[...]
Deleted : user_pref("extensions.sahtb.url.prefs.data", "<ToolbarPrefs>\r\n <XMLVersion Number=\"{bdd09e8b-8dee[...]
-\\ Google Chrome v [unable to get version]
File : C:\Users\Darcy\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[s3].txt - [5279 octets] - [09/06/2013 14:45:56]
########## EOF - C:\AdwCleaner[s3].txt - [5339 octets] ##########

Psychotic · June 9, 2013

OK - run combofix again and post the log.

AdvancedSetup · June 13, 2013

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Audio Ads When No Programs Open

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information